Industrial Cyber-security Incidents Revealed

AutomationWorld (Iversen) - The number of control-system incidents in the water/wastewater industry rose sharply in 2009, while reported cyber incidents in the petroleum and chemical industries declined. cyber-security. Those are among trends detailed in the “2009 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems,” published on March 29 by the Security Incidents Organization (SIO, www.securityincidents.org).

The database, now known as the Repository of Industrial Security Incidents (RISI), currently houses about 175 confirmed cyber incidents affecting control systems, with some going back to the 1980s, says John Cusimano, SIO managing director, and director of security services at exida (www.exida.com), a Sellersville, Pa., safety and security firm.
Incidents rising

“We track the number of incidents per year. And even though the rate has moved up and down, when we do a linear interpolation, we can definitely see that the trend is increasing at probably 20 percent to 25 percent per year over the last decade,” says Cusimano. On average, confirmed industrial cyber incidents are now being reported at a rate of about 10 each calendar quarter, he notes.

The RISI database includes accidental cyber-related incidents, as well as deliberate events such as external hacks, denial-of-service attacks and virus or worm infiltrations that did or could have resulted in loss of control, loss of production or a process safety incident. About 25 percent of all reported incidents are the result of intentional, directed attacks, says Cusimano. Security incident data is obtained from three sources—private incident reports submitted by industrial companies, searches for publicly reported incidents and data-sharing agreements with various organizations.

The body of the 2009 Annual Report provides detailed analyses of the incident data and compares recent data to historical data to identify shifts or trends of interest. The analysis determines where and when the incidents occurred. It also identifies the types of incidents and the threat factors that executed them, the methods and techniques used to gain entry. Results achieved vs. the results that were attempted and the financial and operational impacts on the “victims” are included as well.

The kind of data collected and reported through RISI can serve as a valuable resource to industrial organizations in developing their own cyber-security strategies, sources agree. The 2009 Annual Report can be purchased individually or as part of a RISI Company or Corporate Membership, and is available through the SIO Web site.