Dragos announced the launch of its new Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team), a cybersecurity resource designed for industrial asset owners and operators to help them build their OT cybersecurity programs, improve their security postures, and reduce OT risk.
Delivered via the OT-CERT portal, member organizations will have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. In addition, OT-CERT will coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos targeted at the OEMs’ products. OEM partnerships are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure in the escalating cyber threat environment.
Dragos OT-CERT addresses a serious gap in securing industrial infrastructure: the lack of OT-specific resources readily available to the industrial infrastructure community. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks. According to Gartner, “Organizations continue to face acute and growing shortages of OT security skills to foster and support IT/OT integration, and securely support digital transformation efforts.”
“Dragos’s stated mission is to safeguard civilization, and that means protecting all industrial infrastructure, not just the most skilled or the best resourced organizations,” said Dawn Cappelli, Dragos’s newly appointed OT-CERT Director. “Our goal for Dragos OT-CERT is to be a useful, relevant, and actionable community resource for industrial asset owners and operators by aligning them with the resources, training, partnerships, and community needed to make securing their OT environments possible.”
Organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.
Partnerships are critical to the success of OT-CERT, empowering ICS/OT practitioners to leverage their combined experience, collectively raise awareness of ICS cybersecurity issues, and contribute to the ICS community for long-term industry impact.
“Industrial Infrastructure organizations, and the services they provide, impact all of our lives, and the operational technologies that underpin these organizations are under attack now more than ever before,” said Michael Lester, Director of Cybersecurity Strategy, Governance and Architecture for Emerson’s Automation Solutions business. “We’re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation as well as assets for resource-constrained organizations.”
“As the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, we’re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,” said Tony Baker, Chief Product Security Officer at Rockwell Automation. “This free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.”
Initial Dragos OT-CERT partners include the National Association of Manufacturers, Emerson, Rockwell Automation, and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC.
To learn more about Dragos OT-CERT or to apply to become a member of Dragos OT-CERT, visit here. To read the OT-CERT blog post, visit here.