Dragos business development director Matt Cowell said: “Asset discovery is an important step in the pursuit of detecting threats to industrial operations, and the Dragos Platform provides industrial control systems (ICS) defenders with unprecedented knowledge of assets and activity, the threats and adversaries they face, and the tools and knowledge to defend against them.

“Dragos is excited to collaborate with NCCoE and other technology vendors on this latest use case, providing further cybersecurity guidance to the energy sector.”

The Dragos Platform is an automated network monitoring, threat detection, and response platform that uses an intelligence-based approach to passively identify ICS assets and communications, alert to malicious activity, and guide defenders step-by-step if a threat is found.

The NCCoE will implement Dragos’ technology, along with other technologies, in a laboratory environment to build a standards-based, modular, end-to-end example solution that will address the security challenges of operational technology (OT) asset management for the energy sector, including:

Asset Discovery: establishment of a full baseline of physical and logical locations of assets

Asset Identification: capture of asset attributes, such as manufacturer, model, operating system, internet protocol (IP) addresses, media access control addresses, patch-level information, and firmware versions

Asset Visibility: continuous identification of newly connected or disconnected devices, and IP (routable and non-routable) and serial connections to other devices

Asset Disposition: the level of criticality (high, medium, or low) of an asset, its relation to other assets within the OT network, and its communication (including serial) with other devices

Alerting Capabilities: detection of a deviation from the expected operation of assets

Expected Industry Benefits

Reduce cybersecurity risk and reduce impact to safety and operations

Development of an executable strategy that provides continuous OT asset management and monitoring

Faster response to security alerts/attacks/events through automation

Cybersecurity standards and best practices, while maintaining the performance of energy infrastructures

Source: Company Press Release