How It Works

RISI obtains security incident data from three sources. The primary source is through private incident reports submitted by members. Historically members include those who use industrial automation, engineers, operators, security professionals, and automation vendors. Second, RISI analysts continuously search public sources such as legal databases, news groups and the Internet for indications of publicly-reported incidents (such as the Australian sewage spill). Finally, incidents are collected through data sharing agreements with strategic partner organizations (such as the various international Information Sharing and Analysis Centers (ISACs).

When an event is either submitted by a RISI member or noted in a public forum, it is reviewed and verified by the RISI researchers. To protect the confidentiality of private contributors, any information that may identify the source of the incident (such as the contributor’s name, event location, or company details) is removed. The RISI researchers then attempts to ascertain the reliability of the report by verifying its details using standard investigative techniques. Each incident is then assigned one of four reliability ratings:

  • Confirmed
  • Likely but Unconfirmed
  • Unknown or Unlikely
  • Known Hoax/Urban Legend

Once the investigation, identity scrubbing and confidence rating is complete, the incident is entered into the working RISI Database.

RISI reports relevant statistics back to industry directly to its members via regular members-only reports. General information is also supplied to the industry as a whole through forums such as the Control Systems Cyber Security Conference, other relevant conferences, user group meetings and white papers.