The Industrial Security Incident Database (ISID) is coming back to life. That’s the word from Eric Byres, who oversaw the database—a repository of information on industrial cyber security incidents—during his years as a research faculty member at the British Columbia Institute of Technology (BCIT), in Burnaby, British Columbia, Canada.After Byres left BCIT in mid-2006, the ISID fell dormant. “There was no internal support [at BCIT] and nobody driving it,” says Byres, chief technology officer at Byres Security Inc., in Lantzville, British Columbia, Canada. But now, “we’ve finally found a little funding, and we’re going to start an organization we call the ISID Institute to run the Database,” Byres told Automation World recently.The source of the funding cannot yet be revealed, says Byres, pending an official announcement, which he expects will come in about four to six weeks. “But let’s just say it’s a large government body.” During several years of operation at BCIT, reports from the database were issued intermittently, based on individual funding obtained on a report-by-report basis from corporate or government sources. But the new source of funding will be more stable and ongoing, according to Byres. As was the case at BCIT, the ISID Institute will collect information on cyber security incidents affecting industrial controls and supervisory control and data acquisition (SCADA) systems. Industries covered will include water/wastewater, power, oil and gas, and manufacturing. The kind of information collected in the database can serve as a valuable resource to industrial organizations in developing their own cyber security strategies, sources agree. But there is currently no central repository for industrial cyber security incidents. Dirty laundry“They’re hard to run,” says Byres. “I know DHS (the U.S. Department of Homeland Security) tried to build a database, but I don’t think they had a lot of traction. People are really reluctant to give you their dirty laundry unless they’re really sure that it’s not going to show up in the ‘The New York Times’ the next morning, or in a government file somewhere,” he asserts. “So the system that we set up at BCIT, and that we’re going to set up here, really is able to protect the identity of the contributors.”Byres says he is uncertain whether BCIT will maintain any involvement with the new ISID Institute. But he says that David Leversage, Ph.D., a professor that Byres worked with at BCIT, will be involved in the initiative.Byres Security Inc.www.byressecurity.com
Leaders relevant to this article: