.svg){kind=spacer}
May 24, 2026
In brief
The article discusses a LinkedIn request by Dragos’ Head of OT CERT, Dawn Cappelli, asking for real-world operational technology insider-threat cases involving current or former employees, contractors, or third parties. Joe Weiss argues that the request is surprising because Dragos has published OT cyber incident reports for years, yet now appears to be seeking examples of insider-related OT incidents for a new informal study. He frames insider threats broadly, including both intentional and accidental actions that can affect operations, information security, or industrial systems.
Weiss emphasizes that control-system cyber incidents are often underreported or not publicly labeled as cyber-related, even when they involve electronic communications that affect confidentiality, integrity, or availability. He states that he has collected a large private database of control-system cyber incidents over decades, including malicious and unintentional insider cases with significant impacts across sectors. However, he says he will not provide this information to Dragos for free, arguing that such incident data has substantial value and questioning how effective Dragos OT CERT can be without access to actual control-system cyber incident examples.
