Dragos Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). As a CNA, Dragos is authorized to assign CVE IDs to newly discovered vulnerabilities and publicly disclose information about these vulnerabilities through CVE Records. This includes assigning CVE IDs to vulnerabilities found in the company’s own products as well as any third-party products not covered by another CNA that Dragos finds through its ongoing research to help organizations protect their ICS/OT systems.
“Vulnerabilities are already incorporated into the Dragos Platform, but the CNA designation will enhance our ability to quickly, clearly, and accurately communicate vulnerability information to the broader industrial community. ”
As cyber threats to critical infrastructure and industrial organizations increase, it is critical that ICS/OT vulnerabilities are identified, assigned, and published consistently to the CVE List. The addition of Dragos’s as a CNA will support the industrial community in getting the timely, accurate, and actionable information they need.
Also Read: Nabr Network Delivers New Community Engagement and Business Optimization Enhancements
“Dragos has the largest and most experienced team of OT threat hunters, researchers, and analysts in the world,” said Ben Miller, vice president of services at Dragos. “Vulnerabilities are already incorporated into the Dragos Platform, but the CNA designation will enhance our ability to quickly, clearly, and accurately communicate vulnerability information to the broader industrial community.
Dragos’s OT-CERT (Operational Technology-Cyber Emergency Readiness Team)—a free cybersecurity resource for industrial asset owners and operators designed to address the OT resource gap that exists in industrial infrastructure—will coordinate with original equipment manufacturers (OEMs) regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos’s targeted at the OEMs’ products. OEM partnerships are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure in the escalating cyber threat environment. Newly assigned CVE IDs and corrections to existing inaccurate or incomplete CVE records will be publicly disclosed through OT-CERT in accordance with Dragos’s Vulnerabilities Policy.