Real-World Pulp and Paper OT Security Risk Management

By Aya Tzarfati, Product Marketing Manager

Which OT security risks do pulp and paper companies face, and how can extended asset visibility help address them? 

Initial challenges

Today’s pulp and paper companies have largely automated their operations. While modernization brings with it welcome improvements, it also means that paper and pulp companies have larger digital attack surfaces, increasing their cybersecurity risk and potential to compromise their manufacturing operations.

A global packaging and paper company recently turned to OTORIO, via our partner and pulp and paper industry leader ANDRITZ, in search for a solution that would simplify its OT cybersecurity management and enable it to discover and inventory its OT assets. It also sought to identify, assess, and manage risks, as well as minimize the volume of security notifications to enhance its operational efficiency. 

The pulp and paper company faced a number of  challenges:

• It possessed limited visibility and poor context for its industrial OT assets 
• It lacked a complete digital footprint of its operational environment
• It faced a significant OT security skills gap
• The company’s existing intrusion detection system (IDS) produced a high volume of alerts, many of which were false positives, leading to excessive noise and alert fatigue

This left the company unable to prioritize risk mitigation actions efficiently and effectively.

Enter OTORIO

OTORIO has extensive experience with pulp and paper cybersecurity. OTORIO understands that protecting the OT of pulp and paper companies helps secure their complex supply chain and ensures continuous, robust production. If a cyber attack occurs at a pulp and paper company, the potential damage can include loss of valuable data, environmental harm, and a production line that is out of commission for weeks. This immense potential for harm only highlights the importance of taking the necessary OT security precautions.

OTORIO’s RAM² solution provides risk assessment, monitoring, and management to facilitate continuous OT cybersecurity and effective risk management. RAM² conducts a comprehensive risk analysis of the operational environment using cross-domain data sources, identifies known and hidden assets, as well as their security configurations. The platform maps the operational environment to show the relationships among different assets, and identifies security gaps and vulnerabilities.

RAM² integrates risks and alerts from across a company’s entire OT network. This gives companies a comprehensive picture of their security posture. It empowers companies and ensures that any vulnerabilities are dealt with proactively based on their potential to harm business continuity and operations.

RAM²’s far-reaching impact

OTORIO’s RAM² gave the pulp and paper company comprehensive, 360° visibility over its asset inventory. OTORIO integrated RAM² successfully with the company’s existing solutions, such as its ABB 800xA Distributed Control System, intrusion detection system (IDS), firewalls, endpoint detection and response systems (EDRs), and much more.

RAM² also audited the company’s security configurations to ensure their compliance with IEC 62443-3 industrial security standards and pinpoint any operational environment abnormalities. This provided important additional insights while excluding irrelevant assets and false positives. Obtaining broader visibility into the company’s asset inventory allowed for enhanced and contextualized security posture assessment. RAM² enabled the company to identify and deal with suspicious events, prioritizing risk mitigation by the level of severity, and providing practical, actionable recommendations on how to reduce risks.

As a result of RAM²’s contextualized analysis, the pulp and paper company’s team was able to dramatically reduce alert noise from 209,000 unfiltered events per day to just 22 meaningful alerts. With RAM², “indicators” of OT risk are only considered “insights” when a contextualized risk pattern within the operational environment can be found.

Positive outcomes

As a result of working with OTORIO, the pulp and paper company gained comprehensive OT asset visibility. It achieved a unified view of risk for its OT, IT, and IIoT-aligned network security systems and industrial systems in the OT environment. The company’s Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) to suspected risks was greatly reduced, lowering noise and emphasizing which risks and vulnerabilities to prioritize.

The company receives safe operational security posture assessments that don’t interfere with ongoing business operations. Teams now have risk mitigation playbooks that offer clear instructions on hardening site-specific OT network risks and vulnerabilities. Finally, the company’s ROI has improved due to leveraging and integrating the company’s existing security controls and solutions with RAM². 

_______________

Click here to get more details about this pulp and paper industry case study. 

To learn more about how RAM² empowers operational and security teams to proactively manage cyber and digital risks, contact OTORIO.