OT CYBERSECURITY STRATEGY

Pharmaceutical and Precious Metals Industry
OT CYBERSECURITY STRATEGY
Hanau, Germany

Brief :

A leading German-based pharmaceutical precious metals company required support in the setup of its first OT-focused cybersecurity strategy. In particular, the demand focused on the initial analysis of the current cybersecurity maturity – based on a selected number of manufacturing sites, and as well the design of a risk-based approach for information security of the overall manufacturing environment.

BxC was asked to support the development of a comprehensive and cost-sensitive OT cybersecurity strategy, including different requirements concerning the current and future automation level, product and production complexity, and sensitivity, considering the site’s risk exposure.

Global and Diverse Manufacturing Sites
80+
Global and Diverse Manufacturing Sites
Global and Diverse Manufacturing Sites
3
Tier Risk Based OT Security Model
Core Cybersecurity Focus Areas
20
Core Cybersecurity Focus Areas

Activities :

COMPREHENSIVE AS-IS ANALYSIS

COMPREHENSIVE AS-IS ANALYSIS

BxC conducted an initial as-is analysis based on a small number of selected sites known to be representative of the overall manufacturing environment. This as-is analysis was planned and performed with minimal intrusiveness in mind to limit the overall impact on site resources.

DESIGN OF RISK-BASED SECURITY MEASURES

DESIGN OF RISK-BASED SECURITY MEASURES

Based on the conducted analysis and following leading standards and practices, a risk-based 3 tier cybersecurity strategy was developed. This strategy enabled the iterative improvement of security measures in alignment with increasing automation and accompanying increasing risk posture.

AWARENESS CAMPAIGN SETUP

AWARENESS CAMPAIGN SETUP

BxC designed a manufacturing staff-focused awareness campaign to raise the initial cybersecurity awareness. BxC also participated in sensitizing the client management across IT and OT about the importance of cybersecurity in the manufacturing environment.

results :

Since the initial involvement of BxC, the maturity of OT security has increased, and cybersecurity in manufacturing environments has become a permanent component of the cybersecurity organization and a permanent activity at the sites level. Several successes can be listed:

Awareness of OT security at manufacturing site level up to members of the global management and the board of directors

Awareness of OT security at manufacturing site level up to members of the global management and the board of directors

Design of a granular and risk-focused OT cybersecurity strategy enabling a granular approach based on current and future requirements

Design of a granular and risk-focused OT cybersecurity strategy enabling a granular approach based on current and future requirements

Long term improvement of the overall productivity by ensuring sensible and availability-focused cybersecurity measures

Long term improvement of the overall productivity by ensuring sensible and availability-focused cybersecurity measures