Why the Pulp and Paper Industry Can't Overlook OT Security

Real-world cyber attacks on pulp and paper manufacturers

Manufacturers worldwide have been hit with real-world industrial cybersecurity attacks that halt industrial operations, lead to ransomware demands, harm business continuity, and affect shareholder value. The pulp and paper industry is no exception. Over the past few years, cyber attacks impacted the manufacturing operations of at least three paper and packaging companies in North America and Europe. Two of these attacks resulted in ransomware demands.

Criminal ransomware gangs try to find and exploit any OT and IT security vulnerabilities that industrial manufacturers to breach their operational environments. Many cyber attacks can result in ransomware demands. Pulp and paper manufacturing is a multi-billion dollar global industry. The recent pandemic increased demand for corrugated cardboard and pulp production. From toilet paper and package shipments to paper goods for food deliveries, CIPA (the European association representing the paper industry) noted this trend in its 2021 annual statistics.

The importance of securing your operational network

Whether they deal with recycling OCC, packaging boards, mixed waste, securing production lines, drying processes, or power and boiler generation, manufacturers rely on effective and efficient pulp and paper cybersecurity solutions to minimize risks that can impact their industrial operations. OTORIO’s industrial-native solutions prioritize risk mitigation, add business context, and allow plants to manage multi-site OT, IT, and IIoT networked environments from one central dashboard.

As industry leader ANDRITZ Pulp and Paper’s OT cybersecurity partner, OTORIO knows how crucial safety, uninterrupted energy supplies, plant operations, and reliable utilities are to the pulp and paper manufacturing processes. The sophisticated industrial machines crafted by ANDRITZ for the pulp and paper industry span a wide range of uses: Yankee dryers for making tissue paper, power boilers that produce steam and electricity from renewable fuels, and wood processing machines are just a few of the dozens of industry-specific industrial machines. Each relies on multiple technologies, data sources, automation, digitalization, and procedures to optimize process performance.

Practice makes perfect: disaster recovery exercises

Every pulp and paper manufacturer needs to have a disaster recovery plan (DRP) and a backup plan. The most effective way to recover from an industrial cyber attack is to practice your DRP and backup plans often.

Do your IT and OT teams regularly back up network data and secure these backups? Do you know how often backups are done and where your data is stored (e.g., locally, offsite, or in multiple locations)? Does your company hold regularly-scheduled disaster recovery exercises? When a zero-day attack happens, will your DRP actually work?

You’ll get answers to these questions if your IT and plant operations teams practice getting backed-up data, manufacturing equipment, processes, and production up and running again. Like athletes and military personnel perform exercises and actors rehearse, practicing your DRP will help prepare your pulp and paper company for a real cyber attack.

After a practice drill, you and your IT/SOC and OT security professionals should be able to answer valuable questions: How long did it take your teams to simulate a successful recovery? What lessons were learned? Using these insights, you can go back, repeat your DRP, and continue improving it.

Proven OT security for the pulp and paper industry

OTORIO has extensive, proven experience working with global pulp and paper industry manufacturers to assess, monitor, and manage digital risk. This includes ensuring comprehensive visibility of industrial assets, reducing ‘noise’ caused by high volumes of false-positive and irrelevant OT security alerts, and prioritizing mitigation of industrial cybersecurity risks based on their context and potential impact on your business operations.

We have experience reducing ransomware risks and helping companies fight phishing attempts that target thousands of employees at hundreds of worldwide locations. Our work leads to improving customers’ security controls to ensure their OT, IT, and IIoT network environments are resilient against future attacks. OTORIO has deep experience performing vulnerability and penetration testing for the pulp and paper industry. This allows industry manufacturers to see how outside attackers would view their pulp and paper company’s IT and operational technology (OT) networks. These valuable tests and analyses enable us to find potential attack scenarios and help you proactively reduce vulnerabilities.

Watch the OTORIO-Andritz Pulp & Paper webinar

If you’re responsible for your pulp and paper company’s IT, OT, or IIoT network, you don’t want to miss our joint webinar on “Demystifying Risk Management and Cyber Security for the Pulp and Paper Sector.” You’ll gain insights on how pulp and paper manufacturers can:

Potentially save millions of dollars a day in downtime costs

Maintain resilient manufacturing and power generation operations

Reduce risks and vulnerabilities from ransomware attacks

Enhance OT Asset Visibility with Safe Active Query

12 Mar 2024

Facing the OT Security Risks to Pulp and Paper Companies

Real-world cyber attacks on pulp and paper manufacturers

The importance of securing your operational network

Practice makes perfect: disaster recovery exercises

Proven OT security for the pulp and paper industry

Watch the OTORIO-Andritz Pulp & Paper webinar