Raise OT security to IT level

An IT project manager solved a seemingly insoluble problem and was promoted to head of IT security.

Most manufacturing companies will be familiar with this problem: OT is nowhere near as easy to optimize as IT when it comes to IT security.

In this success story by Kevin Naujokat, originally IT project manager of the WEIG Group, we show a feasible and successful solution to this problem. We also show how those responsible can significantly advance and professionalize IT security in their company with our support.

Table of Contents

WEIG group

The WEIG Group serves the recycling, cardboard and packaging business units in an efficient circular system with a clear commitment to sustainability and resource conservation. The group employs around 1.800 people at several national and international locations.

kevin-naujokat.1024x1024 copy

Kevin Naujokat
Head of IT Security department

As head of the IT Security department at the WEIG Group, Kevin Naujokat is committed to expanding cyber resilience.

The challenges

When Kevin Naujokat first contacted us, he was not yet head of the IT Security department - because this department simply did not exist yet. Nevertheless, the group's IT department was generally very well positioned in terms of personnel and expertise. It was important to firmly establish IT security in the overall IT context.

Mr. Naujakat came to us specifically with the following challenges: The regulatory requirements to the KRITIS operator required an efficient expansion of IT security. For this to happen, the first thing you had to do was Status Quo be identified in this area. Our task was to comprehensively examine the extensive infrastructure with many locations, services, systems and production sites.

An internal challenge was: Align the security standard of OT with that of IT. The operational characteristics of OT and a smaller staffing made many common measures impossible. Many departments would have given up at this point and checked off the optimization of OT security as impossible. However, with our support, Kevin Naujokat found a workable solution for this too.

In the course of our collaboration we also found a... M&A process took place, which required a review and optimization of IT security.

Our solutions

A pair of extensive initial penetration test revealed weak points that the WEIG Group's IT initially worked on independently. Many of the findings were made possible through consistent mains separation be resolved.

In order to further expand IT security more efficiently, we supported Mr. Naujokat and his team after the first retest with advice and ongoing support. For building a custom-fit ISMS we established a common one Regular appointment structure.

We met the challenges of OT in 3 steps:

  1. Penetration test of the OT environment (a step that unfortunately very few manufacturing companies dare to take)
  2. Workshop to develop necessary measures with the IT department in order to relieve the OT staff, which is understaffed
  3. Continuous implementation of the measures by the OT at appropriate maintenance times

 

In M&A processes We were involved at an early stage to ensure that the level of security achieved was maintained.

The result

The extensive initial penetration test made the highest risks transparent and enabled an efficient start to risk minimization.

The joint planning and implementation of risk minimization led to an increase in the IT security maturity level to a very high level appropriate to the KRITIS status - including the OT environment.

The integration into M&A processes ensured the maintenance of a group-wide security standard.

Continuous penetration tests (IT and OT, also international) enabled updated risk assessments.

Start your own success story!
What are your challenges in expanding your IT security?
Schedule a Personal Consultation

Bonus

Transparent reporting on the progress towards management resulted in the Establishment of a dedicated IT security department. Kevin Naujokat moved from IT project manager to head of this new department promoted.

Continue reading?

More success stories
3 building blocks for secure innovation

How do you combine innovation and digitalization with security? How do you create operational space for the efficient implementation of IT security projects?

Table of Contents