industry unlocked
Asset management is handled within the Dragos Platform by parsing traffic for unique source and destination information . All devices can then be graphically represented in a mapped view and organised based on custom zones , so analysts can view a device ’ s history , last time seen , protocols used and create alerts for any new device seen on the network .
Anomaly detections alone are ineffective
The entire network supporting a wind farm is constantly spinning up and down based on natural elements , so everything appears as an anomaly . Security devices monitor turbine speeds and apply braking as necessary . These events can be tracked through device communications but cannot be accurately predicted or parsed for anomalies without simultaneously considering natural , environmental variables . For instance , if an avian watch tower operator identified a protected species of bird approaching a wind turbine , she may use a secure wireless device to remotely disable that turbine . This network event would appear as an anomaly in most other toolsets , but it is a part of managing and curtailing the plant based off of environmental considerations .
While Dragos can detect on anomalies or signature matching , our primary detection is based on the tradecraft used by known threat actors . The Dragos Platform applies custom analytics that watch for a series of events , rather than a single atomic value . These are considered Threat Behavioral Analytics ( TBA ). As an example , an analytic may aggregate detections of a machine reaching out to the Internet , downloading a binary file , or remotely shutting down a turbine within some time window . Additional verifications may also be considered , such as users logged into the box or source / content of the binary file .
Processing all available data and providing context to alerts prevents analyst fatigue and allows resources to be directed to activity of concern , given the specific environment .
Limited resources , vast network
Every organisation faces resource constraints . Staffing is the most critical component of protecting any network ; however , the market for experienced ICS cybersecurity professionals is low . Some organisations cannot fund dedicated security staff , so the roles are split between operations . For energy providers , customer charge rates can be limited , due to regulatory law , so revenue is not completely based on the open market . The resulting mission is to do more with less .
Through constant and passive monitoring , the Dragos Platform brings visibility of assets and network communications to a single platform for analysis . Additionally , the Dragos Platform offers playbooks and case management , where an analyst can leverage industry experience and notes can be tracked with evidentiary files . The goal is a single pane of glass for data analysis , so responders can perform their tasks without bouncing between multiple tools or gathering data from multiple sources .
Conclusion
As a leader in sustainable , compliant , renewable energy , the wind farm operator is also focused on protecting its assets and operations . Implementation of the Dragos Platform allows the operator to monitor for adversaries , optimise internal resources and assume a proactive security programme . The operator can continue to focus on energy generation and delivery , while being confident its infrastructure is protected . u
54 www . intelligentciso . com