This week a group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOSย (Emergingย THreatย Openย Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments.
Founding ETHOS community members include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security.
ETHOS will give critical industries a vendor-neutral option for information sharing to combat the growing number of cyber threats.ย An always-on, open-source solution that functions like a hotline to correlate information from many security vendors to identify anomalous behaviors will strengthen cybersecurity defenses across industries and ensure more effective government communication and support.

ETHOS is under initial cooperative development with the goal of sharing data to investigate early threat indicators and discovering new and novel attacks. As an open-source initiative, any individual, organization or security vendor may contribute to ETHOS, its direction and many future developments. General membership applications will be available in June 2023.

โThe scale of threats facing critical infrastructure operators, and in particular Operational Technology networks, requires an approach to information sharing grounded in collaboration and interoperability,โ said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. โCISAย is eager to continue support for community-driven efforts to reduce silos that impede timely and effective information sharing. We look forward to collaborating with such communities, including the ETHOS community, to improve early warning and response to potential cyber threats, while appropriately protecting sensitive information about our nationโs critical infrastructure community.โ
ETHOS will collectively uncover and share emerging threats for which there is no threat intelligence or no known attack pattern available, across private and public sector stakeholders. ETHOS brings a vendor-neutral option to improve public/private sector cooperation for effective real-time information sharing across sectors and with governments. The success of ETHOS will mean fewer asset owners become victims of preventable cyber-attacks. ETHOS is a nonprofit entity run by an independent mutual benefit corporation. Technology resources are currently accessibleย via GitHub.
ETHOS Member Quotes

โCritical infrastructure defenders have felt like they are on an island. To remain highly vigilant against potential attacks andย adversaries, ETHOS provides collective defense through vendor-agnostic information-sharing from both public and private sourcesย that enables improved metrics like time-to-detection and time-to-respondโ,ย Matt Morris, Managing Director for Security & Risk Consulting, 1898 & Co.

โETHOS is answering the call to protect the nation’s critical infrastructure by tearing down barriers and closing the gap on how we can rapidly respond to new and emerging threats impacting the safety and security of industrial operations. ETHOS fills an important and necessary function to create collaboration between technology providers, OEMs and service providers, and leads to solutions that meet the increasing challenge of industrial cyber riskโ, Ryan Moody, President and CEO, ABS Group

โDefending critical infrastructure against rapidly evolving threat actors requires a collective defense, such that an attack against one results in better protection for all. ETHOSโs real-time sharing of actionable threat intelligence across vendors and enterprises is key to reducing blind spots and illuminating threat actors before they can disrupt the very systems that we all depend on every day. With Clarotyโs expertise in threat detection for OT/ICS environments and our longstanding commitment to sharing our threat research with the wider community โ our Team82 researchers have found and disclosed over 400 vulnerabilities to date โ we look forward to fostering the ETHOS community and working together to make the worldโs most critical systems more secure and resilientโ, Brian Dunphy, Vice President Product Management, Claroty.

โDragos has worked to build up the collective defense of the industrial community since our founding, and we are eager to also contribute to this cross-vendor initiative. We see the potential for ETHOS to become a valuable source of novel threat information that can be easily incorporated into a broader threat intelligence programโ, Kimberly Graham, Senior Director of Product Management, Dragos.

โYou cannot act on what you donโt see or know, but weโre fundamentally changing that through the creation of this vendor-agnostic platform and outstanding group of industry firms. Critical infrastructure is on the road to achieving a stronger security posture because of these efforts to streamline information sharing, and weโre proud to play a part in itโ, Daniel dos Santos, Head of Security Research, Forescout.

“Information sharing is at the foundation of what will make the OT/ICS ecosystem successful when it comes to preventing and detecting existing cyber-attacks. With ETHOS, this cohort of vendors is bringing a new industry collaboration that promises to accelerate progress in this area, which will ultimately lead to a more secure national security cyber posture across the board,” Thomas Pace, CEO, NetRise.
“OT cybersecurity is critical to the wellness, safety, and day-to-day life of citizens everywhere. Aligning with other ETHOS members for greater transparency and communication in the face of disaster is an easy decision for us and an important initiative for everyone,” Robin Berthier, Co-founder and CEO, Network Perception.

โThe strongest defense is a collective one, including a vendor-agnostic mechanism for real-time sharing of early warning data. The ETHOS platform will offer the most inclusive, creative, and proactive way to share OT threat information. Nozomi Networks is proud to have helped establish the ETHOS community,โ Andrea Carcano, Co-founder and Chief Product Officer, Nozomi Networks.
โWith endless open sharing and active members’ contribution, ETHOS will provide a significant support for society to combat cybersecurity threats,โ Ed Turkaly, Director Cybersecurity Offer Management, Schneider Electric.

โA big challenge for the OT industry is differentiating which threats pose an actual risk to an organization and where they are exposed to such risk. ETHOS is a vendor agnostic initiative that aspires to cut through the noise by automating the discovery and dissemination of real-world threat information from its industry members. The goal will be to provide the entire community with more insights into threats targeting new and known vulnerabilities in OT systems. By working together, the OT security community is stronger and more cyber resilient,โ Marty Edwards, Deputy Chief Technology Officer for OT and IoT, Tenable.

“Cyber attacks causing shutdowns or malfunctions of OT / industrial control systems have more than doubled annually for the last four years. The time is ripe for the ETHOS project. The world needs OT threat intelligence so that we can look forward to see what’s coming at us, not just backwards to see how many times we’ve gone down, ” Andrew Ginter, Vice President Industrial Security, Waterfall Security Solutions.
Interested in cybersecurity? Read more below:
Nozomi Networks joins AWS to deliver advanced OT and IoT cybersecurity
Appknox launches vulnerability solution, SBOM, to its cybersecurity offerings
BARQ Systems expands its portfolio to offer cutting-edge cybersecurity services