On April 20, 2021 the U.S. Department of Energy (DOE) announced a 100-day plan to safeguard critical infrastructure from persistent and sophisticated threats. Working with the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), this initiative ultimately aims to establish a collective defense framework where security and threat data can be anonymously shared with trusted partners such as the CISA, DOE, and other utility providers.
What is Collective Defense
Collective defense in cybersecurity is a collaborative approach that recognizes the value of rapid and wide threat information sharing. For some, the term may seem like an abstract idea but ultimately the objective of this approach is to better and more quickly respond to threats that endanger the American way of life, our businesses, and most importantly the health and safety of our citizens. DOE’s 100-day plan recognizes that protection of the nation’s energy grid and ensuring its reliable supply is critical to the defense of the nation and our citizens.
From a technology point of view, a collective defense framework for securing the grid will require cybersecurity technologies that are designed for the OT/ICS environment; those that can provide deep packet inspection of OT-specific protocols. Further, to enable robust threat detection and response, information sharing will need to occur rapidly in an anonymized fashion to prohibit identification; it must be technologically irreversible and capable of being widely shared with government and industry partners.
The Need for Collaboration
Encouraging utility providers to enhance their ability to detect and combat cyber threats will protect our national infrastructure but will require a cohesive strategy and collaborative spirit among stakeholders. Thankfully, accelerating detection, mitigation, and response to cyber threats can be accomplished through currently available commercial technology.
Forescout is pleased to be a part of this important conversation and support utility owners and operators in achieving the goals of this initiative.
How Forescout Helps Utility Owners and Operators
Forescout eyeInspect (formerly SilentDefense) was purpose-built to protect OT/ICS networks from a wide range of threats, provides both passive and active discovery capabilities that create an automatic, real-time asset inventory and enables targeted remediation actions based on potential business impact. Today, eyeInspect is utilized by many of the largest electric utilities to enable robust detection, mitigation, and response capabilities.
EyeInspect enables these capabilities by automatically building a detailed network map with rich asset details and automatic grouping by network/role, provided in multiple formats such as Purdue level and communication relationship. eyeInspect uses a wide range of discovery capabilities that include:
- Patented deep packet inspection of hundreds of IT and OT protocols
- Continuous, configurable policy and behavior monitoring
- Automatic assessment of device vulnerabilities, threat exposure, networking issues and operational problems
- Data at the edge that can be configured to be shared with trusted partners
- Optional, non-intrusive active component to selectively query specific hosts
Further, eyeInspect automatically collects a wide range of OT asset information, logging all configuration changes for security analysis and operational forensics. Discoverable details include:
- Network address
- Host name
- Vendor and model of the asset
- Serial number
- OS version
- Firmware version
- Hardware version
- Device modules information
Electric Utility owners/operators can configure eyeInspect’s Command Center to share specific and relevant indicators of compromise and datasets with trusted organizations to ensure anonymity. Data can be consumed by trusted recipients via syslog (TLS, UDP, TCP) or pulled via restful APIs to establish multiple collective defense capabilities with trust partners and government agencies.
Forescout has developed a detailed response for electric utilities that addresses the technical milestones outlined in the 100-day plan. Please contact firstname.lastname@example.org to view and/or discuss plan milestones.
*** This is a Security Bloggers Network syndicated blog from Forescout authored by Brian Proctor. Read the original post at: https://www.forescout.com/company/blog/department-of-energy-launches-100-day-plan-to-accelerate-cybersecurity-detection-mitigation-and-response-capabilities-across-electric-utilities/