Consumer packaged goods company Church & Dwight has selected Rockwell Automation’s technologies to help build resiliency and minimize risks in its operations technology (OT) manufacturing security practices. Church & Dwight’s brands include Arm & Hammer, Arrid, Nair, Orajel and WaterPik.
According to Church & Dwight, its goal in working with Rockwell Automation is to gain a deeper understanding of its manufacturing risk profile by identifying critical assets, vulnerabilities and security gaps. After an initial examination and risk prioritization, Rockwell collaborated with Church & Dwight to develop a remediation roadmap, new security policies and other measures to minimize risks.
As part of the company’s cybersecurity initiative, David Ortiz, Church & Dwight’s vice president and chief information security officer, worked with the Rockwell Automation’s cybersecurity team to develop a series of cybersecurity discovery workshops for more than a dozen manufacturing facilities across the company. The workshops followed the NIST Cybersecurity Framework, identifying strengths and vulnerabilities across five major categories.
Each site’s assessment findings were presented as a prioritized risk reduction approach to several stakeholder groups. For executive leadership, the information provided a business case for further OT cybersecurity investments. For manufacturing teams, the assessment results showed how strategic cybersecurity enhancements could reduce risks to availability.
“Our goal was to detect anything potentially malicious on our network. We were laser- focused on this goal, not ‘boiling the ocean’ in terms of trying to improve every possible process upfront. This allowed us to partner with the manufacturing teams and not take up too much of their valuable resource time,” Ortiz said.
According to Ortiz, there are several important steps to success in the assessment and
rollout process.
- Leverage an experienced partner to help guide and implement manufacturing site assessments.
- Understand the needs and objectives of manufacturing teams by learning their day-to-day business goals and requirements.
- Show how cybersecurity supports those manufacturing objectives.
- Use workshops, quantitative and qualitative data, and assessment results to achieve stakeholder buy-in.
- Create a lean, phased implementation plan that is not overly interruptive to the manufacturing environment.
- Deploy the right technology, which in this case consisted of Claroty’s Continuous Threat Detection (CTD) platform, to provide visibility and threat detection.
- Maintain the trust accrued from the collaborative efforts through quarterly check-ins between the IT, cybersecurity and manufacturing teams.
“Discovery workshops and our various assessment tools help us quickly examine vulnerabilities on networks and assets,” said Mark Cristiano, global commercial director at Rockwell Automation. “We can put context around the severity of risk for each vulnerability to help prioritize focus and remediation steps, closing the highest risk vulnerabilities very efficiently.”
From the data collected in the discovery workshops and with Claroty’s CTD, Church &
Dwight clarified and prioritized other potential industrial control system (ICS) and OT risks, bringing into focus the need to invest in specific OT cybersecurity priorities, including:
- Vulnerability detection: A vulnerability management system that uses Claroty to discover assets with critical vulnerabilities. For any critical ICS assets that are not possible to patch, the plan confirms that other security measures are in place to compensate. The goal is to minimize risks to vulnerable and critical ICS assets that may otherwise impact production and safety if exploited.
- System protection: Enhanced security monitoring practices across manufacturing plants for event monitoring and protection against known and unknown threats. Enhanced monitoring helps enable greater visibility to detect threats and security incidents in real time.
- Event aggregation: A long-term strategy to aggregate syslogs (the protocols used to send event data logs to a central location for storage) and events from ICS/OT assets to a centralized location such as security information and event management (SIEM) for monitoring and event management. This type of aggregation aids incident response planning, incident investigations, process integrity and visibility across the ICS/OT network.
- Incident response: A plan to minimize the time to recovery for OT/ICS environments. The goal here is to speed recovery of manufacturing operations in the event of an incident or cyberattack that disrupts business operations.
The ability to assess and mitigate risks using Claroty’s CTD has given Ortiz’s cybersecurity team clear visibility into threats across multiple manufacturing plants, delivering IoT and OT visibility, continuous monitoring and real-time risk insights to help protect Church & Dwight from current and emerging threats.
“Over the course of our partnership with Church & Dwight, we have implemented new security controls and processes and have already seen a dramatic shift in the company's OT practices,” said Cristiano.
