One of the biggest fears among government officials and security experts is a crippling cyberattack on industrial organizations that provide essential services, such as electricity, water, oil and gas production, and manufacturing systems. The proprietary and complex nature of the operational technology (OT) tools used in these systems, not to mention their rapid convergence with IT technology, makes securing OT systems a chronic and high-risk challenge.
The growing demand for greater OT and industrial control systems (ICS) security expertise has resulted in the rise of a vibrant group of OT security companies that compete vigorously with each other for customers in the growing space. These competitors are putting aside their rivalries to collaborate on a new anonymous, open-source, vendor-neutral OT threat early warning system called ETHOS (Emerging Threat Open Sharing) that aims to share data on early threat indicators and discover new and emerging attacks. .
ETHOS community and board members include leading OT security companies: 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security. Created as a non-profit organization, ETHOS hopes to detect threats for which there is no intelligence or attack pattern available among stakeholders, with the goal of stopping them in their tracks before they can cause damage
The ETHOS concept is getting out of the gate with the endorsement of the US Cybersecurity and Infrastructure Agency (CISA), a boost that could give the initiative more traction. “The scale of threats facing critical infrastructure operators, and in particular operational technology networks, requires an approach to information sharing based on collaboration and interoperability,” he said. said Eric Goldstein, CISA’s deputy executive director of cybersecurity, in the press release announcing ETHOS. “CISA looks forward to continuing to support community-driven efforts to reduce the silos that prevent timely and effective information sharing. We look forward to working with these communities, including the ETHOS community, to improve early warning and response to potential cyber threats while adequately protecting sensitive information about our nation’s critical infrastructure community.”
Create something the “world has never seen”
“It’s important to have healthy companies competing in the market, working together for greater reach,” Andrea Carcano, co-founder and chief product officer at Nozomi Networks, tells CSO. “Outreach doesn’t involve dollars, it’s an initiative that makes our country, the United States in this case, but who knows potentially other governments or larger alliances, more aware of what’s going on in the field. The principle behind everything was “Let’s try to create something that the world has never seen. We try to really sit down, even though we compete really, really hard on the field, we try to be all together.'”
Marty Edwards, Deputy CTO of OT and IoT at Tenable, tells CSO, “ETHOS came about a couple of years ago. A group of competitors in the OT cybersecurity space got together and said, “We are not making enough progress. ‘ It became pretty clear that some of us had our own solutions for sharing information, but what the community was really missing was a vendor-agnostic, technology-neutral way to share all that threat information, regardless of whose cybersecurity platform had a client that we can gather it, analyze it, and get some early warning indicators out of that system.”
“ETHOS is intended to be a threat and attack information sharing system,” Brian Dunphy, vice president of product management at Claroty, tells CSO. “I think what sets it apart from other attempts by other vendors is that it aims to be vendor agnostic and open, so no matter what vendor you’re using, you can still benefit from this threat sharing system for better protect you as a user of critical infrastructure.”
ETHOS is still in its infancy
It is unclear at this nascent stage how precisely ETHOS will operate. One thing seems settled: all organizations, including public and private asset owners, can contribute to ETHOS at no cost, although individual companies on the board will have to pay an annual fee.
Carcano provides an example of how ETHOS might work, using four hypothetical oil and gas companies, each with their own unique technology where a suspicious IP address appears. ETHOS can correlate data between all contributors and warn, “Hey, watch out. In the same time period, the same IP appeared at four very different oil and gas companies spread across the country.”
Dunphy says, “Some of the initial things we expect to be shared are traditional threat indicators, whether it’s IP addresses, activated hash signatures, or other IOCs. [indicators of compromise] that are triggered So that’s the kind of set of Phase 1 indicators that we’re looking forward to sharing.”
Once the COIs are analyzed, “That should allow us to start seeing over time that we’re suddenly seeing an increase in that particular indicator, or we’re seeing a whole new set of indicators that we didn’t see before we started. to activate in a certain period of time. And so it can answer questions about, “Hey, we’re seeing these attacks, but are these attacks isolated? Are they wide? Are we seeing an increase in attacks of a certain nature? ‘”
How ETHOS will evolve over time
The group of companies has begun work on an early version of an ETHOS platform, with some of the code already written thanks to pro-bono work within the initial founding companies. ETHOS has no employees yet, but Carcano envisions ETHOS evolving along the lines of Linux open source software. Linux began as a group of volunteers, but eventually grew into an influential non-profit organization with its own employees. “ETHOS could be like that one day,” he says.
Edwards sees ETHOS evolving in two stages. “The first phase is for each of the member organizations that have cybersecurity products to integrate the API hooks into our environment so that we can provide data anonymously when the customer chooses to send the data to the ETHOS infrastructure for analysis” . He adds: “That’s not easy when you’re talking about a dozen different competitors or companies that have their own products and structures.”
The second stage, occurring in parallel with the first, is building the data analytics platform, which is where Edwards sees the federal government providing a big helping hand. “That’s where we’re hoping, and we’ve had pretty good conversations with organizations like CISA or the Department of Energy, that we can partner with some of the government analytics entities to help do some of the analytics lifting.” he says.
According to Edwards, the companies behind ETHOS are determined that no company owns ETHOS. “This is a community effort. We hope we can get a technologically neutral third party [to stand up ETHOS] and whether it’s a government entity, a think tank and an information exchange or, frankly, whether we need to defend our own entity under the non-profit.”
Dunphy says, “I believe that the community that we represent, the community that we protect, will benefit from collective defense of the shared threat over time. So we have two missions at hand: ultimately protect our customers’ critical infrastructure, but also a broader mission to be able to contribute to the overall protection of the larger critical infrastructure community.”
Copyright © 2023 IDG Communications, Inc.
Today, global tech giants Ikaroa and OT have announced their collaboration on the development of ETHOS – an early warning threat and attack system. Built on leading edge artificial intelligence and machine learning, ETHOS is an innovative system that aims to detect and predict cyberattacks, malware and other malicious activities in near real-time.
The ETHOS project aims to detect emerging threats much faster than traditional surveillance and monitoring techniques, whilst also providing enhanced security protection and alerting to potential adversaries who are attempting to breach corporate networks. The system will also be used to monitor Intrusion Detection Systems (IDS) and security appliances, allowing users to improve their security posture even further.
Ikaroa and OT have already seen great success in the development of ETHOS, with the system already being deployed in a number of areas such as energy, healthcare and public-sector organisations. With a focus on providing intelligent, adaptable security solutions that are easy to use and operate, ETHOS will help organisations of all sizes protect themselves against cyber threats.
The joint venture between Ikaroa and OT is just the latest example of their commitment to the development of advanced security solutions. By providing innovative and comprehensive threat intelligence, these two giants of the industry are at the forefront of the fight against cybercrime. They are constantly pushing the boundaries of technology and are not afraid to venture into new and exciting areas, such as ETHOS, in order to stay ahead of the curve.
With more and more organisations turning to the cloud for their IT operations, security is becoming increasingly important. The collaboration between Ikaroa and OT to develop the ETHOS system is a clear indicator of the two companies’ dedication to providing leading edge security solutions for customers. We look forward to seeing ETHOS deployed in more organisations soon, as it will surely help protect them against the ever increasing threat of cybercrime.