The Repository for Industrial Security Incidents (RISI) records incidents of a cyber security nature that directly affect industrial Supervisory Control and Data Acquisition (SCADA) and process control systems. It is the largest known collection of incidents of this type. At the end of the 2009, the database contained a total of 175 records.
Each of the incidents has been thoroughly investigated and sensitive information has been removed to protect the confidentiality of the reporter. Incidents are indexed and categorized according to a long list of criteria and the data is analyzed. Events that cannot be confirmed are excluded from the analysis.
The analysis looks at where and when incidents occurred, the types of incidents and the people who executed them, the methods and techniques they used to gain entry, the results they achieved versus the results they were attempting, and finally the financial and operational impact on the “victims”.
The report also includes case studies of the incidents reported during the report term (quarterly reports include incidents reported in the prior quarter, annual reports includes incidents reported in the prior year). Case studies include descriptions of what happened, the impact of the incident, what the company did to avoid future incidents. In addition, RISI security experts provide recommendations of mitigation strategies to avoid similar incidents in the future. and lessons learned.
The report concludes with an interpretation of the results analyzing the rate at which incidents have occurred, the types and various pathways, the impact of incidents to date and finally a look into the future.
RISI Incident Categorization:
|RISI Annual Analysis Report||Report providing comprehensive expert analysis of all incidents in the RISI database with special emphasis on events reported in the last calendar year.|