Events , Governance & Risk Management , Operational Technology (OT)
OT-CERT: Enabling SMBs to Address Cybersecurity Risks
Dawn Cappelli, Head of OT-CERT at Dragos, on Training 'Non-IT' People on SecurityWith an ever-expanding threat landscape, organizations need to possess the right tools and knowledge to deal with cyberattacks. Dawn Cappelli, head of OT-CERT at Dragos, recommends educating and training small and medium-sized businesses that are just starting their operation technology, cybersecurity and industrial control system security journey.
See Also: Why the Future of Security Is Identity
Small and medium-sized companies can't afford security staff, and yet they're part of our critical infrastructure across the world, she said. They need the resources and appropriate training to protect themselves against advancing threats. OT-CERT, Cappelli said, offers free resources to "non-cybersecurity and non-IT" people through training videos, monthly best practice sessions and Zoom meetings. CERT's mission, she said, is to "tell them exactly what to do."
"We built OT-CERT, got the processes and road map in place. We started monthly working group sessions because I feel like this is scary to people. So, any member of OT-CERT can join in the Zoom meeting and ask questions. You can talk to other members that are doing the same thing you are," she said. "My real goal is working with the larger companies, my fellow CISOs out there, and getting them to push this down to their suppliers. Because that, I think, is the best way of getting it down to get their attention."
In this video interview with Information Security Media Group at RSA Conference 2023, Cappelli also discusses:
- How OT-CERT is different than academia;
- How OT-CERT has expanded;
- Why the OT threat landscape has expanded and what organizations should do.
Cappelli provides free resources to help small and medium-sized businesses address cybersecurity risks in industrial infrastructure. In a career spanning more than 20 years, she has worked with global industry, government and intelligence leaders on cybersecurity issues.