Attacks and Vulnerabilities
Building Management Systems
Critical infrastructure
Industries
Manufacturing
Mining, Oil & Gas
News
Transportation
Utilities: Energy & Power, Water, Waste

NERC to use Dragos Neighborhood Keeper for the electric sector

June 18, 2021
Dragos Neighborhood Keeper

Industrial cybersecurity company Dragos entered on Thursday into a joint initiative with the North American Electric Reliability Corporation‘s (NERC) Electricity Information Sharing and Analysis Center (E-ISAC) for using the Dragos Neighborhood Keeper technology. The deal works towards strengthening collective defense and community-wide visibility for industrial cybersecurity in the North American electricity industry.

The alliance will enable E-ISAC analysts to gain greater visibility into industrial control systems (ICS) cyber threats facing the electric sector through Dragos’ Neighborhood Keeper technology, which was originally developed with the support of an award from the U.S. Department of Energy. 

Neighborhood Keeper is an approach used to share information that diminishes the risk to organizations by reducing the sensitivities around sharing and performing this task at machine speed. It is an opt-in on top of the Dragos Platform capable of detecting supply chain risks and equipment, vulnerabilities, and cyber threats that need to be identified and remediated, acting as a sort of collective defense, while enabling industry and government partners to leverage the system as a cyber national broadcasting service. 

The Dragos Neighborhood Keeper technology was developed together with Ameren, First Energy, Idaho National Laboratory (INL), NERC’s E-ISAC, and Southern Company. Dragos had conducted in October 2018 research and developed novel methods to make ICS threat analytics and data accessible to smaller infrastructure providers, such as co-operatives and municipality providers serving local communities, who often lack resources to defend against targeted threats.

E-ISAC analysts will have the ability to view aggregated information about threat analytics and Indicators of Compromise (IoC) as they are detected within Neighborhood Keeper, and then share insights and trends derived from this information more broadly with all E-ISAC members, thereby enabling the community to collectively defend itself against cyber adversaries.

Dragos customers in the electricity sector will benefit from access to a larger pool of E-ISAC cybersecurity experts trained to analyze and provide feedback on threats and vulnerabilities, and collectively influence detection capabilities. Cyber threats targeting ICS/OT networks continue to increase in frequency and sophistication, but data collection and analysis are extremely limited for industrial defenders. As hackers can move through ICS/OT networks undetected, they are able to continually train and prepare for the next cyber attack. 

“The electric community is keenly aware of the kind of cyber threats they face but to date has had to defend against those threats in isolation,” Robert M. Lee, Dragos’ chief executive officer and co-founder, said in a press statement. “Defending against state and criminal actors is entirely doable when the community operates as a collective and ensures that an attack on one member is seen by all of us.”

“The E-ISAC remains focused on threats to ICS/OT networks across the entire North American electricity industry,” said Manny Cancel, senior vice president of NERC and CEO of the E-ISAC. “Staying ahead of our adversaries is vital and our collaboration with Dragos on programs like Neighborhood Keeper underscores the importance we place on collective defense and threat intelligence sharing,” 

Following the SolarWinds Orion supply chain attack in December, Dragos warned that the Orion platform could have led to a highly sophisticated supply chain exposure as about 18,000 organizations were affected. Out of these, it is likely that some of the nearly 2,000 North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulated power utilities may have been impacted—if not directly, then indirectly through their supply chain.

Dragos also investigated the Oldsmar water plant hack, where its researchers discovered that an unnamed Florida water utility contractor hosted malicious code on their website, which seemingly targeted water utilities, particularly in Florida. More significantly, the code was accessed by a browser from the city of Oldsmar on the same day of a poisoning event at the city’s water utility. 

The hacker is believed to have inserted the malicious code into the footer file of the WordPress-based site associated with a Florida water infrastructure construction company, Dragos pointed out in its May report. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape