Improved Cybersecurity Helps Paper Mill Manufacturer Extend Control System Lifespan
Pulp and Paper Mill | North America
Knowing that their production control systems were outdated and vulnerable to cyber threats, this North American manufacturer also knew the upgrades would be quite expensive. Before making a large upgrade investment, this pulp and paper manufacturer commissioned a full OT cybersecurity risk assessment with Mission Secure for several of their paper mills and distribution facilities. They then partnered with Mission Secure to establish and deploy comprehensive OT network visibility, implement tighter network protections and segmentation, safeguard their vulnerable control systems, and temporarily deferred expensive control system upgrades.
The CustomerThe customer is a leading innovator in paper and packaging design and production, with numerous distribution facilities and multiple paper mills across North America. With a broad portfolio of paper and packaging solutions, the customer is committed to operational excellence, environmental responsibility and exceptional customer service while trying to stay at the forefront of emerging pulp and paper industry technologies.
The ChallengeThe customer was aware that their paper mills had outdated control systems equipment with existing operating system vulnerabilities that could no longer be patched. They were considering expensive system updates to eliminate these vulnerabilities and upgrade their control systems capabilities. However, before making these significant investments, they chose to conduct a full cybersecurity assessment to understand the risk posture in their OT networks and the full extent of security vulnerabilities in their production facilities.
Our dedication to innovation and the continued success of our customers is dependent on our ability to orchestrate our production effectively, decrease overhead and maintain market share. We needed to improve the security of our OT networks without negatively impacting the grueling demands of our daily operations.”
The Comprehensive Cyber Solution
The customer engaged with Mission Secure to conduct comprehensive OT cybersecurity risk assessments for a number of their paper mills and distribution facilities. In addition to the previously known vulnerabilities and outdated control systems, the joint team also discovered:
- Other unpatched control systems with vulnerabilities
- Inconsistencies and misconfigurations across the OT networks
- A high number of non-business devices like Rokus, Amazon Fire TV Sticks, and other personal wireless systems connected to the production networks added unnecessary risks
- A high volume of external network traffic to and from foreign IP domains
- The use of insecure protocols, including Remote Desktop Protocol (RDP)
Based on these assessment findings and the associated recommendations, the customer decided a more comprehensive cybersecurity solution was required instead of only upgrading their outdated control system equipment. The customer selected the Mission Secure OT Cybersecurity Platform and Managed Services for an initial project for two of their paper mills and a number of their distribution facilities. They would implement an OT network protection solution, with future deployment to the entire manufacturing operation at a later date.
The customer is now able to:
- Protect critical, outdated control systems equipment and temporarily defer expensive upgrades
- Maintain 24/7 visibility and cybersecurity monitoring of their operational networks
- Prevent unauthorized internal network traffic and stop unauthorized/unknown external connections to and from foreign IP domains
- Immediately identify, investigate and respond to cybersecurity risks
How OT Network Visibility and Stronger Network Security Helped Extend Control Systems Lifespan
Clear OT Network Visibility
Before working with Mission Secure, the customer had limited knowledge of all networked devices on their OT networks. Now, they have comprehensive visibility into their paper mill and distribution facility networks. They now monitor and tightly control the network and third-party access and continuously:
- Map their OT networks and discover and inventory connected assets
- Monitor internal OT network communications and protocols and identify anomalous behaviors
- Prevent, log, and alert on unauthorized and unidentified external connection attempts
By protecting and segmenting our OT networks, we were able to improve resilience and performance and isolate and secure outdated, vulnerable process control systems to minimize the risk of a potential breach.
Principal IT Security Engineer
Stronger Operations Network Security
Without a properly protected and segmented OT network, an organization gives potential attackers a bigger attack surface to inflict significant damage. In partnership with Mission Secure, the customer defined and deployed their network protections and segmentation, built a security policy tailored to their OT environment, and established baseline authorized OT network traffic. The customer:
- Improved OT network performance and secured their networks by eliminating unauthorized and foreign communications
- Eliminated unapproved employee BYOD devices (e.g., Roku, etc.) and other non-business devices from the production networks
Extended Control System Life And Deferred Upgrade Investments
Up against fierce competition in the paper industry, it is imperative that the customer keep their costs down and production running smoothly. Any cybersecurity breach, no matter how minor, can result in unplanned production disruption that can cost the customer up to $1 million per day per facility and can even impact health and safety measures. With Mission Secure, the customer has:
- Implemented compensating controls to protect their vulnerable control systems until they can be updated
- Extended the useful life of existing control systems and temporarily deferred expensive upgrades
- Minimized possible network downtime and improved cybersecurity control in their critical production facilities while keeping costs to a minimum
Partnering with Mission Secure has helped us extend the life of our control systems and lower our anticipated costs. Our production networks now perform better than they have in some time. And we work directly with Mission Secure’s Managed Services team to tightly control our cybersecurity and maximize uptime.”
–Principal IT Security Engineer