Mitigating Cybersecurity Threats – Step-by-Step

Portfolio Addition Supports Key Differentiation

Wesco is not a typical “parts and pieces” electrical distributor. For more than a century, the company has been guided by an innovative instinct to serve the customer first by developing solutions that satisfy complex, everyday challenges.

Recently, the company put that philosophy into practice by expanding their cybersecurity capabilities. To build their cybersecurity portfolio, Wesco turned to two Rockwell Automation offerings, a security posture survey and threat detection services.

Wesco is a world leader in electrical, communications and utility distribution and supply chain services and a member of the Rockwell Automation PartnerNetwork™ program.

Opportunity Presents Itself  

In late 2021, a food supplier approached Wesco with a challenge. The manufacturer was acutely aware of the growing and evolving cyberthreats targeted at food and beverage companies – and had experienced a cybersecurity incident on their own IT network.

While that incident was quickly contained and did not impact production, the company was now taking proactive steps to better mitigate their risk. To that end, they had engaged an organization to help analyze their security posture on the IT network. 

However, the food company still lacked expertise in plant networks and turned to Wesco for an assessment regarding the OT side of their operation.

In particular, the manufacturer hoped to identify all assets across the industrial control system (ICS) – and uncover any vulnerabilities. Then, they planned to deploy a cybersecurity program aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Wesco recommended an approach that followed Rockwell Automation methodology, beginning with a security posture survey – the critical first step to deploying an actionable plan for remediation. The survey provides detailed information to assess and prioritize OT security risk through an asset inventory and establishes a baseline for network traffic and abnormality detection. 

Stepping Through the Process

As an Authorized Rockwell Automation Service Provider, Wesco delivered the security posture survey directly to their customer.

Typically, the survey begins with a kickoff call followed by data collection, which can be completed in an eight-hour workday on site. Data is analyzed remotely and two reports are generated: a critical findings report and a comprehensive report.   

The critical findings report itemizes vulnerabilities that impact critical devices. These devices could result in a major shutdown if compromised. The report also rates the vulnerabilities on a scale from zero to ten, with ten being the most critical. This customer’s report included multiple pages of “tens,” documenting significant security gaps.  

In line with NIST guidance, the food company applied a defense-in-depth cybersecurity strategy. The strategy comprises network segmentation and multiple layers of protection – including Rockwell Automation threat detection services featuring Cisco® Cyber Vision.  Cisco is a Rockwell Automation Strategic Alliance Partner.

Cisco Cyber Vision leverages a unique edge computing architecture that monitors industrial networks and aggregates data with embedded sensors in select Cisco networking equipment. As a result, no additional network resources are required. Cyber Vision also enables security monitoring components to run within certain models of Allen-Bradley® Stratix® 5800 managed industrial Ethernet switches.

Success Builds

Currently, the food company is monitoring the threat detection services internally and is pleased with the results. 

Because the customer is so confident in the system’s capabilities, they asked Wesco to implement the same solution at two additional manufacturing facilities.

In 2022, Wesco received the Rockwell Automation PartnerNetwork Award for Innovation based on the successful threat detection implementation. But the company was just getting started. In 2023, Wesco was again recognized for innovation for a solution in the cybersecurity space.

The latest award was for a critical infrastructure project with a municipal water utility, which engaged Wesco to conduct a “network health check” across twelve water and wastewater plants. Wesco uncovered more than 500 vulnerabilities on the network – plus a physical vulnerability.

Based on the findings, the utility chose to accelerate the timeline for their planned system upgrade – with Wesco taking the lead.

Learn more about our PartnerNetwork Program.

Cisco is a registered trademark of Cisco and/or its affiliates in the United States and other countries. 

The PartnerNetwork Innovation Award is given to those partners that have demonstrated innovative ways to help customers solve and address business problems, drive transformation, and achieve meaningful and measurable business outcomes using best-in-breed technologies.