Overview
Driven by the need to enhance ICS/OT infrastructure security and to bridge the technological gap compared to other sectors, a major pharmaceutical company has launched an extensive consolidation initiative.
Following the presentation of the programme and the drafting of the initial internal guidelines, many system owners suddenly found themselves facing three main challenges: the gaps in their managed systems, the long-term maintenance of their business applications, and tackling complex issues such as lifecycle management and policy enforcement.
The complexity of a project of this scale was immediately evident: numerous distributed teams were working at the highest level to promote a top-down overview, each focused on completing their specific tasks. Furthermore, coordination between the various teams, often from different departments, was not always seamless, adding further layers of complexity.
All of this contributed to an increasingly complex, dynamic, and challenging environment: the development of corporate standards, specific policies regarding various security and management aspects, tools, and procedures—all were evolving simultaneously.
Our OT team was involved in the transformation programme from the preparatory phase, supporting the entire design of the architecture, the creation and review of policies, as well as the detailed architectures of each business application across the entire company.
Solution
Despite the client's desire to swiftly address the gaps, our team highlighted the benefits of a more comprehensive approach. This involved developing appropriate policies from the top down, clearly defining the "rules of the game" for each individual system and process.
The methodical approach, overall vision, collaboration with all involved parties, and communication of medium-term objectives enabled the company to rectify the underlying practices and conventions contributing to management issues. This process not only updated machines and systems to meet technological advancements but also renewed the company's long-term perspective.
The project's execution phase was tackled subsequently: first, we analysed the desired outcomes, then developed fresh and updated designs and schemes in accordance with the latest guidelines and company standards, applying principles of modularity and segmentation by design.
Finally, we implemented the new systems, defined the transitional phase, and carried out data migrations.
Achievement
Communication
The cooperation we fostered ensured the project progressed at the right pace, despite the numerous challenges that emerged along the way.
Responsiveness
Despite the inherent complexities of the industrial sector and the evolving user requirements (URS) due to technological updates, the project team successfully transformed approximately 30 industrial automation systems. This was accomplished while ensuring maximum process efficiency, maintaining high standards of security, and meeting all delivery deadlines.
Segmentation
Our immediate contribution involved the complete and systematic reengineering of business applications. We introduced segmentation both as an infrastructural and functional approach, which led to a comprehensive review of network user categorisation, the rationalisation of functional and non-interactive users, application permissions, and process management through IT tools.
Lifecycle Management
By drafting specific guidelines, providing practical training, and conducting thorough system reviews, we enabled system owners to effectively manage the lifecycle of their software and shared platforms. The collaboration with manufacturers and integrators, along with the shared vision we presented, facilitated the development of an effective strategy. This strategy, built on the involvement of all parties in the software maintenance process, ensured a robust and effective long-term vision.