On Tuesday, manufacturing and critical infrastructure companies and security firm Dragos Inc launched a group to offer cyber threat intelligence and protection tools for small and medium-sized firms, particularly vulnerable to hackers.
Technology Cyber Emergency Readiness Team, the OT-CERT, will follow the lead of other CERTs in offering free assessments, suggestions, and other cybersecurity tools online. Dragos is a threat intelligence and tool supplier for tech companies.
While many cybersecurity resources exist for small and medium-sized businesses’ information technology systems, Dawn Cappelli, Director of the OT-CERT, claims few are available to provide in-depth knowledge of cyber risks affecting operational technology, such as power stations, water treatment machines, and factory-floor devices.
Attacks on large industrial corporations, like those in 2021 at gas transporter Colonial Pipeline Co. and meatpacker JBS USA Holdings Inc., might give smaller businesses the misleading sense that they are on hackers’ radar, according to Cappelli.
“At the same time, many of them believe that a hack will never happen to them,” she explained. She highlighted a hacker who temporarily upped the quantity of lye used to purify water at a water treatment plant in Oldsmar, Fla., to an unsafe level last year. Thankfully, the team reversed the modification before it caused any harm.
OT-CERT is accepting applications this month, and its tools and workshops will be accessible in July, according to Dragos.
The founding partners are the National Association of Manufacturers, Rockwell Automation Inc., Emerson Electric Co., and information exchange and analysis centers in the power, oil and gas, downstream natural gas, and water sectors.
The purpose of OT-CERT is to improve the safety of the broader industrial supply chain by strengthening cybersecurity at firms that can’t afford it on their own, said Todd Boppell, chief operating officer of the National Association of Manufacturers.
According to him, small and medium-sized businesses make up around 90% of the trade group’s 14,000 members. Boppell explained that while NAM provides cyber tools, they are primarily geared at defending IT systems.
He explained that collaborating with OT-CERT will allow his organization to handle a growing issue, noting that “on the OT side, this is an area that many people don’t understand well. The bad people are focusing their efforts on it.”
Cyberattacks are Increasingly Targeting SMEs
According to ABI Research, which tracks technology investment, global cybersecurity spending in industrial critical infrastructure sectors is predicted to hit 23 billion USD by the end of the year and top 36 billion USD by 2027.
The federal Cybersecurity and Infrastructure Security Agency had issued warnings about potential exploits after a series of recent attacks targeted at specific machinery sectors like electrical and medical.
According to Cappelli, who served as Rockwell Automation’s top information security officer for six years until April, cyberattacks are increasingly targeting small and medium-sized suppliers, putting their large clients at risk if malware spreads or related activities are affected.
She added that ransomware and other breaches could even take suppliers down, delaying goods shipments. As a result, security chiefs have increased risk assessments of smaller business partners in recent years.