Enabling a Collective Defense against OT Cyber Threats with ETHOS

The opportunity for cyber threats to target operational technology (OT) environments — particularly those that support our critical infrastructure — is now widely recognized. Each successful attack not only undermines the security of these vital assets but also emboldens threat actors to continue (and expand) their efforts. As a result, we are witnessing the emergence of a new wave of cyber attacks intended to disrupt essential services and/or extort the critical infrastructure organizations that provide those services.

A lesser-known aspect of this situation is the intricate web of OT interdependencies that exist throughout all organizations in all critical infrastructure sectors. Consider, for instance, a hospital providing lifesaving care to patients. Such a facility relies on OT assets like temperature controllers, pressure gauges, motion sensors, card readers, and more to manage building and room access, regulate heating, ventilation, and air conditioning (HVAC), and control elevators for timely patient transportation. Yet, this is only the tip of the iceberg — a hospital’s ability to deliver safe, high-quality care also relies on a diverse array of third-party, OT-dependent organizations in other critical infrastructure sectors. Key examples include:

• Electricity providers

• Transportation systems

• Water and sewage utilities

• Pharmaceutical companies

• Food and beverage providers

• Medical device manufacturers

Each of those providers will typically also have hundreds of their own dependencies with other critical infrastructure organizations. The full extent of OT dependencies can span upwards of thousands or even tens of thousands of organizations, all of which must be able to operate safely and reliably in order for those that depend on them to be able to operate safely and reliably, too. This degree of interconnectivity also means that if a cyber attack were to compromise just one of those organizations, the consequences would likely extend far beyond that one organization.

Further complicating the security of these vital OT systems is the fact that the threat actors targeting them tend to be highly iterative and collaborative. Across regions, allegiances, and skillsets, they’ve been known to ideate with one another on tactics, develop exploits, pinpoint targets, and even buy, sell, and build the ransomware-as-a-service “kits” that have rapidly democratized what was previously considered an experts-only technique. And in most cases, the encrypted communication channels and dark web communities such actors frequent not only facilitate but also help obfuscate their illicit activities.

In order to protect our critical infrastructure against these highly iterative and collaborative threat actors, we must adopt a “collective defense” approach that is larger than any one vendor, solution, or customer base. The larger our collective defense and ability to rapidly learn about a threat actor’s latest techniques, the better protected our critical infrastructure will be. This notion is at the very heart of ETHOS: an open platform being built to anonymously share early-warning information about cyber threats targeting the very OT assets and systems that underpin the critical infrastructure we rely on every day.

Announced earlier this week, ETHOS brings together contributions from leading OT security providers to improve the detection of emerging threat actor campaigns. With its vendor-agnostic design, ETHOS will collect, analyze, and distribute these types of insights among critical infrastructure organizations regardless of which security tools they leverage or vendor affiliations they have. After all, given how interconnected our critical infrastructure is — the legacy status quo of closed, vendor-centric threat-sharing platforms is simply inadequate for protecting it.

Recognizing the urgent need for a new status quo that offers greater visibility into the rising wave of threat actor activity, ETHOS takes a unique approach to deliver exactly this. Here’s how:

• Its vendor-agnostic, open collection will provide the broadest possible visibility into threat activity — no matter what solutions comprise an organization's security tech stack.

• Its machine-to-machine threat sharing will enable it to rapidly disseminate and identify emerging threat trends and tactics. 

• The open-source design of its operating framework will enable multi-vendors and other inspired contributors to continually evolve and enhance these capabilities over time.

• Its focus on OT and critical infrastructure — i.e. the very systems our lives and livelihoods depend on — will further empower us to collectively combat the threats that matter most.

I’m honored for Claroty to be among ETHOS’s founding members, which also include 1898 & Co., ABS Group, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security. ETHOS is currently in its initial development stages, and we look forward to its continued progress in building a first-of-its-kind platform that will empower our community with collective defense against the threats that matter most. If you’d like to learn more about ETHOS, our founding members, or how to get involved, please read Ethos’s press release or visit www.ethos-org.io.