OTORIO Enables Safe Digital Growth For an Automotive Client
A global automotive manufacturer asked OTORIO to help them manage continuous security risk assessment to enable their safe digital growth.
The customer, a manufacturer of commercial vehicles, was dealing with a number of security issues, such as a lack of visibility into asset inventory.
Securing a Converged OT/IT/IOT Network
OTORIO’s team worked closely with the customer and identified conflicts within internal systems as well as inconsistencies in the data provided for the same assets. This generated an incorrect and incomplete picture of the converged OT/IT/IOT asset inventory, which could lead to making poor operational decisions.
In addition, the team discovered that critical actions to reduce the risk to the production floor were neglected, due to the inability to track changes in assets and configurations. Other tasks were neglected as well, such as monitoring thousands of assets to identify those using the default (not secured) credentials.
Lastly, the team found that separate systems were handling different security aspects within both the OT and IT environments. There was only a partial understanding of the prioritization of risks or security posture. Security risks were not assessed in the context of their impact on production processes. The risk analysis was focused on incident management and input from the CISO, while decisions regarding security actions have to be made by operational personnel on the production floor.
OTORIO’s close relationship with the client enabled us to partner with them and address their concerns effectively. Together, the teams improved the client’s risk prioritization strategies, providing a positive impact on the production processes. This included:
OTORIO made sure our client understood the suggestions for practical mitigation actions and the risks they are designed to reduce. This was done in order of priority, from the level of factory to cell and asset level.
A plan for gradual implementation of recommended mitigation steps was developed starting at the cell level, by order of risk priority. These steps are constantly and automatically evaluated by RAM² and priorities based on changes in the network as reflected in the RAM² reports.
The client was able to continuously monitor changes in assets and configurations on the production floor. With the automated monitoring of assets, the company saves time and can now handle simple, yet critical, tasks.
An orchestration platform, RAM² takes disparate data sources from across the OT/IT/IOT network, and places them into a unified view, providing visibility of gaps and conflicts between different systems. Operational personnel can manage the system, take immediate action when necessary, and track the status without the help of security experts. This allows the client to focus on the most important tasks that have the greatest impact on their production lines.