22 Jun Dragos launches OT-CERT to address critical gaps in securing industrial infrastructure
Global cybersecurity leader Dragos Inc has launched its latest technology product which aims to be a cybersecurity resource designed for industrial asset owners and operators to help them build their cybersecurity programs, improve their security postures and reduce risk.
The new Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team) will be delivered via the OT-CERT portal and offer member organisations a plethora of resources to aid their security efforts. The resources include access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. In addition, OT-CERT will coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos targeted at the OEMs’ products. OEM partnerships are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure in the escalating cyber threat environment.
Dragos OT-CERT addresses a serious gap in securing industrial infrastructure: the lack of OT-specific resources readily available to the industrial infrastructure community. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks.
Dawn Cappelli, Dragos’s newly appointed OT-CERT Director, said: “Dragos’s stated mission is to safeguard civilisation, and that means protecting all industrial infrastructure, not just the most skilled or the best resourced organisations.
“Our goal for Dragos OT-CERT is to be a useful, relevant, and actionable community resource for industrial asset owners and operators by aligning them with the resources, training, partnerships, and community needed to make securing their OT environments possible.”
Organisations of all sizes are eligible for OT-CERT membership. Larger organisations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organisations in their supply chain that can pose a risk to their business operations.
Partnerships are critical to the success of OT-CERT, empowering ICS/OT practitioners to leverage their combined experience, collectively raise awareness of ICS cybersecurity issues, and contribute to the ICS community for long-term industry impact.
In launching this new resource, Dragos partnered with the National Association of Manufacturers, which represents 14,000 manufacturing companies in every industrial sector and supports them through a focus on both cyber threat identification and proactive security practices that are critical to making the entire supply chain more secure.
Todd Boppell, Chief Operating Officer, National Association of Manufacturers (NAM), explained: “The National Association of Manufacturers is deeply committed to supporting its members as they navigate the challenges and opportunities that arise from digital transformation and Manufacturing 4.0, and it’s critical that their OT security remain paramount as they undertake this evolution.
“Of the National Association of Manufacturers’ 14,000 member companies, 90 percent are small and medium-sized manufacturers that often lack the kind of resources and OT cybersecurity teams that larger organisations have. Dragos OT-CERT is the first community-focused resource of its kind to provide practical solutions to this often under-served community.”
“Industrial Infrastructure organisations, and the services they provide, impact all of our lives, and the operational technologies that underpin these organisations are under attack now more than ever before,” said Michael Lester, Director of Cybersecurity Strategy, Governance and Architecture for Emerson’s Automation Solutions business. “We’re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation as well as assets for resource-constrained organisations.”
“As the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, we’re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,” said Tony Baker, Chief Product Security Officer at Rockwell Automation. “This free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.”
Initial Dragos OT-CERT partners include the National Association of Manufacturers, Emerson, Rockwell Automation, and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC.