Podcast Summary: Data Security Decoded

Episode: Ransomware, Remote Access, and the OT Reality Check
Host: Caleb Tolan
Guest: Dawn Capelli, Director of OT CERT at Dragos
Date: January 6, 2026

Episode Overview

This episode explores the rapidly evolving threat landscape facing Operational Technology (OT) environments, especially in the context of global geopolitical tensions and the increasing sophistication of attacks such as ransomware. Host Caleb Tolan is joined by Dawn Capelli, Director of OT CERT at Dragos, who draws on her extensive experience to delve into real-world risks, unique OT challenges versus IT, and actionable steps for organizations to build stronger cyber-resilience.

Key Discussion Points & Insights

1. Introduction & Background ([00:50]–[05:49])

Dawn Capelli’s journey:
- Started as a software engineer programming nuclear power plants (OT context)
- Shifted focus to cybersecurity and insider threats at CERT/Carnegie Mellon
- Led the creation of the CERT Insider Threat Center
- Became CISO at Rockwell Automation, focusing on insider risk, especially in OT product development
- Currently Director at Dragos OT CERT, focusing on sharing practical, free OT security resources
Defining OT:
- OT (Operational Technology) = Where the “electronic meets the physical”: industrial environments like factories, critical infrastructure
- “Critical infrastructure depends on OT, because critical infrastructure produces physical results.” — Dawn Capelli ([03:18])

2. The Changing Threat Environment for OT ([08:51]–[12:51])

Geopolitical Shifts: “The Gloves are Off”
- Before 2022, state actors generally held back from attacking critical infrastructure in other countries due to risk of escalation
- The Russia-Ukraine war shattered this norm, with both sides (and others) launching cyber attacks against critical infrastructure
- "Next thing you know, there are cyber attacks against NATO critical infrastructure…" — Dawn Capelli ([09:45])
Hacktivist-State Actor Alliances
- Emergence of hacktivist groups now equipped by state actors, using advanced tools and tactics but allowing states plausible deniability
- Examples: Cyber Avengers (aligned with Iran); Russian groups linked to Kremlin; both escalating attacks on water, power, manufacturing
- “That has dramatically increased the risk to critical infrastructure around the world.” — Dawn Capelli ([11:44])

3. OT Threats vs. IT Threats & Common Attack Vectors ([13:29]–[17:23])

Unique OT Considerations
- OT is more vulnerable due to legacy systems, lack of visibility, safety risks, and different patching constraints
SANS Five Critical Controls for ICS Security
Dawn explains how most real-world OT incidents could be mitigated by these controls:
1. ICS incident response plan & tabletop exercises: Prepares organizations by simulating attacks
2. Secure remote access: Many attacks exploit insecure remote access, especially rushed deployments post-COVID
3. Defensible architecture: Segregate IT and OT, prevent lateral movement (e.g., ransomware starts in IT via phishing, then moves to OT)
4. Risk-based vulnerability management: OT patching is less frequent, but some vulnerabilities can’t wait; requires prioritization
5. Visibility and monitoring: Unlike IT, OT environments often lack basic monitoring
- "Imagine running an IT environment without any monitoring capability… but in OT, it’s very common." — Dawn Capelli ([16:39])

4. Ransomware in OT: Trends and Impact ([17:23]–[19:22])

Ransomware Escalation
- Ransomware incidents doubling year over year in OT, particularly targeting manufacturing and critical infrastructure because recoveries are complex and these organizations are more likely to pay
- “If you think, oh, this won’t happen to me, we just manufacture food, crackers, cookies—no, they will go after you because they know that you will pay if they attack you.” — Dawn Capelli ([18:31])
Combatting Ransomware:
- Adhering to SANS five controls is institutionally effective for ransomware and broader threats

5. The OT-AI Frontier: Promise and Peril ([19:22]–[21:28])

Potential & Risks of Agentic AI in OT
- Lack of historical data/maturity in OT makes widespread adoption of autonomous AI risky
- Dragos leverages data to help overcome the OT talent shortage—but full autonomy is far off
- "Please don't let the AI take over in the plant. OT is not like IT. If you do one thing wrong, you could have safety issues, you could shut down the plant, you could have quality issues.” — Dawn Capelli ([21:14])

6. Building a Resilient Ecosystem: Dragos OT CERT & Community Defense ([21:38]–[25:12])

Free, Practical Resources for OT Security
- OT CERT offers extensive, free resources: guides, templates, demo videos, and tabletop exercises
- Emphasis on inclusivity: “Any organization with an OT environment anywhere in the world is welcome to join.” ([21:46])
- Encouragement to engage supply chain partners and small utilities, the critical ‘weak links’ in infrastructure resilience
Community Defense Program
- For small US/Canada utilities: free Dragos platform access, monthly meetings for sharing and support
- “It’s my favorite day of the month…all in there working together and helping each other, sharing lessons learned. It’s a great community.” — Dawn Capelli ([24:32])

Notable Quotes & Memorable Moments

On the escalation of cyberwarfare:
“First of all, the gloves are off. And so the threat environment has escalated.”
— Dawn Capelli ([09:46])
On the OT/IT security gap:
“OT security in general is behind IT security by decades.”
— Dawn Capelli ([20:25])
On AI in OT:
“Please don't let the AI take over in the plant. OT is not like IT.”
— Dawn Capelli ([21:14])
On ecosystem participation:
“It’s imperative that we all look out for each other right now... urge your supply chain, urge your critical infrastructure providers to also join OT cert.”
— Dawn Capelli ([22:54])

Key Timestamps

OT definition & Dawn’s career journey: [03:13]–[05:49]
Geopolitical escalation & hacktivist risks: [08:51]–[12:51]
SANS 5 critical controls for OT: [13:29]–[17:23]
Ransomware’s growth and targeting of OT: [17:36]–[19:22]
Risks and reality of AI in OT: [19:49]–[21:28]
Community & practical resources for OT security: [21:38]–[25:12]

Conclusion

This episode offers a rare blend of high-level threat analysis and practical, actionable guidance for OT practitioners. Dawn Capelli provides firsthand insight into today’s “all gloves off” threat landscape—where geopolitics, ransomware, and hacktivism converge on critical infrastructure—and shares both the controls proven to make a difference and the growing ecosystem of free support offered through Dragos OT CERT and Community Defense initiatives.

To join Dragos OT CERT or access these resources:
[Visit Dragos OT-CERT (searchable via Google)]
Membership is open and encouraged for any organization with OT environments globally.
Free resources, guides, and ongoing community support are available.

Podcast Summary: Data Security Decoded

Episode: Ransomware, Remote Access, and the OT Reality Check
Host: Caleb Tolan
Guest: Dawn Capelli, Director of OT CERT at Dragos
Date: January 6, 2026

Episode Overview

Key Discussion Points & Insights

1. Introduction & Background ([00:50]–[05:49])

Dawn Capelli’s journey:
- Started as a software engineer programming nuclear power plants (OT context)
- Shifted focus to cybersecurity and insider threats at CERT/Carnegie Mellon
- Led the creation of the CERT Insider Threat Center
- Became CISO at Rockwell Automation, focusing on insider risk, especially in OT product development
- Currently Director at Dragos OT CERT, focusing on sharing practical, free OT security resources
Defining OT:
- OT (Operational Technology) = Where the “electronic meets the physical”: industrial environments like factories, critical infrastructure
- “Critical infrastructure depends on OT, because critical infrastructure produces physical results.” — Dawn Capelli ([03:18])

2. The Changing Threat Environment for OT ([08:51]–[12:51])

Geopolitical Shifts: “The Gloves are Off”
- Before 2022, state actors generally held back from attacking critical infrastructure in other countries due to risk of escalation
- The Russia-Ukraine war shattered this norm, with both sides (and others) launching cyber attacks against critical infrastructure
- "Next thing you know, there are cyber attacks against NATO critical infrastructure…" — Dawn Capelli ([09:45])
Hacktivist-State Actor Alliances
- Emergence of hacktivist groups now equipped by state actors, using advanced tools and tactics but allowing states plausible deniability
- Examples: Cyber Avengers (aligned with Iran); Russian groups linked to Kremlin; both escalating attacks on water, power, manufacturing
- “That has dramatically increased the risk to critical infrastructure around the world.” — Dawn Capelli ([11:44])

3. OT Threats vs. IT Threats & Common Attack Vectors ([13:29]–[17:23])

Unique OT Considerations
- OT is more vulnerable due to legacy systems, lack of visibility, safety risks, and different patching constraints
SANS Five Critical Controls for ICS Security
Dawn explains how most real-world OT incidents could be mitigated by these controls:
1. ICS incident response plan & tabletop exercises: Prepares organizations by simulating attacks
2. Secure remote access: Many attacks exploit insecure remote access, especially rushed deployments post-COVID
3. Defensible architecture: Segregate IT and OT, prevent lateral movement (e.g., ransomware starts in IT via phishing, then moves to OT)
4. Risk-based vulnerability management: OT patching is less frequent, but some vulnerabilities can’t wait; requires prioritization
5. Visibility and monitoring: Unlike IT, OT environments often lack basic monitoring
- "Imagine running an IT environment without any monitoring capability… but in OT, it’s very common." — Dawn Capelli ([16:39])

4. Ransomware in OT: Trends and Impact ([17:23]–[19:22])

Ransomware Escalation
- Ransomware incidents doubling year over year in OT, particularly targeting manufacturing and critical infrastructure because recoveries are complex and these organizations are more likely to pay
- “If you think, oh, this won’t happen to me, we just manufacture food, crackers, cookies—no, they will go after you because they know that you will pay if they attack you.” — Dawn Capelli ([18:31])
Combatting Ransomware:
- Adhering to SANS five controls is institutionally effective for ransomware and broader threats

5. The OT-AI Frontier: Promise and Peril ([19:22]–[21:28])

Potential & Risks of Agentic AI in OT
- Lack of historical data/maturity in OT makes widespread adoption of autonomous AI risky
- Dragos leverages data to help overcome the OT talent shortage—but full autonomy is far off
- "Please don't let the AI take over in the plant. OT is not like IT. If you do one thing wrong, you could have safety issues, you could shut down the plant, you could have quality issues.” — Dawn Capelli ([21:14])

6. Building a Resilient Ecosystem: Dragos OT CERT & Community Defense ([21:38]–[25:12])

Free, Practical Resources for OT Security
- OT CERT offers extensive, free resources: guides, templates, demo videos, and tabletop exercises
- Emphasis on inclusivity: “Any organization with an OT environment anywhere in the world is welcome to join.” ([21:46])
- Encouragement to engage supply chain partners and small utilities, the critical ‘weak links’ in infrastructure resilience
Community Defense Program
- For small US/Canada utilities: free Dragos platform access, monthly meetings for sharing and support
- “It’s my favorite day of the month…all in there working together and helping each other, sharing lessons learned. It’s a great community.” — Dawn Capelli ([24:32])

Notable Quotes & Memorable Moments

On the escalation of cyberwarfare:
“First of all, the gloves are off. And so the threat environment has escalated.”
— Dawn Capelli ([09:46])
On the OT/IT security gap:
“OT security in general is behind IT security by decades.”
— Dawn Capelli ([20:25])
On AI in OT:
“Please don't let the AI take over in the plant. OT is not like IT.”
— Dawn Capelli ([21:14])
On ecosystem participation:
“It’s imperative that we all look out for each other right now... urge your supply chain, urge your critical infrastructure providers to also join OT cert.”
— Dawn Capelli ([22:54])

Key Timestamps

OT definition & Dawn’s career journey: [03:13]–[05:49]
Geopolitical escalation & hacktivist risks: [08:51]–[12:51]
SANS 5 critical controls for OT: [13:29]–[17:23]
Ransomware’s growth and targeting of OT: [17:36]–[19:22]
Risks and reality of AI in OT: [19:49]–[21:28]
Community & practical resources for OT security: [21:38]–[25:12]

wavePod

Ransomware, Remote Access, and the OT Reality Check

Powered by Wave AI

Summary

Podcast Summary: Data Security Decoded

Episode Overview

Key Discussion Points & Insights

1. Introduction & Background ([00:50]–[05:49])

2. The Changing Threat Environment for OT ([08:51]–[12:51])

3. OT Threats vs. IT Threats & Common Attack Vectors ([13:29]–[17:23])

4. Ransomware in OT: Trends and Impact ([17:23]–[19:22])

5. The OT-AI Frontier: Promise and Peril ([19:22]–[21:28])

6. Building a Resilient Ecosystem: Dragos OT CERT & Community Defense ([21:38]–[25:12])

Notable Quotes & Memorable Moments

Key Timestamps

Conclusion

Summary

Podcast Summary: Data Security Decoded

Episode Overview

Key Discussion Points & Insights

1. Introduction & Background ([00:50]–[05:49])

2. The Changing Threat Environment for OT ([08:51]–[12:51])

3. OT Threats vs. IT Threats & Common Attack Vectors ([13:29]–[17:23])

4. Ransomware in OT: Trends and Impact ([17:23]–[19:22])

5. The OT-AI Frontier: Promise and Peril ([19:22]–[21:28])

6. Building a Resilient Ecosystem: Dragos OT CERT & Community Defense ([21:38]–[25:12])

Notable Quotes & Memorable Moments

Key Timestamps

Conclusion