In early 2021, Dragos began conducting a series of assessments to evaluate the overall cybersecurity maturity of the operational technology (OT) environment for several leased datacenters (LDCs). Dragos chose to use the Cybersecurity Maturity Model Certification (CMMC), published in 2020, as a foundation for a series of benchmarking assessments.
Dragos conducted assessments for 12 different LDCs, covering a total of 16 different regions. Dragos does not purport the information presented here to be a complete and thorough evaluation of all types of datacenters. This report only discusses some broad trends that were visible after looking across the group of LDCs assessed.
During these assessments, Dragos found recurring trends in the vulnerabilities found in the LDCs. This report discusses some of those trends and how Dragos is using the experience gained to improve our processes. We discuss how we adapted the CMMC methodology to accommodate the requirements of operational technology (OT) environments with recommendations for the future.