That is, how a petrochemical company uses MDT AutoSave to increase its plant's cyber-risk resilience.
The challenge
A large multinational petrochemical company was looking to strengthen its cyber defenses (or put another way, aimed for “cyber immunity”) and realized the need to protect networks and process control and automation systems from the inevitability of cyber attacks . They were looking for a way to track and control all their programmable automation devices (PLC, SCADA, HMI, DCS, etc.) to protect them from unauthorized access and changes, mindful of targeted attacks that have already occurred, with particular reference to ransomware.
Experience has shown us that the lack of controlled management of factory devices leads to plant shutdowns, downtime, drops in quality, waste and product errors and also possible safety/safety problems.
In particular, the company needed to protect the programs and data of hundreds of automation devices in its plants in the United States. Those responsible were aware that one of the most dangerous attacks can come through unauthorized access to industrial process automation and control systems, such as programmable logic controllers (PLCs), DCS and SCADA. It was essential to find a solution to identify and eliminate dangerous situations by controlling and reducing the risks to plants and production that can arise from cyber attacks against OT/ICS networks and systems.
The solution
The Company has selected one of the market's leading solutions, which acquires all the modifications to the automation device software to support the goal of "cyber immunity": MDT AutoSave.
MDT AutoSave allows you to have:
- Data backup (configurations, logic, code, etc.) from industrial controllers (PLC, etc.) in a central repository with adequate access protection/management, for OT networked devices and even those that are not connected.
- Authenticate operator and maintenance user access to engineering and management workstations
- Manage backups/images of Workstations, PCs and Servers connected to the OT network
- Identify firmware and risk mitigation software versions
These capabilities have helped the company prepare for an attack by protecting software intellectual property, detecting unauthorized program changes, and quickly restoring correct programs after an attack, particularly if related to ransomware.
The Cyber Security framework for “Cyber Immunity”
Preparation:
AutoSave saves a copy of each program version and revision in a repository. Access to program folders and programs is managed through a flexible system of privileges.
Detect:
AutoSave compares the latest program copy of the file in AutoSave to the program running on each device to identify any differences. If differences are found, the appropriate people are notified with an email highlighting the differences.
Recover:
With a repository of all program revisions, using AutoSave, users can quickly restore the last approved program, in case of an unauthorized change.
The result:
The company now uses MDT AutoSave to manage all system configurations connected to OT/ICS networks for PLCs, HMIs, SCADA, DCS, robots, etc.
AutoSave authenticates users who have credentials and permission to make changes to software. However, if a change is made outside of AutoSave, operators and maintainers have greatly increased their resilience against an unwanted control system change: they know immediately that a change has occurred and are able to roll back quickly. the systems in the state they were in before the change itself.
AutoSave allows you to load the latest approved/verified program onto the device very quickly. To keep plants running during “normal hazards” such as power outages, human errors and equipment failures, AutoSave allows users to quickly retrieve the most up-to-date approved copy of the program and resume operations. By demonstrating that when the modification is the result of an accident/attack and therefore unauthorized, AutoSave becomes even more vital to achieve "cyber immunity".
MDT AutoSave is distributed and supported in Italy by ServiTecno.