A group of cybersecurity companies specializing in industrial control systems and other operational technology has created a new open-source platform called ETHOS (Emerging THreat Open Sharing). The platform aims to serve as an early warning system for critical infrastructure, allowing organizations to share threat information anonymously and in real-time.
The information shared includes indicators of compromise (IoCs) such as IP addresses, hashes, and domains, that can help detect new threats. The goal of the platform is to identify emerging threats for which there is no threat intelligence available, and to reduce threat actor dwell time and discover incidents during the reconnaissance phase of potential attacks.
ETHOS currently has a beta API that provides data sharing functionality, and a server is in development. Participating organizations can act as clients and/or host their own server to compare the information that is shared.
The founding members of ETHOS include several cybersecurity companies such as Claroty, Dragos, Forescout, and Schneider Electric, among others. The project’s goal is not to create a shared proprietary threat intelligence feed but to complement existing information sharing platforms.
ETHOS is designed specifically for OT/ICS but the API can be used by any type of cybersecurity solution. The platform aims to provide a real-time, open-source solution that functions like a hotline to correlate information from multiple security vendors to identify anomalous behaviors.
The founding members believe that this concept is the most feasible way to reduce threat actor dwell time and discover incidents during the reconnaissance phase of potential attacks.
General membership applications will be available in June 2023, and any individual, organization, or security vendor can contribute to the project.
