Infrastructure Qualification Status Assessment
Overview
Driven by the need to enhance ICS/OT infrastructure security and to bridge the technological gap compared to other sectors, a major pharmaceutical company has launched an extensive consolidation initiative.
Following the presentation of the programme and the drafting of the initial internal guidelines, many system owners suddenly found themselves facing three main challenges: the gaps in their managed systems, the long-term maintenance of their business applications, and tackling complex issues such as lifecycle management and policy enforcement.
The complexity of a project of this scale was immediately evident: numerous distributed teams were working at the highest level to promote a top-down overview, each focused on completing their specific tasks. Furthermore, coordination between the various teams, often from different departments, was not always seamless, adding further layers of complexity.
All of this contributed to an increasingly complex, dynamic, and challenging environment: the development of corporate standards, specific policies regarding various security and management aspects, tools, and procedures—all were evolving simultaneously.
Our OT team was involved in the transformation programme from the preparatory phase, supporting the entire design of the architecture, the creation and review of policies, as well as the detailed architectures of each business application across the entire company.
Table of Contents
Solution
Despite the client’s desire to swiftly address the gaps, our team highlighted the benefits of a more comprehensive approach. This involved developing appropriate policies from the top down, clearly defining the “rules of the game” for each individual system and process.
The methodical approach, overall vision, collaboration with all involved parties, and communication of medium-term objectives enabled the company to rectify the underlying practices and conventions contributing to management issues. This process not only updated machines and systems to meet technological advancements but also renewed the company’s long-term perspective.
The project’s execution phase was tackled subsequently: first, we analysed the desired outcomes, then developed fresh and updated designs and schemes in accordance with the latest guidelines and company standards, applying principles of modularity and segmentation by design.
Finally, we implemented the new systems, defined the transitional phase, and carried out data migrations.
Achievement
-
Communication:
Facilitation of cooperation to ensure project progress despite challenges. -
Reactivity:
Successful transformation of approximately 30 industrial automation systems while maintaining security standards and meeting all deadlines. -
Segmentation:
Comprehensive re-engineering of business applications, including infrastructure and functional segmentation, user categorization, and rationalization of non-interactive functional accounts and permissions. -
Lifecycle:
Development of specific guidelines and practical training for system owners to effectively manage software lifecycles and shared platforms, establishing a long-term maintenance strategy with vendors and integrators.
