As the global community continues to grapple with the coronavirus (COVID-19), the Atlantic Council is open for business. Our business, meetings, and events, however, are occurring virtually. For more information, please read an update from our President and CEO.
On July 17, 2020, the Atlantic Council Global Energy Center hosted Robert M. Lee, chief executive officer at Dragos, to discuss developments in cybersecurity technologies that will help secure industrial networks in the energy sector. Randy Bell, director of the Atlantic Council Global Energy Center, provided introductory remarks and moderated the discussion.
Dragos provides cybersecurity solutions for industrial networks and control systems in the energy sector, including sites such as power plants and system operators. Dragos gathers intelligence using detection and analytics to respond to cybersecurity threats facing their customers.
Lee explained that historically, industrial systems were mainly utilized for power grids. Today, industrial control systems are used in a broad range of industries including Amtrak, mining, maritime, and others. Lee points out that infrastructure is changing and that the society is moving to a hyperconnected world. As this infrastructure and our systems begin to change, companies are faced with new evolving threats. Dragos aims to help these companies understand what these threats are and how to deal with them.
In the past, cybersecurity companies would be handling one threat or one campaign at a time. Today, Dragos is tracking twelve different state-actors that are specifically targeting industrial control systems at once. The pace and volume of these threats are unprecedented and have significantly evolved from even five years ago. Lee noted that they are not necessarily new, but rather, companies are maturing and are able to detect more threats through monitoring and collection. In 2019, and notably before the COVID-19 pandemic, Dragos identified three new threats that were going after industrial operations by compromising remote access and remote connectivity. With the pandemic, Lee claims that companies must assume they are compromised and as a result, should comb through their networks for threats, as for remote access vulnerabilities create an abundance of opportunities for adversaries to take advantage.
These threats are becoming more aggressive and the adversaries are learning from each other, according to Lee. When an actor demonstrates how they have infiltrated a system, it becomes a ‘blueprint’ for any other state actor or individual adversary to copy. Therefore, there is a strong proliferation aspect for each attack. Lee has frequently found that states will often reciprocate aggression by learning how to go after their opponents’ industrial operations. This raised interesting questions from the audience regarding the state actors’ motivation for these attacks. Lee explains that the intent behind these attacks cannot be oversimplified. There is a wide variety of motivations – from positioning infrastructure to use during wartime scenarios, to a smaller-scale attacks like a thirty-minute electric outage to erode voter confidence during an election year.
To conclude the discussion, Lee discussed the opportunities for the public and private sector to collaborate and address risks to the energy sector. Dragos was recently named to the Department of Energy’s (DOE) Electricity Advisory Committee. Lee notes that the DOE has done a great job in creating a community and a binding relationship with the private sector. He recommends that the next important step is for the DOE to assess the various solutions in the industry and amplify the solutions that work.
Robert M. Lee is a chief executive officer at Dragos. He is a recognized pioneer in the industrial security incident response and threat intelligence community. Mr. Lee gained his start in security as a US Air Force cyber warfare operations officer tasked to the National Security Agency, where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He is also a course author and Instructor at SANS.