Additional information
Source: -The project has been delivered on schedule
The budget has not been exceeded
Functionality complies with task
The project has been delivered on schedule
The budget has not been exceeded
Functionality complies with task
COMPANY PROFILE
Our customer, a major U.S.-based petrochemical company with more than $13 billion in revenue, operates more than 30 chemical plants in the United States and around the world and is a major producer of olefins, polyolefins and specialty chemicals from natural gas and other petroleum components. It also serves the oil industry with a variety of oilfield fluids to improve productivity of new wells and restoring old ones. It relies heavily on Microsoft products and a heterogeneous mix of distributed control systems (DCS) that manage its global operations.THE SITUATION:
The industrial control systems for production facilities in eight countries from North America to Asia were being managed locally at each site, with no standardized components or corporate view. Reporting on the security status of these systems relied heavily on manual processes and often was not reliable. System data was not always logged and was not always accurate. In the face of increasing risks in the cyber-threat landscape in which industrial control systems were operating, a standardized way to manage these critical systems was needed. Safety is a core value in the petrochemical industry, and the essence of safety in industrial processes is stability. Safety in Operational Technology is a continuous process of improvement that depends on patience and planning. Yet in an increasingly networked and automated environment, cyber security is critical to safety and real time visibility into control system configuration and security status is necessary. The company’s Industrial Control System (ICS) security manager does not control the plants’ control systems, but focuses exclusively on the systems’ security. Coming from the IT side of the business, which traditionally focuses attention on up-to-date software patching, antivirus and backup, he understood the need for a solution that addresses the challenges of both IT security and Operational Technology (OT) safety.
CUSTOMER REQUIREMENTS
“We saw the [threat] landscape becoming more complex and the risks increasing.”
THE RESULT: IMMEDIATE VALUE AND VISIBILITY, RAPID DEPLOYMENT
After full implementation, the company had a single, unified view of the configuration of networks and servers in the OT environment, both at the site level and centrally. Immediately the customer was able to identify several network and server configuration issues. For the first time security managers are able to log in to remote locations on a site-by-site basis and get a standardized view of conditions.
“The Industrial Defender team had on-site techs who understood OT and IT, enabling rapid deployment at 7 sites.”As part of a three year project bridging IT and OT asset owners, the implementation of ASM was swift and efficient. Seven sites were deployed in 9 months on a range of DCS platforms from Yokogawa, ABB, Honeywell, Schneider, Emerson, and Rockwell. The customer also noted that the project helped to advance collaboration between IT and OT staff.After more than a year with Industrial Defender in operation, the security team is pleased to report that no significant security incident has occurred. ASM is being used proactively to ensure that systems are up-to-date and running with the visibility needed to minimize the risk of a security-related disruption. The customer is highly satisfied with their ASM deployment and plans to expand to 10 sites.
Decentralized IT systems
No centralized control over IT systems
Unstructured data
Risk of attacks by hackers
Enhance Staff Productivity
Ensure Security and Business Continuity
Generate Business Reports
Manage Risks