The OT-centric, open-source platform for sharing anonymous early warning threat information

Publicly launched on April 24, 2023, ETHOS is a cooperative development in the OT security industry, with the goal of sharing data to investigate early threat indicators and discover new and novel attacks.


Build an open-source codebase and platform for ETHOS' operational technology and industrial control system (OT/ICS) devices and networks for data sharing and collaboration

Make innovative and egalitarian design and governance decisions

Produce code that allows for early warning detections for cybersecurity teams and stakeholders, to benefit the cybersecurity community without seeking a profit

ETHOS is a GitHub community project. The platform correlates security events across any number of end users regardless of the security solutions they use, requiring integration with security vendor technologies to send and receive correlated notifications.

Any individual, organization or security vendor may contribute to ETHOS, its direction and future developments.

Join Us

Anyone who wants to apply to join ETHOS can fill out the Membership Application.

Those who want to contribute to the project code in GitHub need to fill out, sign and submit both forms.

All completed forms should be submitted to

ETHOS Membership ApplicationContribution License Agreement

Board Members


1898 Logo
ABS logo
Claroty logo
Dragos Logo
Network Perception Logo
Forescout Logo
Netrise Logo
Nozomi Networks Logo
Tenable logo
Waterfall Logo
Schneider Electric Logo


Robin Berthier

Network Perception

Representative Pending


Andrew Ginter

Waterfall Security

Keon McEwen

ABS Group

Thomas Pace


Edward Turkaly

Schneider Electric

Andrea Carcano

Nozomi Networks

Marty Edwards


Kimberly Graham


Matthew Morris

1898 & Co.

Daniel dos Santos


Directors serve two-year terms. Elections will take place again in March 2025.


1. How does ETHOS compare to existing technologies?
2. Who owns ETHOS?
3. Is ETHOS intended to be OT specific?
4. Will there only be one server or instance of ETHOS?
5. Is CISA involved in the development of ETHOS?
6. How does ETHOS differ from the CTA?