Building resilience across operational technology (OT) and information technology (IT) to protect operations and enable digital growth
The starting point
Production downtime can be disastrous for manufacturers. For one maker of luxury goods, getting ahead of operational disruption has become a priority as the company has integrated more digital capabilities to support and enhance its traditionally manually intensive business and its focus on crafting high-quality products for consumers worldwide.
In looking at the company’s longer-term digital evolution, company leaders recognized that their traditional business was becoming more complex. OT and IT were intersecting in new ways and creating new opportunities for cyber threat actors and others to disrupt operations.
From ransomware attackers to hacker-activists (“hacktivists”) targeting the luxury goods industry, there was no shortage of potential threats for the high-profile company and its multiple manufacturing sites in Europe.
Leaders understood that isolating risks across the OT/IT environment would be key to business resilience—to ensure that disruptions in one part of the business could be contained and remediated while having minimal impact on other business processes. They also understood that, to evolve with confidence and continue to operate efficiently, the business required a more strategic, end-to-end approach to OT cybersecurity, along with a greater understanding of its own technology environment.
Factors in focus
- Increased digitalization of the business
- Growing interdependencies across IT and OT
- Evolution and complexity of threats targeting the business
The way forward
To start transforming its security posture for new realities, the luxury goods maker enlisted the help of Deloitte’s OT Cybersecurity Services to begin mapping out its future. Creating a solid OT security policy and reference architecture was the first step toward building a more secure environment and guiding future decisions about new OT or IT assets. To jumpstart the transformation, Deloitte employed Factory Accelerated Security Transformation (FAST), its proven combination of technology and implementation that is designed to rapidly improve cybersecurity and fortify infrastructure within OT environments. Deloitte also drew on its global team of industry-specific OT specialists, ethical offensive hackers, network architects, and other cybersecurity professionals.
After helping to create a robust security policy and reference architecture as the foundation, Deloitte supported the company on automated asset discovery and business process inventory. Doing so helped the manufacturer understand its current OT environment and how various assets connected with other assets and systems—crucial for understanding interdependencies and risks, and for business continuity planning.
Enabling “island mode” was also a vital need, to allow processes or assets to continue to operate effectively as an isolated “island” in the event of a disruption to a connected process or asset. Deloitte supported the segmentation of IT and OT environments through both high-level design (HLD) and low-level design (LLD), even working with the company on design needs for a planned factory. With a new security reference architecture and guiding policy, a new view of its assets, and new segmentation across its environment, it was also critical for the company to train both IT staff and internal end users. To set the company up for success, Deloitte developed detailed training materials to support implementation, as well as a broader set of educational resources to help drive policy compliance, ensure internal alignment on security objectives, and get ahead of potential employee questions or concerns.
The combined team devised a comprehensive policy that addressed more than a dozen key topics including asset management, vulnerability management, backup management, remote access, account management, and password protocols. These focus areas were central to the design and implementation of a secure, effective future OT environment. The manufacturer was able to achieve its business goal of securing the IT and OT environments while maintaining business continuity and reducing the risk of production interruptions.
Insights to inspire
- Know what you need to protect, and where it is. Be curious. Conduct a thorough asset discovery and inventory process that can inform and support your security strategy.
- Get into “island mode.” After determining the interdependencies of your operations, know how you can disconnect them to keep certain assets and processes running—to avoid unnecessary downtime.
The achievements
Cybersecurity
Improved OT asset discovery and network security help the client prevent cyberattacks and protect operations.
Operational continuity
The design lets sites run independently, keeping operations going even if IT and OT had to be separated during an attack.
Operational efficiency
Manual inventory and automated network discovery gave the company a comprehensive view of its OT assets, supporting better operational optimization and highlighting improvement areas.
Asset management
OT asset discovery and registration help the company manage assets more efficiently by tracking them, monitoring performance, and quickly spotting potential issues.
Training and compliance
Employees are prepared to follow the new OT security policy and tools, leading to better efficiency, lower security risks, and improved compliance with leading industry practices.
Opens in new window
Opens in new window
Let’s talk cyber
How is your organization positioning itself to address today's and tomorrow's cyber threats? Discover how Deloitte Cyber services and Deloitte's worldwide team of industry-focused specialists can support you every step of the way—and help you respond with confidence no matter what the future brings. Contact us to get the conversation started.
Opens in new window
Opens in new window
Dana Spataru
