In recent years, the automotive industry has faced an increasingly complex landscape of regulations focused on safety and environmental impact. These regulations are transformative, driving automotive manufacturers to reassess and fortify the security of their industrial environments, while also rethinking their production processes to minimize their carbon footprint.
Our client, a leading global car manufacturer, wanted to secure one of their factories comprising three industrial plants by designing and deploying a safety plan to comply with two key automotive regulations: NIST Cybersecurity Framework (CSF) v2.0 and ISO/SAE 21434 Cybersecurity Engineering for Road Vehicles
Protecting the future of mobility
The three industrial plants (raw assembly, final assembly and painting) had more than 5,000 programmable logic controllers (PLCs), over 60 rugged firewalls and more than 450 engineering workstations that needed to be assessed and protected.
Using our expert talent, deep technical and business knowledge and best practices, we worked closely with the client to provide strategic advisory services, security engineering and managed IT services to help secure their industrial environments.
As a first step, our security experts performed a gap analysis to understand and compare the organization’s current compliance status against the regulatory compliance standards to be achieved. Based on this assessment, a remediation plan was put in place to implement the necessary security controls that addressed the identified gaps, including:
- Industrial network segmentation, patch management and software updates
- Service and end-point hardening
- Sensitive data encryption
- Security event logging and monitoring
- Data backups
- Maintenance and support
- Security audits
- Preparation of cyber incident playbooks
CGI managed all asset changes, inventory, backup and procedures to detect and mitigate vulnerabilities and manage incidents within a predefined maximum threshold time. Our experts were also responsible for managing security detection and protection tool updates.
Outcomes delivered
As a result, the client’s industrial environment (OT/ICS area) within the framework of production and engineering, all the equipment connected to the production network, including the gross assembly warehouses, painting and final assembly plants, and the laboratory units with connection to the production network are now secure and protected and fully compliant with the internal shopfloor security framework.
- Digitalization and automatization of the factory’s security governance, implementation and operation
- Deployment of the safety regulations established by the company within the required deadline
- OT security task definition and execution to comply with NIST 800 regulations
- 24x7 support for three plants with full-time, dedicated experts to attend to security incidents
- 100% of annual audits carried out by the company successfully passed
As a result of our successful engagement, the implemented best practices were recommended for the rest of the group's factories.
