Industrial security provider, Dragos, Inc., inked a partnership pact with Schweitzer Engineering Laboratories (SEL) to help the electric power sector detect and respond to threats within their industrial control system (ICS) networks.
“With the increasing and persistent cyber-attacks focused on critical infrastructure, new solutions are required to protect ICS networks,” said SEL Chief Operating Officer Dave Whitehead. “To combat these challenges, Dragos and SEL have integrated their technologies to create a proactive, intelligence-driven approach to threat detection and incident response.”
The Dragos Platform integration with SEL devices provides visibility into power system networks and their communications, allowing asset owners and operators to gain deep packet inspection into SEL communications to monitor for security events.
The partnership pact includes:
• The Dragos Platform passively identifies assets across multiple data sources, including: Network traffic, host-based logs, data historian events, and logs from SEL assets, including SEL ICON and SEL Real-Time Automation Controllers (RTACs).
• Threat behavior analytics provide analysts context into adversary actions, such as why alerts are generated. Integration with SEL allows for the creation of new threat analytics focused on adversary behaviors against SEL equipment and communications.
• The Dragos and SEL partnership enables new SEL equipment-specific investigation playbooks. The playbooks, created by senior industrial cybersecurity analysts in the Dragos Threat Operations Center, are paired with each threat behavior analytic and provide step-by-step guides to responding to threats, allowing analysts to respond effectively and efficiently against cyber incidents in power system networks.
“SEL and Dragos share a mission focus and dedication to protecting the electric power community,” said Dragos Founder and Chief Executive Robert M. Lee. “It will facilitate immediate integrations for our customers, but also enable new research and innovation for the community and as such is a huge step forward for electric power cybersecurity.”
The SEL-2470S is a hardened software-defined networking (SDN)-enabled switch designed to improve Ethernet performance in mission-critical applications. When integrated into the SEL2470S and the SEL-5056 Software-Defined Network Flow Controller the Dragos Platform retrieves all information and authorized flows on the network allowing for network visibility. In addition, unauthorized network flows are sent to the Dragos Platform for analysis to provide context and proactive actions ahead of a cyber incident.
Another goal in the partnership is for Dragos and SEL to provide joint research of emerging threats and impacts of cyber events on industrial environments. This research will include whitepapers and presentations.