[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Non-Profit Targets Cyber-Security in Plants

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] Non-Profit Targets Cyber-Security in Plants
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Mon, 14 Sep 2009 02:13:35 -0500 (CDT)
Delivered-to: isn@xxxxxxxxxxxxxxx
List-archive: <http://www.infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Organization: InfoSec News - http://www.infosecnews.org/
Sender: isn-bounces@xxxxxxxxxxxxxxx

http://www.managingautomation.com/maonline/news/read/NonProfit_Targets_CyberSecurity_in_Plants_33037

By Stephanie Neil
MA Editorial Staff
September 12, 2009

The move from proprietary, non-networked control systems in the plant to
off-the-shelf, open applications that share information across
industrial and business networks is a double-edged sword for
manufacturers. On one side, people are more productive; on the other
side, SCADA and process control systems are falling victim to hackers
and network viruses.

Getting a handle on how to manage cyber-threats, however, has always
been a bit tricky. Reporting an industrial incident to organizations
such as the government-backed CERT program, which tracks Internet and
network security attacks, accidents, and failures, could expose a
companyâs network vulnerability or create a legal liability. As a
result, many manufacturers keep a lid on their own security issues,
which limits knowledge sharing that could help the industrial community
as a whole.

Enter the Security Incidents Organization, a newly formed non-profit
group that provides public access to its Repository of Industrial
Security Incidents (RISI). Established in July, the group maintains an
industry-wide repository for collecting, investigating, analyzing, and
sharing critical information regarding cyber-security incidents that
directly affect SCADA and process control systems.

The RISI database dates back to 2001, when it was housed at the British
Columbia Institute of Technology (BCIT) as part of a research project
that was shut down in 2006. At that time, BCIT faculty member Eric Byres
purchased the database and continued to collect data on incidents. His
company, Byres Research, was acquired by safety and security services
firm exida earlier this year.

[...]

________________________________________
Please Donate to the Ron Santo Walk to 
Cure Diabetes with Ethan's Crew!
http://www.c4i.org/ethan.html

Prev by Date: [ISN] Les Hinton to give evidence to Commons phone-hacking inquiry
Next by Date: [ISN] Linux Advisory Watch - September 11th 2009
Previous by thread: [ISN] Les Hinton to give evidence to Commons phone-hacking inquiry
Next by thread: [ISN] Linux Advisory Watch - September 11th 2009
Index(es):
- Date
- Thread