Name:
Cyber Risk Quantification for Swedish Paper Mill
TechSeed contact:
Carl-Göran Domeij
Case details
With a Cyber Risk Quantification analysis, the most accurate and cost-effective cyber security deployment is possible to achieve within an OT environment.
Name:
Cyber Risk Quantification for Swedish Paper Mill
TechSeed contact:
Carl-Göran Domeij
Situation & Challenge
Cyber-attacks against industrial IT such as OT and automation environments has become a growing issue as it can generate a large negative impact on an organization, financially and operationally. The starting point here is that the customer does not have a dedicated approach for cybersecurity in the OT-environment, lacking insights about assets; network components such as servers, PLCs, IoT devices and the control over communication. As automation resources with dedicated cyber security skill is scarce and many components are managed by various external suppliers with different approaches to remote access the complexity increases. To get an understanding of the environment and eventually set the relevant cyber protection initiatives based on an optimized approach is thus difficult.
Name:
Cyber Risk Quantification for Swedish Paper Mill
TechSeed contact:
Carl-Göran Domeij
Engagement details, solution & value created
Based on applicable cyber risk scenarios; financial/productivity and operational impact was calculated. The calculation takes critical business assets and their value into considerations. A desired wanted situation set together with the customer (short term and long term) was den decided on. Based on this a mapping of the current situation was performed. This assessment include the Enterprise abilities for OT/ICS, in total 20 subject areas. The abilities are based on People, Processes and Technology. The result is then a score deviation from desired wanted situation. Based on this calculations on needed investments (resources, technology, etc) are performed with the cyber-risks scenarios in scope. Finally, this is fed into planning, budgeting and implementation roll out activity.