Dragos Platform Fulfills INSM Requirements to Monitor and Protect Critical Electric Infrastructure, Enabling Electric Utilities to Benefit from Early Adoption Incentives

With the upcoming NERC CIP-015 requirements for Internal Network Security Monitoring (INSM), electric utilities can meet and exceed the stringent demands facing them with the advanced capabilities of the Dragos Platform. The Dragos Platform provides advanced internal network monitoring specifically designed for industrial environments, coupled with industry-leading threat detection capabilities. This empowers customers to meet INSM requirements and enhance their critical cybersecurity measures.

The NERC CIP-015 regulation introduces new standards mandating network security monitoring within CIP-networked environments for High and Medium impact Bulk Electric System (BES) Cyber Systems. These standards recognize the imperative to improve the detection of adversarial activity, enabling earlier threat detection and quicker responses. The core of the INSM requirements are to add the ability to detect and evaluate anomalous network activity, which is crucial for identifying unusual activities and responding promptly to potential cyber threats.

“Threat groups today exploit vulnerabilities that circumvent, or even leverage, traditional network perimeter-based security controls highlighting the critical need for enhanced monitoring within internal networks,” said Jodi Schatz, Chief Product Officer, Dragos. “INSM requires organizations to implement monitoring of the east-west network traffic between critical system components. This level of monitoring significantly enhances threat detection and response for these organizations, ultimately helping better serve the populations that rely on their services to keep the lights on in their cities and counties. The Dragos Platform helps electric utilities meet and exceed these anticipated compliance standards – it is what the Platform was built to do for our customers.”

FERC issued Order No. 893 in 2023, which provides incentives to help utilities invest in advanced cybersecurity technology. Utilities can seek deferred cost recovery for new cybersecurity investments that are eligible for incentives. Dragos is actively partnering with electric utilities to plan for compliance and take advantage of available incentives with early implementation.

The Dragos Platform supports the NERC CIP-015 regulation by helping electric utilities:

  • Deploy Dragos Sensors to passively analyze east-west network activity within trusted zones. Dragos offers a Sensor Placement Study to analyze and provide recommendations to achieve optimal visibility of internal network traffic.
  • Develop baseline configurations of network traffic inside trusted zones to identify deviations and trigger anomaly detections.

The Dragos Platform goes beyond standard anomaly detection to reduce noise and minimize the potential of false positives for organizations evaluating anomalous activity. It does this by:

  • Automatically analyzing data against known Indicators of Compromise (IOCs) enriched by the Dragos Cyber Threat Intelligence (CTI) Team.
  • Detecting and alerting on threat behaviors to identify known adversarial tradecraft and Tactics, Techniques, and Procedures (TTPs) relevant to OT environments.
  • Offering enhancements such as Dragos’s threat-hunting-as-a-service, OT Watch, which conducts ongoing threat hunts within customer environments using the Dragos Platform. This service is designed to support compliance with NERC CIP standards while investigating suspicious activity.

In support of analyzing potential threat detections, the Dragos Platform provides embedded forensic investigation capabilities, a centralized dashboard for incident management, and predefined playbooks for response, also supporting CIP-008 requirements. Additional services include Sensor Placement Studies, Incident Response Services & Plan Development Workshops, Architecture Reviews, Tabletop Exercises, and Rapid Response Retainers.

To learn more about how the Dragos Platform can help electric utilities implement and achieve the NERC CIP-015 INSM requirements, register for the Dragos webinar on September 5, 2024: “Maximize Opportunities with Early INSM Planning: Understanding NERC CIP-015 and Why You Should Start Now.”

About Dragos, Inc.

Dragos has a global mission to safeguard civilization from those trying to disrupt the industrial infrastructure we depend on every day. The Dragos Platform offers the most effective industrial cybersecurity technology, giving customers visibility into their ICS/OT assets, vulnerabilities, threats, and response actions. The strength behind the Dragos Platform comes from our ability to codify Dragos’s industry-leading OT threat intelligence, and insights from the Dragos services team, into the software. Our community-focused approach gives you access to the largest array of industrial organizations participating in collective defense, with the broadest visibility available.

Our solutions protect organizations across a range of industries, including electric, oil & gas, manufacturing, building automation systems, chemical, government, water, food & beverage, mining, transportation, and pharmaceutical. Dragos is privately held and headquartered in the Washington, DC area with regional presence around the world, including Canada, Australia, New Zealand, Europe, and the Middle East.

Kesselring Communications for Dragos Leslie Kesselring 503-358-1012 Leslie@kesscomm.com