Skip to main content
The Dragos Blog

10.11.22 | 3 min read

Achieving Real-Time OT Monitoring and Mitigation with Dragos, Sentar, and Siemens Government Technologies: A MOSAICS Compatible Solution

As adversaries continue to leverage the cyber domain to disrupt critical infrastructure and assets, defense and critical infrastructure organizations must identify and protect critical assets and process components, detect cyber threat actors, and respond to these threats to reduce impacts to operations and national security.

The 2022 National Defense Authorization Act (NDAA) prioritizes the need to mitigate such threats and directs military departments to invest in the cyber defense of operational technology (OT).

The US Department of Defense (DoD) released its Control System Cyber Defense Reference Architecture (CSCDRA) that includes components of the More Situational Awareness for Industrial Control Systems (MOSAICS) reference architecture, alongside the 2022 NDAA, which created a call to industry to develop a commercially viable solution compatible with MOSAICS (“technologies associated” in the NDAA).

MOSAICS Compatible Defense Critical OT Networks and Assets Solution

The 2022 NDAA also calls for the complete mapping of mission-relevant terrain in cyberspace for Defense Critical Task Critical Assets at sufficient granularity to enable mission thread analysis and situational awareness. Acknowledging the complexity of these requirements, Dragos, Siemens Government Technologies, and Sentar came together and developed both a methodology and an integrated technology solution that enables the warfighter to address these requirements in an approach that is both programmatic and scalable across all critical infrastructure assets.

This joint solution represents an opportunity to incorporate the phenomenal mission analysis done by both our partners at Sentar and by DoD service-component mission assurance teams with technologies that will provide continuous visibility of assets and out-of-band mitigation within the control system environment.

Chuck Weissenborn, Regional Manager for the DoD/IC at Dragos

The Dragos / Sentar / Siemens Government Technologies solution for Defense Critical OT Networks and Assets is compatible with MOSAICS and includes key extensions to meet the requirements of the 2022 NDAA while providing real- time mitigation in a contested operating environment.

The Dragos, Sentar, and Siemens Government Technologies Integration for Real-Time OT Monitoring and Mitigation

To provide OT monitoring and mitigation, this solution focuses on four key layers that include cyber mission thread analysis, hardened and secured control systems, MOSAICS-based continuous monitoring, and real-time cybersecurity detections and mitigation.

The first layer in the solution leverages industry-leading methodologies pioneered by industry, academia, and national capabilities to provide the foundation for Cyber Mission Thread Analysis and Relevant Terrain Mapping and Identification. The process identifies Mission-Essential Tasks and maps critical OT capabilities, assets, and networks. This process also serves as a front-end for MissionValor, a Department of Defense Small Business Innovation Research (SBIR) investment which ingests threat intelligence and known attack patterns for operational networks and assets. MissionValor integrates with Digital Twins and Model-Based Systems Engineering principles and performs an analysis of observable impacts to OT networks and assets to predict mission impact. MissionValor Phase 3 extensions automatically qualify for sole source justification.

The defense of critical assets relies upon hardened, secured, and rigorously monitored operational technology. Sentar implements these best practices at critical National Security sites including those associated with the Missile Defense Agency and serves in this role within our integrated solution. This solution goes beyond The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and is strengthened by a robust security architecture review, the implementation of countermeasures, and a continuous authorization to operate (ATO) enabled by continuous security monitoring and vulnerability management enabled by the Dragos Platform, and regular and routine configuration scans. The methodology also provides detailed system security planning and a mature program complete with a plan of action and a milestones-based remediation program.

A central element of the CSCDRA and a requirement for continuous ATO is continuous monitoring of defense-critical OT networks and assets. The Dragos Platform performs this function in the joint solution architecture and is the commercial industry-leading ICS/OT asset visibility & Inventory, threat detection, and vulnerability management platform. The Dragos Platform aligns with the core requirements of the MOSAICS architecture, providing asset operators and defenders asset visibility and anomaly detection, industry-leading threat detection and analytics, and a timely cyber response workbench to accelerate incident response. The Dragos Platform also informs teams conducting cyber mission thread analysis by providing visibility of network traffic and communication patterns critical to mission success.

The real-time mitigations layer is provided by Siemens SIBERprotect™ and informed by the Dragos Platform and Dragos Threat Intelligence. The capability extends the envisioned operational and functional requirements of MOSAICS by providing secure and out-of-band communications through direct digital signaling during the most critical operations of Defense-Critical OT Networks and Assets. SIBERprotect can operate within any OT security architecture and is tailored to a client’s unique operating environment. SIBERprotect operates at the control systems level within OT networks (typically Purdue Level 1-3) and serves as a technology-independent solution that integrates and protects any commercially available control system to provide real-time mitigation at the speed of the adversary, or before when leveraging inputs from threat intelligence sources like Dragos.

SIBERprotect utilizes machine-speed automation technology to respond in milliseconds and industrial automation programming to interact with devices, independently of the site network. Upon receiving a cyber-attack notification, SIBERprotect executes a predetermined action sequence (that was defined as part of the cyber mission threat analysis effort). SIBERprotect simultaneously provides notification of the cyber-attack back to the Dragos and Sentar platforms, and optionally via lights, sirens, emails, and/or text messages. In addition, SIBERprotect can be activated manually by an authenticated security officer.

Together the Dragos / Sentar / Siemens Government Technologies solution provides the U.S. DoD a solution that is MOSAICS compatible, provides asset visibility, threat detection, and vulnerability management in the OT environment, and extends to provide near-real time mitigation to threats inside and outside the wire attempting to disrupt critical infrastructure.

By leveraging technology from partners Dragos, Siemens Government Technologies, and Sentar, defenders can ensure they have maximum visibility across OT networks, improve overall threat detection, response and mitigation time when an adverse event does occur, and can enable mission assurance to their most critical assets safely and effectively.

Learn more about the Dragos partnership with Siemens Government Technologies and Sentar by contacting the Dragos Government Sales team at governmentsales@dragos.com.

Ready to put your insights into action?

Take the next steps and contact our team today.