Top-tier Pharma Achieves OT Cybersecurity Across Plants Globally
In this case study
Challenge
Driven by escalating insurance premiums, board pressure regarding legal and professional liabilities, and the need to meet end-customer data requirements, a major pharmaceuticals company turned to WWT for consultation on how to quickly achieve significant improvement to overall OT cybersecurity posture and provide assurance to their board that asset visibility within OT would be achieved swiftly, without downtime.
Operating within a heavily regulated industry, this global pharmaceuticals company needed to act fast on a viable OT cyber security solution; some accompanying challenges included:
- Insurance expenditures – their insurance company was requesting documented proof of deployment for their cyber program and had substantially raised their rates; rates would be lowered upon evidence of an established solution.
- Pressure from board of directors – As is the case for many organizations of this size, board members are professionally and legally required to mandate OT cyber security solutions, so this added pressure to the initiative.
- Increased cyber threats – The client was experiencing an uptick in cyber threats; attacks becoming increasingly frequent.
- Pioneering next generation OT cyber-security solutions driven by the traditional Information Technology teams into a welcoming but skeptical operational (plant manufacturing) environment, of which IT was not completely familiar.
The CTO and CISO promptly selected the Forescout eyeInspect solution and mandated that the IT, OT and security teams work together to deploy the solution as quickly as possible. They had used Forescout on the carpeted side of their business and had confidence in the platform and familiarity with technology. Extending this same solution to the manufacturing plants seemed the quick and logical answer to their challenges.
WWT was tasked with supporting the deployment of the Forescout eyeInspect solution to meet OT security and compliance requirements quickly and affordably, with clearly articulated and trackable success criteria.
Approach
WWT hosted two full-day workshops to define the scope, requirements, success criteria and details of deployment; attendees included IT, OT and plant leadership, security teams and newly evolving teams, namely, PlantOps, SiteOps and TechOps.
As a result, the following plan was established and put into action:
- Deploy and validate solution at one pilot site and then roll out to four additional manufacturing facilities within nine months.
- Create an operational model where the eyeInspect software is deployed and running providing a count of all assets with vulnerability detection in near real-time.
- Establish follow-up services and on-going programs that operationalize the technology across the organization, provide platform support and health checks and offer deep-dive resources at the plant level to enable 100% visibility and asset capture.
Solution
WWT deployed the eyeInspect software to one test facility as a pilot; this took place at a smaller-sized plant with a strong manual asset inventory. As part of the pilot, both physical and virtual sensors were tested at the site for potential future plant deployment based on the network design.
After letting the software run its course for 30 days, the originally documented success criteria were not fully met – only 96% of the documented assets were identified against the target of 100%. It was later realized that the success criteria were too tightly defined, so a criteria adjustment was made to proceed with the roll-out.
One of the "big wins" with the eyeInspect platform roll-out was the confirmation of the current manual inventory count and that eyeInspect was able to identify twice as many OT assets as predicted. This was a big step forward on the journey to secure these assets.
It was clear this was the right solution choice, so the client opted to move forward. As such, the balance of the four manufacturing facilities were rolled out at a pace of one per month. This involved installing the Forescout eyeInspect tool to meet the following objectives:
- Allow the tool time to run long enough to identify assets, which sometimes speak infrequently via the network.
- Capture the delta between the manual inventory and the tool-generated inventory for comparison and adjustment.
- Identify all vulnerabilities on the system for resolution determination.
At times, sources of vulnerabilities were identified as older OT systems that needed to be updated to newer software versions. After this was acknowledged, these updates were scheduled for the next maintenance window.
Results
The WWT team, in collaboration with our partners and the client, enabled the eyeInspect platform to achieve incredible results. Prior to beginning the project, the client had a manual spreadsheet of inventory for each plant; eyeInspect was able to confirm their manual count, but also identify double the OT assets than previously thought.
On-going projects are now in place to fully operationalize the software across all plants, integrate visibility and vulnerability detection into the customers SOC (Security Operations Center) and finalize on-going work at the plants to solidify any remaining issues.
The Forescout eyeInspect platform provides a "passive" on-going monitoring of the environment including a vulnerability check. As part of this process, specific vendor-related vulnerabilities are noted. First run, over 500 vulnerabilities were identified including unique and critical Common Vulnerabilities and Exposures (CVE). One of the benefits of this software is that the OT systems were not disrupted, resulting in zero downtime. This is a major concern for plant operators, managers and leadership; however, Forescout eyeInspect met this objective.
The eyeInspect tool was also able to identify multiple cross-level Purdue communications. This visibility provides the basis for policies to be established that best protect mission-critical production assets, systems and processes.
Benefits
- Increased confidence and productivity with real-time visibility, mapping and vulnerability identification.
- Optimized asset transparency providing health status, risk posture, traffic flow and internet connections, allowing the organization to have a full view of the OT environment.
- A reduction in insurance premiums through a compliance-based solution that mitigates risk.
- Reduction in board-level legal and financial liabilities.
- The ability to maintain strong end-user client relationships by successfully protecting their data.
Conclusion
The first five manufacturing plants were standardized on the eyeInspect platform, so the organization's IT, OT and security teams have begun managing the software and monitoring the environment for asset health and vulnerabilities in an efficient and cost-effective manner. As the company adjusts to this new environment and acclimates to the new solutions for security risks, outdated software and unintended internet connections, this program will be rolled-out to the balance of their remaining manufacturing facilities across the globe.
Technologies
- Forescout eyeInspect
- Dell VxRail