NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) is partnering with cybersecurity firm Dragos for a joint initiative aimed at strengthening “collective defense and community-wide visibility for industrial cybersecurity” in the bulk electric system.

The initiative will allow E-ISAC staff to access information about threat analytics and indicators of compromise filed in Dragos’ Neighborhood Keeper threat intelligence system. Analysts will then share “insights and trends gleaned from this information” with E-ISAC members to ensure the latest intelligence is available as widely as possible across the industry.

Neighborhood Keeper is currently available as a free opt-in service to customers of the Dragos Platform, a network of sensors analyzing multiple data sources across users’ industrial control systems (ICS) and operational technology environments. Data collected through the platform is anonymized and will be aggregated before being provided to the E-ISAC for analysis and distribution

The program’s website lists one of its goals as “enabling trusted industry and government partners to leverage the system as a cyber national broadcasting service,” suggesting that additional partnerships beyond the E-ISAC are under consideration. Dragos said its electric industry customers “will benefit from access to a larger pool of E-ISAC cyber security experts” providing more insights into threats and vulnerabilities than utilities can produce on their own. 

“The electric community is keenly aware of the kind of cyber threats they face but to date has had to defend against those threats in isolation,” said Dragos CEO and co-founder Robert Lee in a press release. “Defending against state and criminal actors is entirely doable when the community operates as a collective and ensures that an attack on one member is seen by all of us. This new capability for the E-ISAC will amplify their important role and responsibility in helping our electric sector customers and members of the E-ISAC.”

Growing Urgency in ICS Security

Cybersecurity experts have warned repeatedly about the vulnerability of critical U.S. infrastructure, including the power grid, to ICS-targeted cyberattacks; Dragos issued a report last year noting attacks against the electric, oil and gas infrastructure of multiple countries and rating the bulk power system as facing a high risk of disruptive cyberattack. (See Report: Oil, Gas Hackers Expanding to Grid.)

The Biden administration announced in April an initiative aimed at improving the cybersecurity of electric utilities’ ICS over 100 days, to be coordinated between the Department of Energy, the electric industry, and the Cybersecurity and Infrastructure Security Agency (CISA). (See Biden Reinstates Trump Supply Chain Order.) In the wake of last month’s ransomware attack on Colonial Pipeline, which served as a graphic illustration of the vulnerability of critical U.S. infrastructure, Biden issued further orders expanding the role of CISA, creating a public- and private-sector cybersecurity review board, and launching a pilot for a software supply chain security information sharing scheme. (See Biden Directs Federal Cybersecurity Overhaul.)

In support of the 100-day initiative, NERC earlier this month released a guide to help ERO Enterprise compliance monitoring and enforcement staff review cybersecurity preparedness at utilities. (See NERC Releases CIP Audit Guide for Network Monitors.) The organization also praised Biden’s May executive order, particularly the information-sharing provisions, which it called complementary to the mission of the E-ISAC.

Additional information-sharing efforts in the private sector include the Asset to Vendor (A2V) Network for Power Utilities, a network launched last year by Fortress Information Security and American Electric Power that now also includes Southern Co., Hitachi ABB and NiSource. (See CIP Compliance: Don’t ‘Boil the Ocean’.) The network provides utilities with a platform for sharing information on cybersecurity risks in their equipment supply chain.