Background
A multibillion-dollar Tier-1 automotive supplier had robust IT cybersecurity in place. The manufacturing team, however wondered about the maturity of their Operational Technology (OT) cybersecurity during an Enterprise Risk Management (ERM) review. The company had not historically performed an in-depth assessment of their OT security environment independent of their overall enterprise cybersecurity efforts.
ResiliAnt was engaged through one of the company’s service providers to assess OT cybersecurity risk and recommend a sustainable solution. The efforts were initiated with a pilot at a North American plant.
Key observations
The plant did not have an accurate record of asset inventory to start with. About 66% of the assets in the record marked as active were actually decommissioned. More than 60% of the network connected equipment were found to be vulnerable with most of them needing operating system updates.
Many of the complex manufacturing equipment, such as lathes or high-speed laser cutting systems, involved system of systems configurations. Not only were some of these systems discovered as vulnerable, but they also had remote access capabilities enabled.
Many of the facility systems, including the Building Automation System (BAS), were also vulnerable to cyber attack.
ResiliAnt outlined a layered cybersecurity approach involving both asset- and network- level controls, and supported the company in developing a budget and an OT cybersecurity program structure for optimal ROI.
ResiliAnt's proprietary solution helps organizations manage their operations technology (OT/IoT) related to cybersecurity risk. To learn more, please reach out to us at info@ResiliAnt.co.