Water utilities provide one of society’s most essential services and are an integral component of everyday lives whether they are supplying a small community, a large city or a sprawling suburban community. As such, they present unique targets for adversaries who aim to disrupt their operations and the lives of people who depend on them.
Trinity River Authority is a prime example. As a Texas water utility, Trinity owns and operates six water treatment and distribution facilities, as well as five wastewater treatment facilities serving millions of residents in more than sixty cities in the state of Texas. Like most critical infrastructure utilities, they face challenges driving enhanced ICS/OT security in their industrial operations environment.
The smart city movement has put critical infrastructure providers like Trinity on the path of digital transformation, enabling new efficiencies, better customer support as well as enhanced safety, responsiveness and productivity of operations. However, digital benefits bring about additional risks including cyberattacks that may originate in IT networks and pivot into the ICS/OT environment leading to operational disruptions and safety issues.
Enter Neighborhood Watch
Dragos Neighborhood Watch is a remote monitoring service created to address two critical, persistent struggles many industrial organizations face: a lack of visibility which often results in a very limited ability to understand what’s in the organizations OT networks including hidden threats; and the scarcity of skilled cybersecurity professionals that also possess a deep appreciation for, and an understanding of ICS/OT environments and how they differ from IT.
Neighborhood Watch helps ensure the rapid discovery of threats in ICS environments before they have the chance to become severe breaches. Combining the comprehensive asset identification, threat detection and response capabilities of the Dragos Platform with the experience of the company’s in-house experts, Neighborhood Watch can augment or replace short-staffed security operations center teams and extend their ICS-specific defensive resources.
The Dragos Platform and Neighborhood Watch provide the visibility and expert analysis Trinity River Authority needs to assure that a crucial operating environment is both capable and effective at identifying evidence of malicious activity within existing control systems. As an outsourced service, the Neighborhood Watch team alleviated Trinity from the burden and expense of maintaining experts as full-time internal resources. Through their trusted partnership with Dragos, Trinity gets the unique value of Dragos threat intelligence-driven monitoring to look for the latest ICS-focused malicious activity.
Neighborhood Watch itself focuses exclusively on the industrial control system side because of how uniquely OT operates versus IT technology, explains Dragos Vice President Ben Miller. “Cutting and pasting IT technology into OT space just doesn't work. The OT technology is significantly different. It requires specialized technology and specialized expertise in order to bridge that gap,” he says. “While the Trinity example centers on critical infrastructure, the controls running a water authority do not differ much from any other industrial operation.”
Miller tells IndustryWeek, “A lot of the investment or prioritization around industrial control system security is largely delegated to the CSO, but this is an entirely new space for them. They don't have the personnel, or they experience within these environments, and they're just getting their heads wrapped around the industrial space,” he says. “One of the benefits of the service is for these organizations that need this capability, they can instantly ramp up, there's no delay, meaning the level of capability ramps up dramatically. And especially with a concern these days about growing remote access. People are working under a new normal, creating the potential for increased exposure.”
Constant evolution
Keeping environments secure never rests. As such, Dragos also recently announced the availability of Dragos Platform 1.6, providing advanced capabilities enabling industrial and critical infrastructure operations to stay ahead of sophisticated adversaries.
A 2019 SANS State of OT/ICS Cybersecurity survey with over 300 respondents representing security and other professionals working or active in enterprise IT or operational control systems, emphasized that the risk presented by adversary threats drives an organizations’ approach to OT system security. In ranking specific OT/control systems compromise concerns, the survey found that the top threat category among respondents was devices and “things” (that cannot protect themselves) being added to the network, resulting in almost half of asset owners and operators prioritizing visibility into control systems as their top cybersecurity initiative for 2020.
The latest release provides the industry’s most detailed, in-depth visualization to easily map ICS/OT assets and network communications, identify anomalous behaviors and rapidly investigate and respond to threats. In addition, the Dragos Platform is the first ICS/OT cybersecurity technology to incorporate ATT&CK for ICS in its threat detections to provide customers a proactive, holistic view of the ICS/OT threat landscape, to better anticipate and counter adversary tactics and techniques. Dragos Platform 1.6 customers also receive automatic monthly “Knowledge Pack” updates that deliver timely information on adversary intelligence, ICS/OT device data, threat analytics and investigation playbooks.