The Client Overview
Indorama Eleme Petrochemical Limited (IEPL), located in Port Harcourt, Rivers State, Nigeria, a Group Company of Indorama Corporation, is a Poly-Olefins producer of a range of Polyethylene and Polypropylene products. IEPL was a 100% subsidiary of Nigerian Government owned Nigerian National Petroleum Corporation (NNPC) with the name Eleme Petrochemicals Company Limited (EPCL). The Complex has state of art Olefins plant, Polyethylene / Butene and Polypropylene Plants. The operations are well supported by a Captive Power Plant, Utilities, Effluent Treatment Plant, Storage Tanks, Bagging, Warehouses and other supporting facilities.
Background and Key Challenges
Indorama’s facilities in Nigeria across the plant and substation utilized complex infrastructure comprising of Industrial Control System (ICS) and Operational Technology (OT) Systems that gave rise to significant cybersecurity challenges. With the expanding threat landscape, the organization also struggled in maintaining a secure OT environment. Incomplete asset inventories, the absence of real-time threat visibility, and limited cybersecurity measures posed serious risks to critical manufacturing systems as well as operational continuity. Furthermore, there were concerns over third-party vendors who frequently accessed the ICS network for support and maintenance, in the absence of 24X7 threat detection and response service.
- Limited Visibility: There was a lack of centralized visibility across the on-prem and cloud environments at each of the Bank’s units, obstructing the security team’s ability to timely detect and respond to security incidents.
- DDoS Attacks: There was a surge in cyber threats, mainly DDoS attacks putting the availability of the Banks’ digital channels at risk.
- Alert Fatigue: The existing security infrastructure generated a high number of alerts that led to missing real threats, or delayed responses, from the lean security team.
Goals
- Enhance cybersecurity across OT systems at the facilities including a cybersecurity protection strategy for critical and volatile production processes.
- Achieve real-time threat visibility across its ICS systems, the OT network, and networked assets.
- Establish a process for conducting daily asset inventories across the facilities
- Improve network monitoring and enhance incident response capabilities.
The Solution: Inspira Enterprise Approach
To address the cybersecurity challenges, Indorama Ventures partnered with Inspira Enterprise, a global cybersecurity risk management service provider with rich experience in implementing large cybersecurity deployment programs and expertise in delivering modern AI/ML-based SOC.
Inspira’s team reviewed Indorama’s Control System Architectures & Networks. Accordingly, a solution was proposed for the effective monitoring of networks & OT Assets.
The solution comprised of:
Nozomi Guardian Sensors and CMC (Central Monitoring Console) to monitor the individual plant proprietary control networks.
IBM’s QRadar to monitor the system logs of all the servers and workstations.
Firewalls to segment each plant and have provision for Natted IP’s.
Real-Time Visibility and Threat Intelligence: The team deployed Nozomi Central Management Console which aggregated information from the sites and assets and delivered visibility of the OT networks, after a gathering and learning period. Guardian Sensors provided real-time OT visibility and monitoring. The deployment ensures proactive monitoring and timely detection of threats.
Vulnerability Assessments & Security Information and Event Management (SIEM): IBM QRadar SIEM was integrated into the solutions enabling the collection and analysis of security events and logs from all the systems and devices. This provided a single-pane view of cybersecurity incident response, thereby enabling timely threat detection, correlation of events, and rapid response.
Impact of the Solution – Benefits
- 360-degree Threat Visibility: Real-time Operations Visibility and Enhanced Cybersecurity were established. Indorama gained real-time visibility into its ICS environment, which enabled proactive monitoring and quick response to all potential threats.
- Better Asset Management: The comprehensive automated daily asset inventory provided detailed information about the devices and the organization had complete control over its OT infrastructure. Asset Management practices were significantly improved and all regulatory requirements were met, thereby enhancing the cybersecurity posture.
- Enhanced OT Cybersecurity: All security measures, including daily asset inventories, SIEM, VAPT, and network monitoring, protected the critical infrastructure, improved incident response capabilities, minimized the risks, and improved the OT cybersecurity.
