New Dragos OT-CERT program offers community-focused resources for industrial asset owners and operators

Industrial cybersecurity firm Dragos launched its Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team), a cybersecurity resource designed for industrial asset owners and operators. Initial partners will include the National Association of Manufacturers, Emerson, Rockwell Automation, and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC.

“Dragos is committed to the corporate mission: Safeguarding Civilization. To do that we already offer many free webinars and other resources publicly at no cost,” Dawn Cappelli, Dragos’ OT-CERT director, told Industrial Cyber. “The ones offered through OT-CERT will be tailored versions of some of those materials modified to be practical for under-resourced organizations, as well as new resources developed using our existing model, but for the OT-CERT audience,” she added. 

Announced on Tuesday, Dragos OT-CERT has been purpose-built to address resource gaps in securing industrial infrastructure. Designed to provide free resources to the OT community, OT-CERT offers access to information and materials to help organizations prepare for cyber threats, build an OT cybersecurity program, improve their security posture, and drive down risks in their OT environment. These offerings will not ​​move to a paid option in the future. 

These exclusive resources will be available from the OT-CERT portal every month, starting with a self-service ransomware tabletop exercise kit, followed by best practice blogs, webinars, reports, and training. The material will provide useful, relevant, and actionable community resources for industrial asset owners and operators by aligning them with the resources, training, partnerships, and community needed to make securing their OT environments possible. 

Cappelli also said that Dragos will ensure that the OT-CERT offerings are up-to-date and most recent, not historical data, by refreshing “our materials on an ongoing basis to reflect new best practices including those that are proven to be effective for other small and medium-sized organizations.” 

“We will gather that information via workshops and information sharing facilitated in collaboration with our OT-CERT partners,” according to Cappelli. “In addition, we will update our materials as needed based on changes in the threat and vulnerability landscape, with the most current guidance on what can and should be mitigated by small and mid-sized organizations with OT environments. We will continuously publish vulnerability disclosures and updates,” she added.

OT-CERT leverages the latest information and intelligence from Dragos and the OT cybersecurity community to help community members stay ahead of threats, Cappelli said. “For small and medium-sized organizations, this means helping them achieve a minimum security posture – equivalent to C2M2 MIL1.” 

Cappelli said, for example, “our first resources will be an asset management guide, training, and asset inventory template. The second will be a self-service ransomware tabletop toolkit. If there are steps a small/medium-sized company can take to defend against a new TTP, we will communicate that to OT-CERT members,” she added. 

She also said that companies that want access to in-depth views into adversaries and TTPs could also subscribe to Dragos Threat Intelligence, but under-resourced organizations should find the baseline information from OT-CERT to be sufficient to improve their security posture.

The gap in access to OT-specific resources has been especially critical among small and medium-sized businesses with limited expertise and resources to address ICS/OT cybersecurity risks. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’ Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.

“While the overall OT-CERT program benefits organizations of all sizes in different ways, the resources provided are designed specifically for under-resourced organizations,” Cappelli said. “Larger organizations will still benefit from best practices information and vulnerability disclosures, but perhaps a more significant benefit for them is that their under-resourced suppliers who participate in OT-CERT will be better positioned to defend themselves against threats including ransomware. This will help protect larger organizations’ supply chains and help assure that technology integrations with their smaller suppliers are more secure,” she added. 

“We do hope that large organizations with small and medium suppliers with OT environments point their suppliers to the Dragos OT-CERT so that they can improve their own security posture,” Cappelli added.

Partnerships are critical to the success of OT-CERT, enriching the impact on the ICS/OT community. By sharing information and resources to meet the community’s needs, Dragos said that it is ‘empowered to bring a more collective awareness to OT cybersecurity issues.’

OT-CERT will work with partners to host regional workshops, focusing on engaging plant managers, engineers, security, and IT personnel. Workshops can be jointly branded and customized to meet partner needs. By establishing and emphasizing community relationships together, the portal provides an opportunity to build and cultivate a trusted advisor relationship, helping underserved companies and the ICS/OT community protect themselves for long term industry impact.

The initiative will also coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers and cyber threats detected by Dragos targeted at the OEMs’ products. OEM partnerships are critical to coordinated vulnerability disclosures and effective threat responses to protect and support industrial infrastructure in the escalating cyber threat environment. 

“OT-CERT is building relationships with OEMs so that when the Dragos threat intelligence team discovers or becomes aware of a threat against an OEM or a vulnerability in their product, we have established mechanisms and points of contact to coordinate as quickly as possible,” Cappelli said. “Time is of the essence in collaborating in these types of situations,” she added.

In launching the initiative, Dragos has partnered with the National Association of Manufacturers, which represents 14,000 manufacturing companies in every industrial sector and supports them by focusing on cyber threat identification and proactive security practices critical to making the entire supply chain more secure.

“The National Association of Manufacturers is deeply committed to supporting its members as they navigate the challenges and opportunities that arise from digital transformation and Manufacturing 4.0, and it’s critical that their OT security remain paramount as they undertake this evolution,” Todd Boppell, chief operating officer at the National Association of Manufacturers (NAM), said in a media statement. 

“Of the National Association of Manufacturers’ 14,000 member companies, 90 percent are small and medium-sized manufacturers that often lack the kind of resources and OT cybersecurity teams that larger organizations have,” Boppell said. “Dragos OT-CERT is the first community-focused resource of its kind to provide practical solutions to this often under-served community.”

“Industrial Infrastructure organizations, and the services they provide, impact all of our lives, and the operational technologies that underpin these organizations are under attack now more than ever before,” Michael Lester, director of cybersecurity strategy, governance and architecture for Emerson’s Automation Solutions business, said. “We’re eager to work with Dragos OT-CERT in its mission to protect OT infrastructure by partnering on threat and vulnerability discovery and mitigation as well as assets for resource-constrained organizations.”

“As the cyber threat environment escalates and cyberattacks increasingly impact industrial infrastructure, we’re excited to team with Dragos OT-CERT to bring greater awareness to the risks to the ICS/OT community and the need for OT cybersecurity,” Tony Baker, chief product security officer at Rockwell Automation said. “This free resource comes at just the right time, and the OEM collaboration will help enable effective threat response and coordinated vulnerability research.”

The application for membership to Dragos OT-CERT program can be made by filling out the registration form on the company website. First, applications are reviewed to confirm whether applicants are OT asset owners or operators. Once approved, members will receive a welcome email with instructions on accessing the OT-CERT portal, which launches in July. 

“We’ll be rolling out some exciting resources to help you get started, like an OT Cybersecurity Maturity Assessment to help you assess how well your organization is covering the OT cybersecurity basis, and a toolkit that features an Asset Management guide, training, and template for gathering your asset inventory,” Dragos said.

Last October, Dragos announced that it had raised US$200 million in Series D funding at a valuation of $1.7 billion, reflecting increasing demand for OT cyber security techniques and solutions. The investment comes as industrial cyberattacks continue to rise, highlighting that OT cyber security is different and needs a different approach.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.