Security News > 2023 > April > Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here's one

ETHOS is still under initial cooperative development, the nonprofit entity behind the project said in a press release, with founding members including OT and ICS security firms and tech consultancies such as 1898 & Co., Claroty, NetRise, and Schneider Electric.

The companies founded ETHOS in response to Uncle Sam's CISA's Shields Up initiative and the Biden administration's various 100 day sprints to improve cybersecurity in critical sectors.

This, all while ETHOS plans to maintain itself as "An independent mutual benefit corporation with an open-source GitHub community." With that comes no central ownership authority and governance structured by community members and licensed users, the ETHOS Association said.

If all this talk of open standards and threat intelligence sharing sounds familiar, it might be because ETHOS sounds a lot like the US Department of Homeland Security's Cyber Information Sharing and Collaboration Program and its Automated Indicator Sharing system.

The ETHOS Association even addresses that on its website, saying that ETHOS isn't a replacement for Homeland Security's system and its Structured Threat Information Expression and Trusted Automated Exchange of Indicator Information standards.

Luckily, a spokesperson for ETHOS answered The Reg's questions, telling us ETHOS is working with unrefined data that could be used to create future STIX rules, though ETHOS won't ingest data from TAXII servers so it's not up on known threat intelligence from those particular sources.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/25/ot_ethos_critical_infrastructure/