Americas

  • United States

Asia

Oceania

john_mello jr
Contributor

Dragos launches info portal to fill security gaps in critical infrastructure

News
Jun 7, 20223 mins

OT-CERT provides free resources to under-served ICS/OT community members and beefs up threat and vulnerability coordination.

hacking critical infrastructure security
Credit: Thinkstock

Critical infrastructure companies strapped for cash to spend on cybersecurity will have a new free resource to tap into starting Tuesday. Dragos, a leader in cybersecurity for industrial control systems, has launched a new portal designed to help industrial asset owners build operational technology (OT) cybersecurity programs, improve their security postures, and reduce OT risk.

The Dragos OT-CERT (Cybersecurity Emergency Readiness Team) portal offers its users access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. OT-CERT will also coordinate with supply chain OEMs in releasing information about vulnerabilities discovered by Dragos, as well as specific threats to an OEMโ€™s products.

โ€œWhen I was a CISO, I used to not care if our supply chain OEMs had a security program,โ€ OT-CERT Director Dawn Cappelli tells CSO. โ€œBut then they started being hit with ransomware, and what we started finding was our ability to produce our product was being impacted by the security posture of these small- and medium-sized manufacturers who supplied components for our products.โ€

โ€œDragosโ€™s mission is to safeguard civilization,โ€ Cappelli adds. โ€œWe canโ€™t do that if we only safeguard the big companies that can afford to pay for security products and services.โ€

Large companies key to OT-CERT success

Dragos believes that larger organizations can benefit from OT-CERT membership, too, from resources such as OT best practices blogs, vulnerability disclosures, and tips for strengthening the security of the smaller companies in their supply chain. โ€œWeโ€™d like to see large companies join because they can push OT-CERT down their supply chain,โ€ Cappelli says. โ€œItโ€™s going to be tough to get these small- and medium-sized companies aware that this exists because right now theyโ€™re not necessarily paying attention to security.โ€

In launching OT-CERT, Dragos is partnering with the National Association of Manufacturers (NAM). โ€œOf the National Association of Manufacturersโ€™ 14,000 member companies, 90% are small- and medium-sized manufacturers that often lack the kind of resources and OT cybersecurity teams that larger organizations have,โ€ NAM COO Todd Boppell said in a statement. โ€œDragos OT-CERT is the first community-focused resource of its kind to provide practical solutions to this often under-served community.โ€

OT-CERT partners with ISACs, OT vendors

Other partners include the water and energy information sharing and analysis centers (ISACs), Emerson Automation Solutions, and Rockwell Automation. โ€œWeโ€™re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation, as well as assets for resource-constrained organizations,โ€ Michael Lester, director of cybersecurity strategy, governance and architecture for Emersonโ€™s automation solutions business, said in a statement.

โ€œAs the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, weโ€™re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,โ€ added Tony Baker, chief product security officer at Rockwell Automation. โ€œThis free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.โ€