Dragos Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced the one-year anniversary since the launch of Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team), the industry’s first cybersecurity resource designed to provide industrial asset owners and operators free OT-specific cybersecurity resources to help them build their OT cybersecurity programs, improve their security postures, and reduce OT risk.
First launched at the 2022 RSA Conference, Dragos OT-CERT has grown to include over 900 members representing over 50 countries from the global ICS/OT community. OT-CERT was designed to address a critical gap in securing industrial infrastructure: the lack of OT-specific cybersecurity resources readily available to the industrial infrastructure community. The gap is especially critical among small and medium-sized businesses that often have limited in-house cybersecurity expertise and lack the financial and technical resources to address ICS/OT cybersecurity risks.
“With Dragos OT-CERT, we set out to build a community resource that helps make ICS/OT cybersecurity accessible and achievable for all—especially for small and medium-sized companies who can find themselves overwhelmed by the idea of providing effective cybersecurity for their industrial assets—and the engagement and feedback has exceeded expectations”, said Dawn Cappelli, Dragos OT-CERT Director. “Member organisations have free access to guides, templates, videos, monthly interactive working group sessions, and many other resources. We are working with partners to establish local OT-CERT communities and equipping CISOs from companies of all sizes with tools to assess and implement an ICS/OT cybersecurity program in their supply chain. By improving the security posture of the smaller organisations that make up the supply chain, we can reduce risk to the entire ecosystem and truly safeguard civilization”.
Members have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. OT-CERT also coordinates with original equipment manufacturers (OEMs) regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by the Dragos Platform targeted at the OEMs’ products.
“As a community-owned utility, we are responsible for the critical services of more than 100,000 customers and households. Building an industrial cybersecurity program to protect the infrastructure this entire community relies on can be challenging at times”, said Brad Wynes, Supervisor-OT Cybersecurity, City Utilities of Springfield. “With Dragos OT-CERT, we have been able to learn from others and share our experiences in an open and inviting forum. We have consistently learned something new in every session and have applied these insights to our processes. The interactive working group sessions along with the content Dragos experts have provided has been invaluable whether you are Crawling, Walking or Running in your programs. No matter what your maturity level, Dragos OT-CERT is an incredible opportunity to gain and share knowledge, supporting the cause to safeguard civilisation one community at a time”.
“Designing, manufacturing, and deploying telecommunications equipment and systems for critical communications sectors, in more than 60 countries, requires a constant effort in the renewal of knowledge and application of current and future technologies, as well as a deep understanding of the ecosystem”, said Oscar Blanco Torras, Cybersecurity Product Manager, Teltronic. “Cybersecurity plays a critical role, and Dragos OT-CERT provides tools and cross-cutting knowledge among the members of the group. Being a part of the OT-CERT community means we no longer feel like we are working on our OT cybersecurity program in an isolated silo”.
Dragos OT-CERT partners include the National Association of Manufacturers, Emerson, Rockwell Automation, seven Information Sharing and Analysis Centres: E-ISAC (electricity), OT-ISAC (operational technology), MFG-ISAC (manufacturing), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), WaterISAC (water), MM-ISAC (mining and metals), the Massachusetts Cybersecurity Program within the Massachusetts Commonwealth Fusion Centre, and Catalyst Connection, a member of the NIST Manufacturing Extension Partnership.
“Recent regulations and guidelines have helped to establish ‘what’ small and medium-sized organisations should do to secure their OT environments, but OT-CERT takes it a step farther by assisting with ‘how’ to do it”, said Cappelli. “We provide templates, how-to video demonstrations, and detailed implementation guides. We also hold OT-CERT working sessions every month exclusively for our members where we get to know each other, ask questions, get advice, and share our successes and challenges. We’re thrilled with the exponential growth, the strong community we’ve created, and the security outcomes we’re achieving”.
OT-CERT content aligns to the SANS Institute 5 Critical Controls for ICS/OT Cybersecurity.
To learn more about Dragos OT-CERT or to apply to become a member of Dragos OT-CERT, visit here. To read the OT-CERT launch blog post, visit here.