A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments.
Founding ETHOS community members include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security Solutions.
ETHOS will give critical industries a vendor-neutral option for information sharing to combat the growing number of cyber threats. An always-on, open-source solution that functions like a hotline to correlate information from many security vendors to identify anomalous behaviors will strengthen cybersecurity defenses across industries and ensure more effective government communication and support.
ETHOS is under initial cooperative development with the goal of sharing data to investigate early threat indicators and discovering new and novel attacks. As an open-source initiative, any individual, organization or security vendor may contribute to ETHOS, its direction and many future developments. General membership applications will be available in June 2023.
“The scale of threats facing critical infrastructure operators, and in particular Operational Technology networks, requires an approach to information sharing grounded in collaboration and interoperability,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA.
“CISA is eager to continue support for community-driven efforts to reduce silos that impede timely and effective information sharing. We look forward to collaborating with such communities, including the ETHOS community, to improve early warning and response to potential cyber threats, while appropriately protecting sensitive information about our nation’s critical infrastructure community,” added Goldstein.
ETHOS will collectively uncover and share emerging threats for which there is no threat intelligence or no known attack pattern available, across private and public sector stakeholders. ETHOS brings a vendor-neutral option to improve public/private sector cooperation for effective real-time information sharing across sectors and with governments. The success of ETHOS will mean fewer asset owners become victims of preventable cyber-attacks.
ETHOS is a nonprofit entity run by an independent mutual benefit corporation. Technology resources are currently accessible via GitHub.
“Critical infrastructure defenders have felt like they are on an island. To remain highly vigilant against potential attacks and adversaries, ETHOS provides collective defense through vendor-agnostic information-sharing from both public and private sources that enables improved metrics like time-to-detection and time-to-respond,” said Matt Morris, Managing Director for Security & Risk Consulting at 1898 & Co.
“ETHOS is answering the call to protect the nation’s critical infrastructure by tearing down barriers and closing the gap on how we can rapidly respond to new and emerging threats impacting the safety and security of industrial operations. ETHOS fills an important and necessary function to create collaboration between technology providers, OEMs and service providers, and leads to solutions that meet the increasing challenge of industrial cyber risk,” said Ryan Moody, President and CEO, ABS Group.
“Defending critical infrastructure against rapidly evolving threat actors requires a collective defense, such that an attack against one results in better protection for all. ETHOS’s real-time sharing of actionable threat intelligence across vendors and enterprises is key to reducing blind spots and illuminating threat actors before they can disrupt the very systems that we all depend on every day,” said Brian Dunphy, VP Product Management, Claroty.
“With Claroty’s expertise in threat detection for OT/ICS environments and our longstanding commitment to sharing our threat research with the wider community – our Team82 researchers have found and disclosed over 400 vulnerabilities to date – we look forward to fostering the ETHOS community and working together to make the world’s most critical systems more secure and resilient,” concluded Dunphy.
“Dragos has worked to build up the collective defense of the industrial community since our founding, and we are eager to also contribute to this cross-vendor initiative. We see the potential for ETHOS to become a valuable source of novel threat information that can be easily incorporated into a broader threat intelligence program,” said Kimberly Graham, Senior Director of Product Management, Dragos.
“You cannot act on what you don’t see or know, but we’re fundamentally changing that through the creation of this vendor-agnostic platform and outstanding group of industry firms. Critical infrastructure is on the road to achieving a stronger security posture because of these efforts to streamline information sharing, and we’re proud to play a part in it,” said Daniel dos Santos, Head of Security Research, Forescout.
“Information sharing is at the foundation of what will make the OT/ICS ecosystem successful when it comes to preventing and detecting existing cyber-attacks. With ETHOS, this cohort of vendors is bringing a new industry collaboration that promises to accelerate progress in this area, which will ultimately lead to a more secure national security cyber posture across the board,” said Thomas Pace, CEO, NetRise.
“OT cybersecurity is critical to the wellness, safety, and day-to-day life of citizens everywhere. Aligning with other ETHOS members for greater transparency and communication in the face of disaster is an easy decision for us and an important initiative for everyone,” said Robin Berthier, CEO, Network Perception.
“The strongest defense is a collective one, including a vendor-agnostic mechanism for real-time sharing of early warning data. The ETHOS platform will offer the most inclusive, creative, and proactive way to share OT threat information. Nozomi Networks is proud to have helped establish the ETHOS community,” said Andrea Carcano, CPO, Nozomi Networks.
“With endless open sharing and active members’ contribution, ETHOS will provide a significant support for society to combat cybersecurity threats,” said Ed Turkaly, Director Cybersecurity Offer Management, Schneider Electric.
“A big challenge for the OT industry is differentiating which threats pose an actual risk to an organization and where they are exposed to such risk. ETHOS is a vendor agnostic initiative that aspires to cut through the noise by automating the discovery and dissemination of real-world threat information from its industry members. The goal will be to provide the entire community with more insights into threats targeting new and known vulnerabilities in OT systems. By working together, the OT security community is stronger and more cyber resilient,” said Marty Edwards, Deputy Chief Technology Officer for OT and IoT, Tenable.
“Cyber attacks causing shutdowns or malfunctions of OT / industrial control systems have more than doubled annually for the last four years. The time is ripe for the ETHOS project. The world needs OT threat intelligence so that we can look forward to see what’s coming at us, not just backwards to see how many times we’ve gone down,” said Andrew Ginter, Vice President Industrial Security, Waterfall Security Solutions.