I received this news late last week, Tuesday, July 19, Dragos and Emerson announced a partnership to strengthen ICS/OT cybersecurity and protect the critical infrastructure of industrial processes at the plant floor.
Emerson is a major industrial control system and software supplier while Dragos provides cybersecurity solutions above the device level. Emerson’s representatives typically interact with a company’s operation technology (OT) personnel. Dragos representatives forge close ties with the CISO team or other IT-oriented functions.
Why does this partnership make sense? I talked with Dan Schaffer, Dragos Sr. Business Development Manager, to gain an insight.
He told me OEMs have close ties to the operation technology side of a company, while cybersecurity companies maintain close ties to parts of the IT side. While most companies have succeeded in fostering environments bringing the two groups together, OT and IT inevitably have different pain points. Bringing a partnership of OEM and Security companies to the conversation adds value to the customer.
Schaffer pointed to an earlier partnership between the two companies through the Ovation water/wastewater business. This partnership adds DeltaV to the mix greatly expanding markets that can be served. Having Dragos validated on DeltaV provides more confidence for customers.
The partnership, among other things, includes a deep technology integration that will improve threat detection and response across the entire industrial OT environment and add Dragos Platform capabilities hyper-focused on DeltaV DCS-specific ICS networks.
This from the press release:
With this agreement expansion, Emerson has validated the Dragos Platform within its DeltaVTM distributed control system (DCS) providing organizations with greatly enhanced ICS/OT cybersecurity. This extended agreement builds on the initial global agreement between Dragos and Emerson to protect industrial control systems and operational technologies for power producers and water utilities to now include organizations in dozens of industries including oil and gas, chemical, petrochemical, food and beverage, pharmaceutical, pulp and paper, metals and mining, and others.
Emerson has agreements with cybersecurity companies at the end point. Here is a description of what this partnership brings.
The Dragos OT Security Platform is focused on reducing cyber risk to industrial environments. It provides visibility into assets and vulnerabilities, detects cyber threats to industrial systems, and enables efficient response through forensic investigation and OT-specific playbooks.
Speaking of those playbooks—Schaffer mentioned them in our conversation. They reminded me of descriptions within the book The Checklist Manifesto: How to Get Things Right by Atul Gawande. Indeed, there are similarities. They are similar to the books pilots of commercial airlines refer to in emergencies to remember critical steps for recovering control. Operators seldom see cyber attacks. When they do, such a guide would be invaluable.