CISA
Critical infrastructure
News
Vendors

NSA, CISA chooses Dragos’ Neighborhood Keeper for real-time sharing of intelligence across ICS/OT networks

February 15, 2022
NSA, CISA chooses Dragos’ Neighborhood Keeper for real-time sharing of intelligence across ICS/OT networks

Industrial cybersecurity vendor Dragos has entered into a public-private initiative with two key U.S. security agencies, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA). The move will use the company’s Neighborhood Keeper technology across ICS/OT networks to strengthen security and visibility across the nation’s critical infrastructure installations.

“Neighborhood Keeper will help these agencies gain a better understanding of whether capabilities that an adversary is developing could have a significant impact on US infrastructure and the private sector based on prevalence data,” Umair Masud, Dragos’ director of product, told Industrial Cyber. “They also can gain a better idea of the threat picture—such as which adversaries and their TTPs are active and observed in the community—to prioritize efforts and drive value to the community through information and recommendations,” he added. 

Umair Masud, director of product, Dragos
Umair Masud, director of product, Dragos

Additionally, they can assist with threat detection by developing and deploying detections that can be used quickly across the community, according to Masud. “Asset owners can then provide feedback on whether those vulnerabilities and threats were found,” he added. 

“The agencies will also be able to communicate directly with Neighborhood Keeper participants while the participants maintain complete anonymity, alerting participants to important situations they should be aware of, and even offering assistance if the participant wants it and chooses to engage,” Masud said.

Neighborhood Keeper was originally developed with the support of a 2018 award from the U.S. Department of Energy (DOE), as a free, optional opt-in, anonymized information-sharing network deployed across key sectors of industrial infrastructure and available to Dragos Platform customers. The technology has served various industrial infrastructure organizations since its launch in March 2019.

Neighborhood Keeper will be used by the NSA and CISA under Trusted Advisor roles, enabling their analysts to gain visibility into ICS/OT cyber threats facing the industrial infrastructure community, Dragos said. As Trusted Advisors, government analysts will be able to view anonymized, aggregate information about threat analytics, vulnerabilities, and indicators of compromise (IOC) as they are detected. 

Relevant threat intelligence can then be shared back to members in Neighborhood Keeper in real-time, enabling the greater infrastructure community to collectively defend itself against cyber adversaries, it added.

The data is collected and stored at the participant site as part of the normal operations of the Dragos Platform that the customer uses day in and day out, Masud said. “Data isn’t shared into Neighborhood Keeper but rather the insights on what threats and vulnerabilities are found. The power of the system is in the ability to see insights across all participants and federate them out across those,” he added.

“Having the NSA and CISA join Neighborhood Keeper as Trusted Advisors further advances the ability of industry and government to bolster our nation’s OT cybersecurity in a way that respects and protects data integrity and identity while providing meaningful insights,” Robert M. Lee, chief executive officer and co-founder at Dragos, said in a media statement on Monday. “The government’s willingness to collaborate through a solution that many of the infrastructure owners had chosen voluntarily is a testament to public-private partnerships done correctly to enhance national security.” 

“NSA partners with multiple cybersecurity and technology service providers, like Dragos, to help protect Defense Industrial Base, Department of Defense, and National Security Systems from a wide range of cyber threats such as those who target ICS/OT systems” Morgan Adamski, director at NSA Cybersecurity Collaboration Center, said. “This type of collaboration is a key piece in NSA’s strategy to identify and persistently counter foreign cyber threats to the DoD, complementing NSA’s own intelligence and cybersecurity sources,” she added.  

Last October, Dragos raised US$200 million in Series D funding at a valuation of $1.7 billion, reflecting increasing demand for OT cybersecurity techniques and solutions. The additional funding will help with the Hanover, Maryland-based company’s global expansion and support customers in key growth markets across diverse industries, including electric, oil and gas, chemical, pharmaceutical, food and beverage, water, and manufacturing.

Dragos had in June last year entered into a joint initiative with the North American Electric Reliability Corporation‘s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) for using the Neighborhood Keeper technology. The deal aimed to work towards strengthening collective defense and community-wide visibility for industrial cybersecurity in the North American electricity industry. 

The company also entered into alliances with the Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) in August, and with the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) in September to boost security and community-wide visibility for industrial cybersecurity in the North American oil and natural gas industry.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base