Industrial cybersecurity company Dragos entered on Thursday into a joint initiative with the North American Electric Reliability Corporation‘s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) for using the Dragos Neighborhood Keeper technology. The deal works towards strengthening collective defense and community-wide visibility for industrial cybersecurity in the North American electricity industry.
The alliance will enable E-ISAC analysts to gain greater visibility into industrial control systems (ICS) cyber threats facing the electric sector through Dragos’ Neighborhood Keeper technology, which was originally developed with the support of an award from the U.S. Department of Energy.
Neighborhood Keeper is an approach used to share information that diminishes the risk to organizations by reducing the sensitivities around sharing and performing this task at machine speed. It is an opt-in on top of the Dragos Platform capable of detecting supply chain risks and equipment, vulnerabilities, and cyber threats that need to be identified and remediated, acting as a sort of collective defense, while enabling industry and government partners to leverage the system as a cyber national broadcasting service.
The Dragos Neighborhood Keeper technology was developed together with Ameren, First Energy, Idaho National Laboratory (INL), NERC’s E-ISAC, and Southern Company. Dragos had conducted in October 2018 research and developed novel methods to make ICS threat analytics and data accessible to smaller infrastructure providers, such as co-operatives and municipality providers serving local communities, who often lack resources to defend against targeted threats.
E-ISAC analysts will have the ability to view aggregated information about threat analytics and Indicators of Compromise (IoC) as they are detected within Neighborhood Keeper, and then share insights and trends derived from this information more broadly with all E-ISAC members, thereby enabling the community to collectively defend itself against cyber adversaries.
Dragos customers in the electricity sector will benefit from access to a larger pool of E-ISAC cybersecurity experts trained to analyze and provide feedback on threats and vulnerabilities, and collectively influence detection capabilities. Cyber threats targeting ICS/OT networks continue to increase in frequency and sophistication, but data collection and analysis are extremely limited for industrial defenders. As hackers can move through ICS/OT networks undetected, they are able to continually train and prepare for the next cyber attack.
“The electric community is keenly aware of the kind of cyber threats they face but to date has had to defend against those threats in isolation,” Robert M. Lee, Dragos’ chief executive officer and co-founder, said in a press statement. “Defending against state and criminal actors is entirely doable when the community operates as a collective and ensures that an attack on one member is seen by all of us.”
“The E-ISAC remains focused on threats to ICS/OT networks across the entire North American electricity industry,” said Manny Cancel, senior vice president of NERC and CEO of the E-ISAC. “Staying ahead of our adversaries is vital and our collaboration with Dragos on programs like Neighborhood Keeper underscores the importance we place on collective defense and threat intelligence sharing,”
Following the SolarWinds Orion supply chain attack in December, Dragos warned that the Orion platform could have led to a highly sophisticated supply chain exposure as about 18,000 organizations were affected. Out of these, it is likely that some of the nearly 2,000 North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulated power utilities may have been impacted—if not directly, then indirectly through their supply chain.
Dragos also investigated the Oldsmar water plant hack, where its researchers discovered that an unnamed Florida water utility contractor hosted malicious code on their website, which seemingly targeted water utilities, particularly in Florida. More significantly, the code was accessed by a browser from the city of Oldsmar on the same day of a poisoning event at the city’s water utility.
The hacker is believed to have inserted the malicious code into the footer file of the WordPress-based site associated with a Florida water infrastructure construction company, Dragos pointed out in its May report.