Client Case: Nobian, a leading chemical manufacturer

Discover how Nobian used an OT tabletop crisis simulation to strengthen their crisis response.

... > OT Tabletop Cyber Crisis Management > Client Case: how Nobian used a Crisis Simulation

CLIENT CASE

How Nobian Tests the Response to a Ransomware Attack

Nobian is a European leader in the production of salt, essential chemicals, and energy for industries ranging from construction and cleaning to pharmaceuticals and water treatment.

The company recognizes that cyberattacks on OT environments are a growing problem and that securing Operational Technology is more important than ever. The EU NIS2 regulation also requires cybersecurity for OT environments.

Nobian's challenge: Do we know what to DO if a cyber crisis hits us?

Secura and Nobian conducted a practical simulation of a ransomware attack on one of the production sites. In this case study, we share with you the approach and lessons learned.

Image in image block

Nobian's challenge: Do we know what to DO if a cyber crisis hits us?

OT crisis simulation: From paper to practice

Risk assessments, certification to (OT) standards like IEC62443, and incident response and disaster recovery plans all have one thing in common: they are controls, plans, or guidelines… on paper. However, as Nobian recognized, how well you respond to a cyber incident in practice also depends on the 'human factor.' Response teams should be ready and trained to carry out the paper plans.

First theory

In Nobian’s case, our OT experts were able to help with both: theory as well as practice. We first drafted an OT Security incident response guideline and OT backup and recovery guideline. These were based on international standards and tailored to Nobian’s existing incident response processes, policies and security framework.

Then practice

We then used these documents to create site specific action plans and playbooks. These were put into practice with a Cyber Crisis Tabletop Exercise. The goal of this tabletop was to introduce the crisis team to the topic of Ransomware and allow them to practice their roles, using the improved procedures to make the organization more resilient against cyber attacks.

Let's take a closer look at this OT crisis exercise.

OT Cyber Crisis Exercise with Nobian

01

Thinking like an attacker: presentation

First, our OT specialists gave the crisis team a comprehensive presentation about ransomware, based on the Unified Kill Chain framework. We talked about the definition of ransomware, the specific actors involved in a ransomware attack, and the various phases a ransomware attack passes through, from the attacker's perspective.

02

Discussing roles and responsibilities

Secondly, we discussed Nobian’s updated OT cyber incident response and emergency recovery procedure with the crisis team, as well as the existing crisis management arrangements. The goal was to make sure everybody in the crisis team knew their roles and responsibilities.

03

Solve the crisis: 3 simulation rounds

It was then time for the actual cyber crisis simulation. Nobian’s team worked together to respond to the unfolding crisis, during three rounds. Our trainers delivered injects through mail, phone and paper, and observed the participants closely.

An “inject” can be multiple things: either an e-mail, phone call, or communication via verbal or written means giving information or putting pressure on the situation. Nobian’s crisis team showed strong leadership, effective decision making and good command and control of the incident - the crisis was resolved.

04

Lessons learned: evaluating the response

An exercise is the perfect opportunity to learn what to do and what not to do. After the crisis was averted, the Secura trainers briefly commented on how the crisis team had handled the situation and shared their observations, based on the ISO 22361 standard for effective crisis management.

Highlight-image

"This exercise confirmed for me that our crisis management process is robust and ready to handle this type of cyber crisis. It was especially helpful to improve the alignment and communication between our Crisis Management Team and our local OT Security Incident Response Team."

~ Site crisis management Team Leader, Nobian.

Experiencing an attack

The main objectives of the tabletop were:

  • For participants to get acquainted with the Disaster Recovery Plan
  • To strengthen the handling of significant cybersecurity incidents
  • To assess the effectiveness of existing procedures and identify areas for improvement.
  • But most of all: to truly experience how a cyber incident might unfold at Nobian.

There is a difference between reading about how to handle a crisis and to actually live through a crisis and having an active role in it. How it feels, as a person with all their burdens and emotions, to be involved in tasks and responsibilities that often are written down in words so easily.

Not if, but when

Nobian chose this specific comprehensive approach to test its cyber resilience, because paper and practice are two different things, and people, process and technology need to be aligned for effective crisis management during an OT security incident. The question is not IF it will happen, it is WHEN it will happen. And the only way to be prepared for tomorrow is to practice today.

Member Crisis Team

Nobian

The playbook really gave me good guidance during the incident, which made me feel more confident in each round.

OT services

Related image

OT Cyber Crisis Tabletop

Find out how well your organization is equipped to deal with a full-blown cyber attack with this realistic simulation for OT.

 Related image

OT Perimeter Assessment

Want to know how secure the perimeter is between your OT and IT networks? Find out with the OT Perimeter Assessment.

 Related image

OT Cybersecurity Fundamentals Training

This OT Fundamentals training is essential for learning more about risks to OT systems and how to mitigate them.

Contact me about OT Crisis Exercise

Do you want to know more about how our OT Cyber Crisis Tabletop Exercise can help you strengthen your incident response? Fill out the form and we will contact you within one business day.

USP

ABOUT SECURA

Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.