We recently announced our partnership with Critical Intelligence, and you have seen their contribution to the Friday News and Notes blog entries. Another element of our partnership is a podcast on Critical Intelligence’s ICS Security Trends and Analysis Quarterly Report. In this first edition of that podcast I talk with Sean McBride about the Q1 2011 report.
Since this is the first podcast with Critical Intelligence we spend some time talking about how the report is structured and designed to be used. Sean also explains how he believes this report compares and differs with information products from ICS-CERT, RISI and NESCO. We will not go into these details on the mechanics of the report in future podcasts. The stories start at the 15 minute mark. You can request more information on the Quarterly Report, Weekly Report or other Critical Intelligence services on this form or at the Critical Intelligence website.
Getting into the report we talk about ICS vulnerability trends and expectations for the future. There is an exponential growth curve that eerily matches the quarterly disclosures to date in the National Vulnerability Database (NVD). Critical Intelligence is tracking ~150 vulnerabilities, half of which are in the NVD.
Next we get into NESCO and the other organizations trying to stake out a claim as a player in the electric sector. What is NESCO trying to accomplish, likely to accomplish and how will they measure success?
The podcast finishes up with a discussion of Critical Intelligence’s analysis of the FPL hoax. Sean talks about the main factors that pointed to it being hoax including a couple of new tidbits I hadn’t heard before.
Image by curtis.kennington