Dragos’s OT Cyber Emergency Readiness Team (OT-CERT) will provide free industrial cybersecurity resources for the ICS/OT community and bolster threat and vulnerability coordination

June 7, 2022

HANOVER, Md.—A new cybersecurity resource from Dragos Inc. is designed to help  industrial asset owners and operators to build their operational technology (OT) cybersecurity programs, improve their security postures, and reduce OT risk, Dragos said in a release.

Dragos is a cybersecurity firm that specializes in industrial controls systems (ICS) and operational technology environments. The Dragos OT-CERT (Operational Technology-Cyber Emergency Readiness Team) will provide member organizations with free access to OT cybersecurity best practices and  cybersecurity maturity assessments, as well as training, workshops, tabletop exercises, and webinars, according to the release.

“Dragos’s stated mission is to safeguard civilization, and that means protecting all industrial infrastructure, not just the most skilled or the best resourced organizations,” said Dawn Cappelli, Dragos’s newly appointed OT-CERT Director, in the release.

In today’s escalating cyber threat environment, OEM partnerships are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure. Dragos said that OT-CERT will coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos that are targeted at the OEMs’ products.

“Our goal for Dragos OT-CERT is to be a useful, relevant, and actionable community resource for industrial asset owners and operators by aligning them with the resources, training, partnerships, and community needed to make securing their OT environments possible,” Cappelli added.

Dragos OT-CERT is said to address a serious gap in securing industrial infrastructure: the lack of OT-specific resources readily available to the industrial infrastructure community. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks.

“Organizations continue to face acute and growing shortages of OT security skills to foster and support IT/OT integration, and securely support digital transformation efforts,” according to Gartner’s Market Guide for Operational Technology Security, by analysts Katell Thielemann, Wam Voster, Barika Pace, and Ruggero Contu (January 13, 2021).

Organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources, such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.

According to Dragos, partnerships are critical to the success of OT-CERT, as they empower ICS/OT practitioners to leverage their combined experience, collectively raise awareness of ICS cybersecurity issues, and contribute to the ICS community for long-term industry impact.

In launching OT-CERT, Dragos partnered with the National Association of Manufacturers (NAM), which represents 14,000 manufacturing companies in every industrial sector. The association supports manufacturers through a focus on cyber threat identification and proactive security practices that are critical to making the entire supply chain more secure, the company said.

“The National Association of Manufacturers is deeply committed to supporting its members as they navigate the challenges and opportunities that arise from digital transformation and Manufacturing 4.0, and it’s critical that their OT security remain paramount as they undertake this evolution,” said Todd Boppell, chief operating officer at NAM, in the release. “Of the National Association of Manufacturers’ 14,000 member companies, 90 percent are small and medium-sized manufacturers that often lack the kind of resources and OT cybersecurity teams that larger organizations have. Dragos OT-CERT is the first community-focused resource of its kind to provide practical solutions to this often under-served community.”

In addition to the National Association of Manufacturers, initial Dragos OT-CERT partners are reported to include Emerson, Rockwell Automation, and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC.

“Industrial Infrastructure organizations, and the services they provide, impact all of our lives, and the operational technologies that underpin these organizations are under attack now more than ever before,” said Michael Lester, director of cybersecurity strategy, governance, and architecture for Emerson’s Automation Solutions business, in the release. “We’re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation, as well as assets for resource-constrained organizations.”

Tony Baker, chief product security officer at Rockwell Automation, also commented on the partnership.

“As the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, we’re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,” Baker said in the release. “This free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.”

Subscribe Now

Design-2-Part Magazine

Get the manufacturing industry news and features you need for free in a format you like.

FREE Print, Digital, or Both »

You have Successfully Subscribed!