Dragos and Emerson Continue to Fortify Industrial OT and ICS with Enhanced Cybersecurity

Dragos Inc. is a world-leading industrial cybersecurity company that serves to protect the world’s critical infrastructures from cyber threats targeting operational technology (OT) and industrial control systems (ICS). They aim to help industries in water utilities, power systems, oil and gas, food and beverage, and pharmaceuticals.

On July 19, 2022, the company announced the expansion of its global agreement with Fortune 500 Company, Emerson. Under this expanded agreement, enhanced ICS/OT cybersecurity will not only be provided to water utilities and power producers, but to organizations in other industries as well.

 

Dragos and Emerson are expanding their agreement that began in 2019 which focused on cybersecurity for industries in power and water. Image used courtesy of Emerson

 

Industrial Cybersecurity

Key areas of industry such as manufacturing, construction, and utilities, are becoming more connected. Increased connectivity means that there is also an increased vulnerability with a particular focus on the potential for cyber attacks. These attacks can disrupt production, cause safety hazards, and even lead to injuries or fatalities. Effective cybersecurity is important because it protects a company’s assets, intellectual property, and customer data. It can also prevent potentially life-threatening accidents from taking place.

 

Cyber attacks can be detrimental to manufacturers, causing failure systems and downtime, such as the WannaCry Ransomware Attack experienced by the Renault–Nissan–Mitsubishi Alliance in 2017. Image used courtesy of Renault

 

Cyber Attacks Disrupt Manufacturing

In 2017, automotive manufacturer Renault-Nissan-Mitsubishi Alliance fell prey to a global cyberattack involving the WannaCry ransomware. This is a crypto-ransomware worm that targets Windows PCs. The worm can spread from one computer to the next across networks and encrypt important files. The hackers then demand a Bitcoin ransom for the files. The WannaCry ransomware attack caused the alliance to stop production across five plants located in Slovenia, England, Romania, France, and India. 

 

With the increase of automation in varying industries, such as autonomous robots like the Aethon TUG used in healthcare, increased cybersecurity is crucial. Image used courtesy of Aethon

 

Vulnerabilities in Automation

In a blog post by cybersecurity specialist, Cynerio, the company unveiled the startling possibility of controlling Aethon TUG smart autonomous robots designed to help execute healthcare-related duties. Cynerio discovered five zero-day vulnerabilities (known together as JekyllBot:5) that hackers could have used to take over system control. The hackers could have gained access to device data and real-time camera feeds. Additionally, hackers could have physically controlled the Aethon TUG bots to cause all kinds of havoc.

 

Emerson and Dragos Global Agreement

Together, Dragos and Emerson wish to prevent the occurrence of cybersecurity attacks industry-wide. Back in 2019, the duo signed an agreement whereby Emerson planned to integrate aspects of the Dragos Platform into its Ovation automation platform and Power and Water Cybersecurity Suite.

In a conversation with Control Automation, Dragos’ Senior Business Development Manager, Dan Schaffer, explained that “the initial collaboration focused on: 1. Emerson validating Dragos Platform functionality in working with and protecting the Ovation DCS environment; 2. Integrating into the Ovation PWCS (Power & Water Cybersecurity Suite) offering; 3. Working together to ensure the Dragos Platform had broad and deep visibility into all assets and traffic on the Ovation system.”

The Dragos platform provides vulnerability management, threat detection, comprehensive asset visibility, community-wide insights, and guided response.

“The Dragos Platform helps teams improve reliability and resiliency, which in turn ensures uptime within the operation. Control engineers need to keep the process running, a good cybersecurity posture is a huge support to that goal,” Schaffer said.
 

Dragos and Emersons' expanded agreement expands industrial cybersecurity. Video used courtesy of Dragos

 

DeltaV Distributed Control System (DCS)

Under the expanded agreement between Emerson and Dragos, the former company validated Dragos’ platform within its DeltaV distributed control system (DCS). Dragos is also implementing some of the platform-specific capabilities of Emerson’s DeltaV DCS into its platform. This includes investigation playbooks, asset characterization, threat behavior analytics, and protocol dissectors.

Building upon the 2019 agreement, the latest agreement stretches “beyond ovation/power and water business to the DeltaV DCS system and the Process Systems and Solutions business unit. This means it exposes a much larger group of asset owners from a much larger number of verticals (oil and gas, chemical, pharmaceutical, etc.) to a powerful way to improve OT visibility, detect and respond to cyber threats, and manage and mitigate vulnerabilities,” Schaffer explained.

The expanded agreement is expected to bring Emerson and Dragos customers several benefits:

• Enhanced threat identification and response for industrial OT systems

• Educational resources (in the form of webinars, whitepapers, and more) from Dragos and Emerson to help inform cybersecurity threat defenders

• Greater visibility of assets with the ability to monitor, track, and manage vulnerability

• Tailored investigation playbooks to improve response times and mitigate threats

• Access to a broad range of OT cybersecurity services across Emerson’s global services network for process industries

Schaffer concluded that the expanded agreement between Dragos and Emerson will help provide businesses with more reliable and robust cybersecurity to continue on their digital transformation journeys towards Industry 4.0.