The Project: Curb Continued Cyberattacks with Effective Remediation

After being the target of numerous ransomware attacks, a metals manufacturer called on E Tech Group to perform an IT/OT risk assessment and analysis to assess and remediate vulnerabilities.  

Due to increasing insurance premiums, decreasing ransomware coverage and their deductible reaching two-million dollars, the board understood they needed to act quickly to mitigate the existing damage and remediate to protect the business as a whole and minimize impact on shareholders. 

Understanding the disconnect between corporate, operations, Information Technology (IT) and Operational Technology (OT), our team needed to compile and present this information in a way that was scalable and consumable from the top down. 

The Challenge: Accomplish Change Swiftly by Aligning Team Cooperation

Along with a number of other challenges, scale came into play when beginning this project. Once these issues reached the executive level, the timeline to mitigate potential negative shareholder impact was limited, so our team had to move quickly with their assessment. 

When insurance companies were first writing these policies, it was an unspoken agreement that a facility could be trusted to implement everything that was listed. Because the honor system proved a flawed method for ensuring proper implementation, today sites are periodically audited to ensure procedural integrity. 

E Tech Group had to quickly identify any discrepancies between the written policy and what was in place to provide the remediation necessary to help decrease the client’s premiums and increase their coverage. Simultaneously, we had to find ways to prevent the ransomware attacks that had been ravaging their network. 

To get an accurate picture of where to start, E Tech Group needed to align the executives, IT team and OT team. With a large task list of vulnerabilities to address, quickly building trust amongst these client teams became integral in helping us to identify and document the existing assets and systems in the plant.

The Solution: A Multi-Point Assessment Plan Achieves Record Completion Time

Opening the lines of communication to better understand the escalation that occurred from the first ransomware attack, to teetering on the edge of negative shareholder impact, allowed our team to gain the perspective necessary to establish our go forward strategy. Once confirmed, our multi-point plan for an assessment requiring top-down cooperation could be rolled out:

1. Figure out the scope.

Our first step in this plan was bringing everyone together to take part in a consultation workshop to understand and establish their baseline needs. E Tech Group gathered critical details like the size of the plant, the number of devices and how many panels they were located in, and the technologies planned to perform the assessment.

2. Nail down the specs.

Once the plan was laid out, the next step was acquiring all the initial documentation available from the plant. Making sure we were able to examine the existing Visios, subnet lists, drawings and program files would allow our team to get a visual understanding of and build a framework of the existing system.

3. Acquire the digital trail.

Now understanding what we’d be contending with, our team was ready to tackle the digital portion of the assessment. They were granted VPN access, and a VM was created so they could deploy and reach the plant from their Nessus scanning tool, allowing them to assess and take inventory of their digital assets currently living on the network. 

4. Get boots on the ground.

Moving from the digital network to the facility floor, our team was now ready to walk the site. The hard work that went into building those initial relationships with the operational team would now come into play, as they knew the site intimately and could best help our team navigate and locate all assets they needed to document and log. Knowing time was of the essence, it was all-hands-on deck between the on-site and E Tech Group team to scan and gather all IP information associated with vulnerabilities and execute walkdowns to capture all the panels in the plant.

5. Assess, analyze and report.

The assessment portion was completed in record time. E Tech Group would now work diligently to compile an aggregate of walkdown and vulnerability information. It was critical that this was done in such a way that the deliverables could be interpreted at every level this would impact. Knowing we had to present consumable material that would cover Visios, vulnerability report, a final report, and an asset database, careful but quick review was necessary to ensure all material exceeded expectations. Once this was confirmed, it was ready to present.

The Result: A Protected Network & Lower Insurance Premiums

Knowing the challenges to overcome and how much hinged on identifying and resolving their vulnerabilities while simultaneously providing a guide for remediation, E Tech Group was able to rise to the occasion.   

By developing open channels of communication and building the trust needed from the top down, we were able to align and work with their executive, IT/OT, and on-site operations team to strategically and quickly perform the assessment they so desperately needed while creating a plan to update their facility. 

Leadership was overwhelmingly happy with our work knowing the remediation will lead to the lower premiums and increased coverage, which now protects their business from the barrage of ransomware attacks they have been suffering from. Ultimately, this provides a more secure network for their company and security for their shareholders.  

Begin Your Journey to Industry 4.0

Download our Beginner’s Guide to IT/OT Assessments to gain an understanding of what an IT/OT Assessment is, its benefits, and how to get started today.