Nov 2, 2017
ICS-CERT and many others put out primarily statistics that are misleading or of little value, most often because the data source is not described or addressed correctly. The CyberX report is interesting because they are pulling hard data from 375 different ICS networks and some of the statistics were not what I expected. In this episode I talk with Phil Neray of CyberX about their Global ICS & IIoT Risk Report.
We start on the data. Who provided the data, how they collected the data, and how they brought the data back to CyberX for analysis. The data comes from OT networks, not from corporate networks from companies with ICS, which is where many other stats fall short.
Then we dive into some of the statistics including:
Throughout the discussion we talk about ways the statistics could be improved for future updates of the report. I'd welcome your suggestions and will pass them along to Phil.