Security News > 2023 > April > Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here's one
ETHOS is still under initial cooperative development, the nonprofit entity behind the project said in a press release, with founding members including OT and ICS security firms and tech consultancies such as 1898 & Co., Claroty, NetRise, and Schneider Electric.
The companies founded ETHOS in response to Uncle Sam's CISA's Shields Up initiative and the Biden administration's various 100 day sprints to improve cybersecurity in critical sectors.
This, all while ETHOS plans to maintain itself as "An independent mutual benefit corporation with an open-source GitHub community." With that comes no central ownership authority and governance structured by community members and licensed users, the ETHOS Association said.
If all this talk of open standards and threat intelligence sharing sounds familiar, it might be because ETHOS sounds a lot like the US Department of Homeland Security's Cyber Information Sharing and Collaboration Program and its Automated Indicator Sharing system.
The ETHOS Association even addresses that on its website, saying that ETHOS isn't a replacement for Homeland Security's system and its Structured Threat Information Expression and Trusted Automated Exchange of Indicator Information standards.
Luckily, a spokesperson for ETHOS answered The Reg's questions, telling us ETHOS is working with unrefined data that could be used to create future STIX rules, though ETHOS won't ingest data from TAXII servers so it's not up on known threat intelligence from those particular sources.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/25/ot_ethos_critical_infrastructure/
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)