Dragos launched its new Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team), a cybersecurity resource designed for industrial asset owners and operators to help them build their OT cybersecurity programs, improve their security postures, and reduce OT risk.
Delivered via the OT-CERT portal, member organizations will have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. In addition, OT-CERT will coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos targeted at the OEMs’ products. OEM partnerships are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure in the escalating cyber threat environment.
Dragos OT-CERT addresses a serious gap in securing industrial infrastructure: the lack of OT-specific resources readily available to the industrial infrastructure community. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks. According to Gartner, “Organizations continue to face acute and growing shortages of OT security skills to foster and support IT/OT integration, and securely support digital transformation efforts.1”
“Dragos’s stated mission is to safeguard civilization, and that means protecting all industrial infrastructure, not just the most skilled or the best resourced organizations,” said Dawn Cappelli, Dragos’s newly appointed OT-CERT Director. “Our goal for Dragos OT-CERT is to be a useful, relevant, and actionable community resource for industrial asset owners and operators by aligning them with the resources, training, partnerships, and community needed to make securing their OT environments possible.”
Organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.
Partnerships are critical to the success of OT-CERT, empowering ICS/OT practitioners to leverage their combined experience, collectively raise awareness of ICS cybersecurity issues, and contribute to the ICS community for long-term industry impact.
In launching this new resource, Dragos partnered with the National Association of Manufacturers, which represents 14,000 manufacturing companies in every industrial sector and supports them through a focus on both cyber threat identification and proactive security practices that are critical to making the entire supply chain more secure.
“The National Association of Manufacturers is deeply committed to supporting its members as they navigate the challenges and opportunities that arise from digital transformation and Manufacturing 4.0, and it’s critical that their OT security remain paramount as they undertake this evolution,” said Todd Boppell, Chief Operating Officer, National Association of Manufacturers (NAM). “Of the National Association of Manufacturers’ 14,000 member companies, 90 percent are small and medium-sized manufacturers that often lack the kind of resources and OT cybersecurity teams that larger organizations have. Dragos OT-CERT is the first community-focused resource of its kind to provide practical solutions to this often under-served community.”
“Industrial Infrastructure organizations, and the services they provide, impact all of our lives, and the operational technologies that underpin these organizations are under attack now more than ever before,” said Michael Lester, Director of Cybersecurity Strategy, Governance and Architecture for Emerson’s Automation Solutions business. “We’re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation as well as assets for resource-constrained organizations.”
“As the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, we’re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,” said Tony Baker, Chief Product Security Officer at Rockwell Automation. “This free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.”
Initial Dragos OT-CERT partners include the National Association of Manufacturers, Emerson, Rockwell Automation, and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC.