Image: NiK0StudeO/stock.adobe.com

Cybersecurity expert Dawn Cappelli returns from retirement to lead Dragos’ OT-CERT initiative, poised to empower manufacturers with critical OT/ICS security resources and guidance.

Dragos is a cybersecurity company focused on safeguarding critical industrial infrastructure, particularly operational technology (OT) systems.

With real-world experience handling landmark OT attacks, Dragos understands the complexity of industrial operations.

The Dragos Platform provides visibility and monitoring of OT environments for asset identification, vulnerability management, and threat detection with continuous insights generated by the industry’s most experienced OT threat intelligence and services team.

It discovers and monitors OT, IT, IoT, and IIoT assets within the OT environment and integrates with IT security infrastructure.

Dawn Cappelli, director of OT-CERT (Operational Technology – Cyber Emergency Readiness Team) at Dragos, returned from retirement to help with that mission, and is heading to Australia to spread awareness about some of Dragos’ latest programs.

“Our mission is to safeguard civilisation, and some might say that sounds a bit corny, but we take it very seriously,” said Cappelli.

“We also recognise that small and medium organisations often lack the resources, funding, or expertise to secure their industrial infrastructure.

“Yet, these organisations are essential for our livelihoods, well-being, and the stability of our civilisation.”

The program

Dragos offers the OT-CERT (Operational Technology Cyber Emergency Readiness Team) program, which provides free resources to help small- and medium-sized organisations build and improve OT cybersecurity programs.

“I believe there are so many organisations, especially in Australia, that could benefit from these free resources but simply aren’t aware of them,” said Cappelli.

The program includes over 50 resources, such as toolkits, templates, demonstration videos, and tabletop exercises for OT ransomware.

Cappelli, who previously worked as the chief information security officer at Rockwell Automation, explained that Dragos approached her with the idea of creating OT-CERT, and the rest was history.

“I actually came out of retirement for this,” she said.

“After retiring from Rockwell in February 2022, Dragos approached me with the idea of creating OT-CERT, and I couldn’t resist.”

Cappelli said that these resources are sector-agnostic, allowing organisations from various industries to benefit from them.

OT-CERT is aimed at helping organisations secure their industrial environments, especially those that lack the resources, money, or expertise.

Despite targeting smaller organisations, large companies also find the resources valuable.

Dragos’ goal is to equip organisations with practical guidance on how to protect themselves from various cyber threats, such as ransomware and state-sponsored attacks.

The program reflects Dragos’ mission of “safeguarding civilisation” by supporting critical infrastructure across the globe.

“Our platform is specifically designed for industrial environments, tailored to their unique protocols,” said Cappelli.

“We know exactly what to look for in those settings.”

The risks

The cybersecurity landscape has been reshaped in recent years by escalating geopolitical conflicts and evolving cyber threats.

Increasing global tensions, exemplified by the Ukraine-Russia conflict and the Israel-Hamas war, have led to a surge in cyberattacks.

“This increased volatility has led to a growing number of attacks on critical infrastructure sectors, such as water, heating, gas, and power,” said Cappelli.

Once known for relatively simple attacks, hacktivist groups have partnered with state actors to execute more sophisticated and damaging operations.

“Previously, state actors were cautious about impacting critical infrastructure, but this line has increasingly been crossed,” said Cappelli.

“We now see both state actors and hacktivist groups targeting these vital systems.

“For instance, the CyberAveng3rs, linked to the Iranian government, and the Cyber Army of Russia Reborn, affiliated with Russia, are now executing more sophisticated attacks on water utilities.”

Ransomware attacks are also on the rise, with industrial organisations becoming prime targets.

The complexity and disruption caused by these attacks make such organisations more likely to pay ransoms, further fuelling the growth of ransomware activity.

“Industrial organisations are particularly vulnerable due to their complex recovery processes, making them more likely to pay ransoms,” said Cappelli.

In this heightened threat environment, Dragos’ Platform, services, and threat intelligence, as well as the OT-CERT program can be a vital resource among manufacturers.

Cappelli explained that as the threat landscape continues to evolve, understanding and addressing these risks is more critical than ever.

“To confront these escalating threats, Dragos delivers OT-CERT resources that offer essential, sector-agnostic tools for safeguarding any organisation,” she said.

A Dragos’ success story

The interconnected global supply chain amplifies cybersecurity risks, as a single compromised component can affect numerous devices and systems across various manufacturers.

The latest Dragos Year in Review highlights a nearly 50 per cent increase in ransomware attacks on the manufacturing sector in 2023, underscoring the financial and operational impacts.

The report stresses the need for strict network segmentation, improved security protocols, and a collaborative approach to cybersecurity to address these evolving threats.

The Boston Beer Company, renowned for its iconic brands like Samuel Adams and Angry Orchard, has modernised its cybersecurity strategy with the help of Dragos.

In response to rising cyber threats and the need for robust protection of its four US breweries, Boston Beer embarked on an IT and OT cybersecurity upgrade led by CISO Brandon Catalan.

“We’re not just a beer company, we’re a manufacturing company. If we lose the ability to brew, bottle, and can, then we’re out of business,” said Catalan.

The company chose Dragos for its superior OT-native cybersecurity platform, praised for its comprehensive features, including asset visibility, vulnerability management, and intelligence-driven threat detection.

“The executive leadership team asked me what I needed. I pointed at Dragos and said, ‘I need this’,” said Catalan.

“When you really want to make a difference and you’re not willing to gamble, you go with the Cadillac. That is Dragos.”

This platform has since helped Boston Beer manage and secure its OT systems against sophisticated cyber threats, which in-turn, has given the company operational security.

How is this achieved?

Specifically, the platform automates the identification, management, and monitoring of all OT, IT, IoT, and IIoT assets using data from over 600 protocols, network data, and logs for enhanced security and operational efficiency.

It provides unique, enriched, and prioritised guidance for managing vulnerabilities throughout their lifecycle, focusing on high-priority issues to reduce risk, minimise downtime, and efficiently allocate resources.

“The platform categorises vulnerabilities based on their criticality. Vulnerabilities categorised as ‘Now’ in the Platform are actively exploited and need urgent attention,” said Cappelli.

“‘Next’ vulnerabilities are serious but can be addressed during scheduled maintenance.

‘Never’ vulnerabilities are rarely exploited and pose minimal risk.

“This categorisation helps users focus on the most critical issues, saving time and reducing headaches.”

Additionally, the program can detect and analyse malicious activity in ICS/OT networks with precision.

“We know what the behavioural patterns of various threats look like, including how different threat actors infiltrate and compromise industrial environments,” said Cappelli.

“We incorporate this knowledge into our platform to detect such threats and notify our customers.”

The platform ultimately assists in pinpointing the root causes of operational problems, managing assets with up-to-date network schematics, and resolving operational challenges.

“When we acquired breweries, we integrated their legacy networks into our legacy network, and we had very little documentation of asset inventories and network designs,” said Catalan.

“Once we got the Dragos Platform up and running, we got a better picture of what our networks actually looked like.

“Our 30,000-foot view came into focus, and we could see where we needed to make changes. Before Dragos, it was guessing at best.”

Eventually, Boston Beer successfully aligned IT and OT teams, leadership, and the board on the critical need for securing OT environments.

The company achieved a 15 per cent year-over-year reduction in cybersecurity insurance premiums and realised a 100 per cent return on investment within the first year of a five-year commitment.

As cyber threats continue to evolve, Dragos’ OT-CERT program offers manufacturers resources and guidance to enhance their cybersecurity.

The program has demonstrated effectiveness in real-world applications, such as with the Boston Beer Company, showcasing its potential to strengthen operational security.

By providing tools and expertise tailored to industrial environments, Dragos aims to support organisations in addressing their cybersecurity needs.