Loading
Automation Today Issue 76

Case Studies in Industrial Cybersecurity

Share This:

LinkedInLinkedIn
XX
FacebookFacebook
PrintPrint
EmailEmail
Pharmaceutical technician in sterile environment working on production of pills at pharmacy factory

Challenges, solutions and outcomes across the pharma, food and beverage, automotive, and oil and gas sectors.

If experience is the best teacher, second-best may be the lessons learned from others in your industry. Organizations breached by internal or external threat actors usually learn valuable lessons about cybersecurity, including how to identify and close vulnerabilities, and how to defend against future attacks.

We will examine how four Critical Infrastructure providers improved security defenses before cybercriminals could swipe passwords and infiltrate networks and applications.

PHARMACEUTICALS

 

Global Pharma Company Achieves Real-time ICS Threat

Visibility and Daily Asset Inventories Across 64 Global Sites

By The Numbers

  • Quickly building sophisticated defenses against cyber threats.

Scope

  • 9 months deployment
  • 64 global sites

Solutions

  • Cybersecurity plan
  • Network segmentation
  • Endpoint and perimeter security
  • Threat detection
  • USB media management

Pharmaceutical companies have long been a favorite target of sophisticated cybercriminals. But the pandemic has intensified the need for a risk-based cybersecurity program, and fast.

One global pharmaceutical manufacturer needed help building a cybersecurity program for its IT and OT systems. Unpatched OT assets were increasing security risks to manufacturing plants, and a lack of real-time visibility into threats to ICS controllers made it all but impossible to detect OT malware.

Compounding risks, the pharma company had not segmented its business networks from its industrial plant networks, nor had it limited traffic and pathways to and from critical manufacturing systems.

Looking to the future, the company knew it needed to educate its teams on good cybersecurity hygiene to create lasting, cultural security improvements.

 

What Was Deployed

After assessing the risks, this pharmaceutical giant partnered with Rockwell Automation, taking significant steps toward maturing cybersecurity protections through network segmentation, and by fortifying endpoint and perimeter security.

At the outset, a three-phase cybersecurity program was quickly designed and implemented. The first priority involved separating logical and physical networks at 64 global sites to help contain the spread of threats as they hit networks and systems. The company also boosted the security of perimeter devices to impede threat actors, and deployed application “allow lists,” to only allow application usage if the applications were preapproved, to protect endpoints.

Next, the company implemented a suite of threat detection services and implemented USB cleansing to centrally manage and monitor USB media on the OT network, to protect against threats or attacks — from inside and outside the network. The threat detection services also determine normal network behavior that can be used as a baseline and employ 24/7 threat monitoring capabilities to detect and raise a red flag when anomalous activities are detected. That helps the company identify activities that may pose a risk to its systems more quickly, or before attacks.

 

Outcomes

Rockwell Automation helped the pharmaceutical company design and implement an expanded security strategy across 64 global sites in approximately nine months. Doing so has improved the company’s ability to defend its OT and ICS assets from increasingly sophisticated cyber threats. The company now has real-time, consistent visibility into ICS threats across the global enterprise.

Pharmaceutical technician in sterile environment working on production of pills at pharmacy factory

FOOD AND BEVERAGE

 

F&B Manufacturer Boosts Cybersecurity and Incident Response, Improves OEE by 5%

By The Numbers

  • Improving cybersecurity and gaining higher OEE.

Scope

  • 80% global sites
  • 5% improvements in Overall Equipment Effectiveness (OEE)
  • Ecosystem partner: World Wide Technology

Solutions

  • Solutions
  • Network assessment
  • Global asset inventory
  • IDC deployment for 24/7 remote monitoring and management
  • Incident response

Pharmaceutical companies have long been a favorite target of sophisticated cybercriminals. But the pandemic has intensified the need for a risk-based cybersecurity program, and fast.

One global pharmaceutical manufacturer needed help building a cybersecurity program for its IT and OT systems. Unpatched OT assets were increasing security risks to manufacturing plants, and a lack of real-time visibility into threats to ICS controllers made it all but impossible to detect OT malware.

Compounding risks, the pharma company had not segmented its business networks from its industrial plant networks, nor had it limited traffic and pathways to and from critical manufacturing systems.

Looking to the future, the company knew it needed to educate its teams on good cybersecurity hygiene to create lasting, cultural security improvements.

 

What Was Deployed

After assessing the risks, this pharmaceutical giant partnered with Rockwell Automation, taking significant steps toward maturing cybersecurity protections through network segmentation, and by fortifying endpoint and perimeter security.

At the outset, a three-phase cybersecurity program was quickly designed and implemented. The first priority involved separating logical and physical networks at 64 global sites to help contain the spread of threats as they hit networks and systems. The company also boosted the security of perimeter devices to impede threat actors, and deployed application “allow lists,” to only allow application usage if the applications were preapproved, to protect endpoints.

Next, the company implemented a suite of threat detection services and implemented USB cleansing to centrally manage and monitor USB media on the OT network, to protect against threats or attacks — from inside and outside the network. The threat detection services also determine normal network behavior that can be used as a baseline and employ 24/7 threat monitoring capabilities to detect and raise a red flag when anomalous activities are detected. That helps the company identify activities that may pose a risk to its systems more quickly, or before attacks.

 

Outcomes

Rockwell Automation helped the pharmaceutical company design and implement an expanded security strategy across 64 global sites in approximately nine months. Doing so has improved the company’s ability to defend its OT and ICS assets from increasingly sophisticated cyber threats. The company now has real-time, consistent visibility into ICS threats across the global enterprise.

Flat lay pretzels and doodles

AUTOMOTIVE

 

How an Automotive Manufacturer Assessed OT Security for Improvements in Record Time

By The Numbers

  • Penetration testing identifies critical vulnerabilities.

Scope

  • 2 weeks
  • 6 sites

Solutions

  • Penetration testing

Automotive manufacturers are grappling with multiple challenges as they navigate rapidly evolving product demands and a transforming ecosystem. Amid chaotic conditions, a global automotive manufacturer became worried about its cybersecurity shortcomings.

 

Specifically, the company was concerned that OT vulnerabilities could allow cybercriminals to slip into IT and OT networks to steal sensitive information and disrupt operations and production lines. Though the company had recently invested in securing its critical manufacturing environment, leaders nonetheless believed that the networks remained vulnerable to breach. And because a flood of phishing and ransomware attacks have preyed on individual employees, the company knew enhanced threat awareness among employees would help reduce cybersecurity risks to the company’s IT and OT infrastructures.

48% of automotive manufactures are at high risk for a ransomware attack.
Black Kite - Ransomware Risk: Automotive Manufacturing in 2021, June 2021

What Was Deployed

Rockwell Automation helped the automotive company assess cybersecurity capabilities using penetration testing - a simulated cyberattack on systems, performed by experts, to identify security gaps.

In this case, the automotive company wanted to determine whether external actors could infiltrate and gain control of IT and OT environments. Thanks to the Rockwell Automation team’s OT cybersecurity expertise, the necessary testing services were performed six weeks faster than an average third-party provider.

In fact, within two days, the team discovered that remote-control software had been installed in multiple areas of the factory floor to enable security practitioners to connect quickly. Our cybersecurity experts worked with the company’s CIO and CISO to test the application and discovered the ability to connect directly from the public internet to each production environment, bypassing perimeters hardened with firewalls.

In other words, in a two-day penetration test, Rockwell Automation discovered that cybercriminals could gain full control of IT and OT networks and access digital assets and devices including Human Machine Interface (HMI) servers and control systems, confidential manufacturing plans, customer data, security cameras, and even user passwords for Microsoft Office 365 email accounts, including that of the CEO.

 

Outcomes

Penetration testing and assessment helped to quickly identify multiple critical vulnerabilities, exposing access pathways that could allow threat actors to control the manufacturer’s assets and production environments. Executive leaders now have a real-world understanding of vulnerabilities and how to better protect their IT and OT infrastructures.

The assessment led to Rockwell Automation building a complete protection plan tailored to the automotive manufacturer’s needs, based on vulnerabilities discovered during the penetration testing. The automotive business planned to expand security assessments and gap remediation, and to help employees understand the importance of good cybersecurity hygiene.

Cars being assembled with robots on automobile assembly line

OIL & GAS

 

O&G Provider Reduced Cyber Downtime Risk in a Single Month, Using Real-time Threat Detection and Network Asset Inventory Identification

By The Numbers

  • Minimizing business continuity risks with enhanced threat detection.

Scope

  • 1 month pilot
  • 17 sites
  • Ecosystem partner: Claroty

Solutions

  • Threat detection
  • Real-time asset inventory

Cyber threats to oil and gas systems are climbing as threat actors target the energy sector with ransomware and other malware. The Colonial Pipeline attack in the United States proved that breaches can severely disrupt Critical Infrastructure services and supplies, affecting millions of people and causing significant financial losses.

In parallel, the pandemic has sped the pace of digitization, along with the need for employees to work remotely, further increasing security risks. To reduce risks, a multinational energy company needed to strengthen its corporate risk management strategy. A key element included updating OT systems to minimize risks in the event of a cyberattack.

The company also knew it needed to proactively defend its digital assets by implementing a scalable threat detection platform that could rapidly identify vulnerabilities and potential threats, and generate data-driven operational insights to improve decision-making.

The business also needed help with managing costs related to technology obsolescence and modernization, as well as remediating inconsistent solutions engineering into a more unified infrastructure.

79% of oil and gas companies report an increase in disruptive attacks over the past 12 months.
EY Global State of Security Survey 2021

WHAT WAS DEPLOYED

Working with Rockwell Automation, a comprehensive threat-detection program was designed and deployed. The solution identifies a baseline of normal network behavior as well as supplying real-time network asset inventories. The solution then continuously monitors activity to detect and report unusual behavior, before threats become breaches. The threat detection solution also provided a deep understanding of OT systems and network activity for overall improved decision-making.

Working with the energy company, Rockwell Automation and Technology Partner Claroty implemented threat management solutions for a total of 12 refineries, 3 midstream facilities, one SCADA system, and one centralized enterprise management console.

 

Outcomes

This oil and gas company now has a unified strategy to protect OT and IT networks from breaches including threat detection services and real time asset inventory capabilities, allowing the company to detect, respond to, and mitigate cybersecurity threats while reducing the likelihood of downtime from cybersecurity incidents, which minimizes business continuity risk.

The solution delivered improved security capabilities in the month after pilot deployment. It currently helps business leaders better understand operational and workforce performance, reduces security team overload and supports data-driven decision-making.

Environmental pollution factory exterior night.
Topics: Life Sciences Food & Beverage Automotive & Tire Oil & Gas
Subscribe

Subscribe to Rockwell Automation and receive the latest news, thought leadership and information directly to your inbox.

Subscribe
Recommended for You
Loading
  1. Chevron LeftChevron Left Rockwell Automation Home Chevron RightChevron Right
  2. Chevron LeftChevron Left Company Chevron RightChevron Right
  3. Chevron LeftChevron Left News Chevron RightChevron Right
  4. Chevron LeftChevron Left Case Studies in Industrial Cybersecurity Chevron RightChevron Right
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose