OT-CERT provides free resources to under-served ICS/OT community members and beefs up threat and vulnerability coordination. Credit: Thinkstock Critical infrastructure companies strapped for cash to spend on cybersecurity will have a new free resource to tap into starting Tuesday. Dragos, a leader in cybersecurity for industrial control systems, has launched a new portal designed to help industrial asset owners build operational technology (OT) cybersecurity programs, improve their security postures, and reduce OT risk.The Dragos OT-CERT (Cybersecurity Emergency Readiness Team) portal offers its users access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. OT-CERT will also coordinate with supply chain OEMs in releasing information about vulnerabilities discovered by Dragos, as well as specific threats to an OEM’s products.“When I was a CISO, I used to not care if our supply chain OEMs had a security program,” OT-CERT Director Dawn Cappelli tells CSO. “But then they started being hit with ransomware, and what we started finding was our ability to produce our product was being impacted by the security posture of these small- and medium-sized manufacturers who supplied components for our products.” “Dragos’s mission is to safeguard civilization,” Cappelli adds. “We can’t do that if we only safeguard the big companies that can afford to pay for security products and services.” Large companies key to OT-CERT successDragos believes that larger organizations can benefit from OT-CERT membership, too, from resources such as OT best practices blogs, vulnerability disclosures, and tips for strengthening the security of the smaller companies in their supply chain. “We’d like to see large companies join because they can push OT-CERT down their supply chain,” Cappelli says. “It’s going to be tough to get these small- and medium-sized companies aware that this exists because right now they’re not necessarily paying attention to security.”In launching OT-CERT, Dragos is partnering with the National Association of Manufacturers (NAM). “Of the National Association of Manufacturers’ 14,000 member companies, 90% are small- and medium-sized manufacturers that often lack the kind of resources and OT cybersecurity teams that larger organizations have,” NAM COO Todd Boppell said in a statement. “Dragos OT-CERT is the first community-focused resource of its kind to provide practical solutions to this often under-served community.” OT-CERT partners with ISACs, OT vendorsOther partners include the water and energy information sharing and analysis centers (ISACs), Emerson Automation Solutions, and Rockwell Automation. “We’re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation, as well as assets for resource-constrained organizations,” Michael Lester, director of cybersecurity strategy, governance and architecture for Emerson’s automation solutions business, said in a statement.“As the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, we’re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,” added Tony Baker, chief product security officer at Rockwell Automation. “This free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.” Related content news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe