Collaborating to protect critical infrastructure — Neighborhood Keeper
Written by Kevin C. Fitzgerald, Partner & Chief Utility Officer at Energy Impact Partners
The threat of cyberattacks on critical infrastructure has always been top of mind for the power industry. The most recent event– a cyber infiltration of a water utility to increase sodium hydroxide to dangerous levels — comes to us on the backdrop of the 2015 attack on the Ukraine power grid and other major incidents that have underscored the need for our country to focus more on defense against cyber threats.
The first step is to get better insight into what’s really happening on the power system. With that thesis in mind, EIP sought to identify a new technology to ensure critical infrastructure providers could get a clearer picture of the real threats and vulnerabilities on their OT systems. With our collaborative utility partnership model, EIP was uniquely positioned to work with our investors to identify the gaps in the ecosystem, and then scale a solution while sharing best practices across the industry.
In 2017, we led the Series A investment in Dragos, which was operating as a small startup out of Maryland — a long way from Silicon Valley! What the EIP team saw early in Dragos was an all-star team with deep industrial security and OT domain expertise who was dedicated to protecting the country from foreign and domestic cyber adversaries. Importantly, Dragos wanted to work with our utility partners to perfect the various products and services necessary to protect the critical and complex needs of power utilities, water, chemical and oil and gas pipelines.
Since that time, Dragos, the Department of Energy, Southern Company, and several other EIP partner utilities have been quietly contributing to the buildout of Dragos’s Neighborhood Keeper platform — which now stands ready for deployment across the country at this important moment for cybersecurity and critical infrastructure. It’s hard to overstate how important this collaborative approach has been.
What is Neighborhood Keeper? It’s a first-of-its-kind technology that enables critical infrastructure operators to anonymously share threat activity occurring in their industrial control systems in real time. It’s built on the back of the Dragos Platform — a software platform deployed as a series of high-fidelity network sensors within a utility’s OT networks, with deep packet inspection on OT protocols and analytics. The Dragos Platform roots out the threats, and Neighborhood Keeper anonymizes the data and shares it in a central location, identifying correlations across systems and enabling operators to query for more information.
The Neighborhood Keeper platform is built off the premise that through collective shared intelligence, utilities and industrial operators more broadly are stronger and more secure together than they ever could be going it alone. With real-time visibility into their own environments as well as environments of their peers, they can more quickly identify meaningful threats and vulnerabilities — and then rapidly respond in a targeted, coordinated way.
What’s been really special about Dragos, and what has made the Neighborhood Keeper product uniquely impactful, is the willingness to collaborate with DOE and utilities. This created an opportunity for the Dragos platform to meet the specific collective defense needs of our industry — rather than the typical startup company that develops a product to be marketed across as many verticals as possible with minimal customization.
Thus, for the first time we have this capability at an ICS/OT network layer to come together as a community to address these issues. Additionally, the technology ensures that all participant data is stored at the participant’s site and that identity is technologically irreversible. This means information sharing can happen without compromising data security or anonymity. The bottom line is that Dragos is laser-focused on providing the most efficient and effective solution for the industry, even if it means sharing that solution with the Federal government.
This technology is particularly apt in context of the recently announced Biden White House action plan. EIP and its LPs have long seen the necessity of OT/ICS specific cybersecurity, and it’s great to see government and industry come together to address this topic with a focus on threat detection and response, instead of just prevention.
It is time for the utility industry, and other critical infrastructure providers to further collaborate on Neighborhood Keeper and protect our nation from the increasing threats to our public safety.
For more information see this video of public power, and private power companies discussing the value of Dragos and the Neighborhood Keeper technology. (FMPA): https://www.fortnightly.com/videos/cybersecurity-it-takes-neighborhood and visit https://www.dragos.com/neighborhood-keeper/.
