RAM² Enables Compliance with NIS2 Security Directive
The company is a global packaging and paper group that develops and manufactures industrial and consumer packaging solutions. Like other industrial manufacturers, it has a complex operational environment with different types of industrial assets. It was obligated to meet the NIS2 security directive and faced challenges with monitoring its OT cybersecurity posture, as well as lacking asset visibility over its entire operational environment. The company contacted Andritz to ensure operational resilience based on the NIS2 guidelines, to simplify its OT cyber security management, discover and inventory its OT assets, identify risks, and avoid significant financial impact due to lack of compliance.
NIS2 Implication for the Pulp and paper company The Pulp & Paper company provides essential products and services, such as paper, packaging, and tissue. A disruption to the Pulp and Paper industry would significantly impact the economy and society, as well as potential environmental implications. Therefore, the Pulp and Paper industry now falls under the regulatory obligations set forth by the NIS2 directive.
The company lacked visibility over different types of OT industrial assets and did not have a complete digital footprint of its operational environment, the basic steps in securing the supply chain according to NIS2 guidelines. It experienced a high volume of alert noise from an existing IDS solution, often delivering false positive alerts that led to alert fatigue. It also experienced challenges with: • Unclear and partial asset visibility, with limited details and poor context
• A lack of information about its OT security environment to properly manage risk
• A high volume of false-positive alerts that created alert fatigue
• Limited resources to address each vulnerability alert
• An inability to prioritize risk effectively and efficiently
• Struggling to accurately detect and proactively respond to actual OT security risks
• An inability to connect and leverage data sources and existing technologies to properly understand and secure its operational environment
Andritz and OTORIO improved the company preparedness for the NIS2 Directive, safely, efficiently, and effectively with:
• A comprehensive OT assets visibility with a unified view of risk for converged IT-OT-IIoT network security systems and industrial systems in the OT environment.
• The company’s security teams have operational context and impact analysis of an asset or process-level for OT risk-based management.
• Exposures identifications based on correlation between security posture and asset inventory.
• OTORIO’s RAM2 provides the company with insights that improved their MTTD and MTTR, while reducing noise and highlighting which risks and vulnerabilities to prioritize.
• The company receives safe operational security posture assessments that don’t disturb its ongoing operations.
• The company improved ROI, leveraging existing security controls and solutions by integrating them with OTORIO’s RAM2 platform.
• Maintenance teams now have quick risk mitigation playbooks with clear instructions to harden site-specific OT network risks and vulnerabilities.