New threat detection program developed for small Infrastructure providers

Oct. 24, 2018
Company to support the research and development of novel approaches in threat analytics and data for the benefit of the greater ICS community

HANOVER, Md.--(BUSINESS WIRE)--Dragos, Inc, developers of the Dragos threat detection and response platform, announced today the DOE’s partnership on a cooperative agreement to research and develop a collaborative threat detection and shared intelligence program, Neighborhood Keeper. Together with Ameren, First Energy, Idaho National Laboratory (INL), NERC’s E-ISAC, and Southern Company, Dragos will begin to research and develop novel methods to make ICS threat analytics and data accessible to smaller infrastructure providers-- such as co-ops and municipality providers serving our local communities--who often lack resources to defend against targeted threats.

The goal of Neighborhood Keeper is to develop a zero-trust and non-privacy invasive way of sharing threat insights from ICS and operations technology (OT) networks in near-real-time--providing immediate value to participants without sharing any identifying information or sensitive data. The Dragos threat detection and response platform will be deployed at near-cost to smaller infrastructure providers who often do not have the resources for advanced technologies or personnel to dedicate time to them.

The Dragos Platform will leverage threat intelligence in the form of threat analytics to search for adversary behaviors in participants’ environments--instead of simply looking for anomalies or technical indicators. The research and development effort will be focused on creating and testing a threat analytics framework, new threat analytics, and a secure cloud infrastructure to sit above Dragos’ ICS security technology, which will capture and share insights from threat detection occurring across participants. This framework and insight will be made available to all participants. This effort will allow program participants to:

·      Share insights and response procedures without releasing personal, sensitive, or identifiable data

·      Understand what detections are occurring across participants to prioritize and focus threat detection and hunting efforts

·      Create and understand trends in adversary activity

·      Proactively discover new adversary campaigns against the energy sector

·      Inform best practices and standards-based off insights into the threats

“Neighborhood Keeper represents an innovative and highly beneficial approach to providing security to smaller providers, as well as value to the entirety of the community, by sharing completely anonymized insights from threats detected in OT/ICS networks,” said Robert M Lee, CEO Dragos. “Dragos is excited to begin work on this effort with funding and support from the DOE, together with the electric sector leadership from Ameren, First Energy, Idaho National Laboratory (INL), NERC’s E-ISAC, and Southern Company. Larger providers are coming together to ensure that we take care of all of our infrastructure, especially in smaller communities. This is another example of the strength of the energy community and is being made possible by DOE’s CEDS (Cybersecurity for Energy Delivery Systems) program.”

The DOE CEDS’ award provides funding for a period of two years to program participants to complete the research and development efforts and then transition it to the wider market. Neighborhood Keeper will begin with the publicly-identified participants, and as the program progresses, additional participants from smaller infrastructure sites will be added to continue to test the value to the sector. Neighborhood Keeper is designed to provide unique value on its own, while also augmenting existing national sharing programs, such as CRISP (Cybersecurity Risk Information Sharing Program). Neighborhood Keeper’s shared intelligence will allow the amplification of these programs through Idaho National Labs (INL) and the E-ISAC.

For more information:

·      Learn more about Neighborhood Keeper here

·      Register for the ICS webinar series

·      For asset owners and operators, such as co-ops, municipalities, and gas pipeline operators, please register your interest here

About Dragos

The Dragos ICS threat detection and response platform distills decades of real-world experience from an elite team of ICS cybersecurity experts across the U.S. intelligence community and private industrial companies. Dragos' offerings also include threat hunting and incident response services, and Dragos ICS WorldView for weekly threat intelligence reports. Dragos is headquartered in the Washington, DC area. For more information, please visit or follow @DragosInc.