OT CYBERSECURITY STRATEGY
Brief :
A leading German-based pharmaceutical precious metals company required support in the setup of its first OT-focused cybersecurity strategy. In particular, the demand focused on the initial analysis of the current cybersecurity maturity – based on a selected number of manufacturing sites, and as well the design of a risk-based approach for information security of the overall manufacturing environment.
BxC was asked to support the development of a comprehensive and cost-sensitive OT cybersecurity strategy, including different requirements concerning the current and future automation level, product and production complexity, and sensitivity, considering the site’s risk exposure.
Activities :
COMPREHENSIVE AS-IS ANALYSIS
BxC conducted an initial as-is analysis based on a small number of selected sites known to be representative of the overall manufacturing environment. This as-is analysis was planned and performed with minimal intrusiveness in mind to limit the overall impact on site resources.
DESIGN OF RISK-BASED SECURITY MEASURES
Based on the conducted analysis and following leading standards and practices, a risk-based 3 tier cybersecurity strategy was developed. This strategy enabled the iterative improvement of security measures in alignment with increasing automation and accompanying increasing risk posture.
AWARENESS CAMPAIGN SETUP
BxC designed a manufacturing staff-focused awareness campaign to raise the initial cybersecurity awareness. BxC also participated in sensitizing the client management across IT and OT about the importance of cybersecurity in the manufacturing environment.
results :
Thanks to BxC OT security is now a core component of cybersecurity in manufacturing. ? Learn more about our achievements!
Awareness of OT security at manufacturing site level up to members of the global management and the board of directors
Design of a granular and risk-focused OT cybersecurity strategy enabling a granular approach based on current and future requirements
Long term improvement of the overall productivity by ensuring sensible and availability-focused cybersecurity measures