Overview

A renowned food and beverage company embarked on a strategic acquisition to incorporate a new division into its operations. But when adding a new division, there are serious security and technological integration concerns involved in bringing a new operation online to an existing multi-faceted technical infrastructure.

Recognizing the critical importance of cybersecurity and technology alignment across the manufacturing facilities, the manufacturer enlisted the expertise of Actemium to conduct a comprehensive assessment of their 12 newly-acquired plant locations. The primary objectives were to identify existing technologies on the manufacturing floor, evaluate cybersecurity standards with the goal to triage quickly, and bridge any gaps between the manufacturer’s standards and the acquired facilities.

To do this Actemium had to audit all the OT devices that had an internet connection at each facility. Once those were identified to ensure that there were no critical issues, the Main Distribution Frame (MDF) and Intermediate Distribution Frame (IDF) cabinets had to be inspected and evaluated to ensure compliance with cybersecurity standards. Finally, the OT software would need to be addressed and reviewed for any potential security gaps. While a sizeable undertaking, taking the time and performing the audits efficiently and effectively the customer was able to understand the issues, potential problems, and investment needed to truly integrate the new facilities into their network of plants.

The Solution

To assess all of these systems Actemium used a systematic approach to both gather and analyze the information. To identify and catalog the OT devices, Actemium utilized advanced scanning tools to identify every networked device within the manufacturing facilities, ensuring a comprehensive understanding of the technology landscape. Once that was cataloged and cross referenced, Actemium conducted detailed assessments of MDF and IDF cabinets and all their related connections, focusing on the adherence to cybersecurity standards and identifying any vulnerabilities. Once connected to the customers corporate network, a vulnerability in the acquired facilities could be catastrophic considering it has the ability to affect operations at other legacy facilities.

Finally, we interrogated all the existing OT software systems to determine the MES, HMI, and SCADA software that was in use. This created a full picture of the technological infrastructure and also illustrated the limitations.

The Result

The result of Actemium’s efforts was comprehensive documentation capturing the current technological landscape of the acquired facilities. This documentation included; a Facility Status Report, a Technology Gap Analysis, Recommendations, and Budgetary Figures. The report provides a deep dive on the needed action items to address gaps in the OT systems and recommendations to mitigate. This report prioritizes the risk impacts and realistically defines what it’s going to take to integrate the new division online without disruption, risks, or higher-level security concerns.

Actemium’s involvement played a pivotal role in ensuring a seamless integration of the acquired division into the manufacturers’ operations. By providing a detailed analysis of the technological landscape, identifying gaps, and offering recommendations with associated budgetary figures, manufacturers gained actionable insights to fortify cybersecurity measures and align technological standards across its expanded enterprise. This case study underscores the importance of proactive assessment in the context of corporate acquisitions for a robust and secure technological environment.