Charlotte Stonestreet
Managing Editor |
Home> | IIot & Smart Technology | >Cyber Security | >Collaboration key to reduced cyber risk |
Collaboration key to reduced cyber risk
22 April 2024
When David Ortiz was put in charge of expanding the Church & Dwight’s manufacturing cybersecurity program, he turned to Rockwell Automation to help achieve OT cybersecurity goals
PERSONAL AND household care product giant, Church & Dwight, famous for brands including Arm & Hammer, OxiClean, ZICAM and WaterPik, recognises that modern industrial cybersecurity can positively affect operations, lower business risks and preserve crucial manufacturing availability. Consequently, during the early days of the pandemic, David Ortiz, Church & Dwight’s vice president and chief information security officer (CISO), was put in charge of a strategic mission: expanding the company’s manufacturing cybersecurity program to include new capabilities for lowering cyber risk.
As a long-time manufacturing automation client, Church & Dwight had significant prior experience with Rockwell Automation, and knew the company’s strengths as a leading supplier of both industrial automation and industrial cybersecurity solutions. Ortiz contacted Rockwell Automation to discuss his OT cybersecurity goals. After the contract was awarded in 2021, Rockwell Automation cybersecurity experts met with Ortiz to develop a specific approach for assessing risks. From these assessments, recommendations could be prioritised to help Church & Dwight reduce OT cybersecurity risks in manageable phases, addressing the most important priorities first.
To increase visibility across IT and OT networks, Church & Dwight conducted a full assessment of current manufacturing operations including network architecture, assets, privileged users, and more. Such assessments are a crucial first step in identifying vulnerabilities and threats.
Ortiz worked with the Rockwell Automation cybersecurity team to develop a series of cybersecurity discovery workshops for more than a dozen manufacturing facilities across the company. The workshops followed the NIST Cybersecurity Framework, identifying strengths and vulnerabilities across five major categories.
Each site’s assessment findings were then presented as a prioritised risk reduction approach to several stakeholder groups. For executive leadership, the information provided a convincing business case for further OT cybersecurity investments. For manufacturing teams, the assessment results showed how strategic cybersecurity enhancements could reduce risks to availability.
Manufacturing support
According to Ortiz, there are several important steps to success in the assessment and rollout process.
- Leverage an experienced partner like Rockwell Automation, to help guide and implement manufacturing site assessments
- Understand the needs and objectives of manufacturing teams by learning their day- to-day business goals and requirements
- Show how cybersecurity supports those manufacturing objectives
- Use workshops, quantitative and qualitative data, and assessment results to achieve stakeholder buy-in
- Create a lean, phased implementation plan that is not overly interruptive to the manufacturing environment
- Deploy the right technology, which in this case consisted of Claroty’s Continuous Threat Detection (CTD) platform, to provide visibility and threat detection
- Maintain the trust that accrued from the collaborative efforts through quarterly check-ins between the IT, cybersecurity, and manufacturing teams.
Following these steps, Church & Dwight created a new level of collaboration and partnership among IT, cybersecurity, and OT manufacturing teams, which is a substantial ongoing benefit contributing to risk reduction. Now, cybersecurity is mutually viewed as a critical feature of the organisation’s manufacturing program across the various teams.
The Rollout
Through the collaborative discovery workshops and resulting assessments, Ortiz was able to achieve the necessary stakeholder buy-in for a range of OT cybersecurity investments. Church & Dwight immediately deployed Claroty’s Continuous Threat Detection (CTD) to monitor networks, accurately identify vulnerabilities, and automate alerts and insights into likely intrusions that could compromise OT environments. CTD also provided mitigation recommendations for each scenario.
In addition, from the data collected in the discovery workshops and with CTD, Church & Dwight clarified and prioritised other potential Industrial Control System (ICS) and OT risks, bringing into focus the need to invest in specific OT cybersecurity priorities, including:
- Vulnerability Detection: A vulnerability management solution utilising Claroty to discover assets with critical vulnerabilities. For any critical ICS assets that are not possible to patch, the plan confirms that other security measures are in place to compensate. The goal is to minimise risks to vulnerable and critical ICS assets that may otherwise impact production and safety if exploited
- System protection: Enhanced security monitoring practices across manufacturing plants for event monitoring and protection against known and unknown threats. Enhanced mointoring helps enable greater visibility to detect threats and security incidents in real time
- Event aggregation: A long-term strategy to aggregate syslogs, the protocols used to send event data logs to a central location for storage, along with events from ICS/ OT assets to a centralised location such as Security Information and Event Management (SIEM) for monitoring and event management. This type of aggregation aids incident response planning, incident investigations, process integrity, and visibility across the ICS/OT network
- Incident response: A plan to minimise the time to recovery for OT/ICS environments. The goal here is to speed recovery of manufacturing operations in the event of an incident or cyberattack that disrupts business operations.
Ultimately, the collaborative workshops with manufacturing teams, combined with the advice and counsel provided by the Rockwell Automation team, led to an efficient and successful OT cybersecurity rollout. The improved visibility across ICS/OT networks has proven vital to identifying vulnerabilities and threats.
Reducing risks to manufacturing
Church & Dwight’s OT cybersecurity rollout was successfully deployed several months ahead of schedule. The ability to assess and mitigate risks using Claroty CTD has given Ortiz’s cybersecurity team clear visibility into threats across multiple manufacturing plants, delivering a full spectrum of IoT and OT visibility, continuous monitoring and real-time risk insights to help protect Church & Dwight from current and emerging threats.
Implementation priorities
Church & Dwight’s implementation plan outlined key priorities to reduce OT cybersecurity risks including continuous threat monitoring, vulnerability management, and incident response. Meanwhile, the advantages of enlisting powerful partners and collaborating on bridging serious gaps, have built a powerful foundation of trust among Church & Dwight’s IT, cybersecurity, and manufacturing teams, as well as between Rockwell Automation and Church & Dwight.
Since the beginning, Ortiz relied on the Rockwell Automation team for advice, counsel, and an in-depth understanding of key cybersecurity gaps and how to resolve them. This enabled Church & Dwight to better meld OT cybersecurity into its current security operations. Due to the success of its industrial threat detection initiative, Church & Dwight has invested in operational support for continuous monitoring and threat alert management, as well as additional programs around incident response.
Ortiz acknowledges that partnerships between IT and OT teams have paid significant dividends by strengthening the bridge between Church & Dwight’s IT cybersecurity team and its OT manufacturing team’s requirements. “Now our manufacturing teams proactively reach out to the cybersecurity team to report things,” Ortiz said. “They understand and are bought in on how cybersecurity can help them maintain availability and keep production lines running smoothly.”
Another key success factor was partnering with corporate leaders, as Ortiz has been able to use the collected data for reporting, and secure necessary funding for OT investments based on insights gained from all of his partnership initiatives.
Ortiz now meets regularly, including quarterly check-ins with manufacturing teams to maintain trust and bridge any remaining IT/ OT cybersecurity gaps. In the end, bringing together cross-functional IT and OT teams has helped Church & Dwight achieve a holistic approach to cybersecurity that the company now relies on for strong, enterprise-wide cybersecurity protection.
Next phases
After prioritising risk and deploying threat detection capabilities, Church & Dwight expanded cyber operations deeper into manufacturing. This included 24x7 security monitoring, integrated threat intelligence, and rapid incident response capabilities. Church & Dwight leveraged managed OT security services from Rockwell Automation to integrate with and support their organisation’s current IT Security Operations and investments.
“Securing operational support for monitoring and managing threat alerts is a top priority,” Ortiz explained.
At the same time, the company is future- proofing its cybersecurity investments and looking into emerging technology capabilities to support its enterprise-wide cybersecurity.
Based on his experiences in bridging IT and OT cybersecurity, Ortiz offered a few words of advice to other industrial organisations getting started in improving OT cybersecurity: “First, learn the business and really partner with executive leadership to establish what your goal is, and agree on what the final outcome should be.”
And, in working with manufacturing, he believes in being persistent. “Be respectful of the manufacturing teams’ time, but keep at it until you get all the information needed to correctly assess the environment.”
Most importantly: “Don’t wait. The time is now to make investments in OT cybersecurity.”
David Ortiz is vice president and chief information security officer at Church & Dwight
- Versatile Machine-Guarding
- Rockwell to acquire Avnet expanding cybersecurity expertise
- Rockwell Automation and Michelin strengthen collaboration
- Rockwell launches connected worker solution
- Visualisation for visionaries with a cloud-based HMI platform
- Be at the leading EDGE
- CORPORATE RESPONSIBILITY REPORT ONLINE
- Busting the myths and misconceptions of MES
- Irish PM addresses industry leaders
- Data-driven automation boosts production-line reliability
- Protect your ICS from cyber-attacks
- Secure data handling
- Cyber security wake-up call
- Serial-to-Ethernet server
- How secure is your ERP system?
- Malware targets industrial safety systems
- Protects controllers from manipulation
- Cyber inventory solution
- Network rental scheme
- Security flaws found in power grid systems