By Robert M. Lee

Year in Review

Dragos’ Year in Review reports provide insights and lessons learned from our team’s first-hand experience hunting and responding to industrial control systems (ICS) adversaries throughout the year, so we can offer recommendations for stronger defenses for industrial organizations and help drive change in the ICS cybersecurity community.

Bridging the Gap in Understanding ICS

There are many great examples of similar reports in the information security community, such as Verizon’s Data Breach Investigations Report. For a time, the U.S. Department of Homeland Security had quarterly and annual insights into the cases they worked, but the reports changed in focus and now no longer exist. Non-government reports have been lacking in the ICS cybersecurity community in providing annual reviews of the threats, vulnerabilities, and incidents occurring. Without this view, the community often finds itself addressing “best practices” made from information technology (IT) security standards–which leaves a gap in education and opens up significant opportunities for improvement to make more reliable and safe industrial operations.

The goal of Dragos’ Year in Review reports is to close that gap in understanding the unique challenges the ICS community faces, to provide a consistent voice and approach to ICS cybersecurity, and to help the ICS community leverage our reports to become more proactive defenders.

Codifying Knowledge into Our Technology

Year in Review insights also help cultivate our team’s approach and provide the foundation for our industrial threat detection and response technology, the Dragos Platform. As the Dragos Intelligence team learns about threats, we codify that knowledge in the form of threat analytics into the Dragos Platform. As The Dragos Threat Operations Center performs assessments and incident response, we codify that knowledge in the form of new protocol inspections and characterizations for asset identification and for prescriptive, step-by-step investigation playbooks paired with each threat analytic. We understand keeping the insights our team learns internal to Dragos is not an effective way to help the community, which is why we decided to launch the first Year in Review last year. This year, we are excited to continue this education-driven approach and provide the community with more lessons learned and insights from 2018.

Key Highlights of 2018 Year in Review

 Highlights from the 2018 Year in Review include:

  • Updates from the Threat Activity Groups targeting ICS and their tradecraft and techniques
  • A deep dive into vulnerabilities with a view of where the community is spending too many resources fixing vulnerabilities that do not actually introduce new risks, as well as what type of vulnerabilities actually have the most impact
  • Insights from the Dragos Threat Operations Center’s assessments and incident response engagements (note: Dragos Threat Operations Center will release a follow on whitepaper that discusses effective security controls–mapped to NIST’s Cyber Security Framework–based off incidence response engagements)

Dragos’ mission is, and has always been, to safeguard civilization–and we do that by empowering the community with the tools and knowledge to self-sufficiently drive ICS cybersecurity forward. Year in Review serves as a great datapoint for what is working, what is not working, and how we should all be preparing as the threat landscape continues to change. Together, backed by real insights, we as a community can maintain the reliability and safety of our infrastructure, while considerably increasing the difficulty for adversaries to do us harm.

Dragos’ Year in Review reports will be available Thursday, February 14th here: https://dragos.com/year-in-review/

Contact Us for a Demo