Ethanol Producer Amplifies Industrial Control System Security to Expand Product Portfolio

Large Ethanol, Food-Grade Alcohol, and Pharmaceutical-Grade Alcohol producer.

A fuel-grade ethanol manufacturing plant decided to expand and diversify its product portfolio to include pharmaceutical-grade alcohol, an ingredient used in manufacturing of sanitizers, disinfectants, solvents, and preservatives. 

To do so, they needed to ensure their manufacturing process complied with the U.S. Food & Drug Administration’s Good Manufacturing Practice Guidance for Active Pharmaceutical Ingredients (API).¹

The instructions state that manufacturers should establish, document, and implement an effective system for managing quality to encompasses the organizational structure, procedures, processes, resources, and activities to ensure confidence that the API will meet its intended specifications for quality and purity.

_{¹ FDA. Guidance for Industry: Q7 Good Manufacturing Practice Guidance for Active Pharmaceutical Ingredients Questions and Answers. [Internet]. Silver Spring (MD): U.S. Food and Drug Administration; 2016 [cited 2023 June 8]. Available from: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/guidance-industry-q7a-good-manufacturing-practice-guidance-active-pharmaceutical-ingredients#P661_40349}

Novaspect’s System Solutions and Cybersecurity Specialists worked in conjunction with the customer to initiate a formal assessment and discovered several vulnerabilities and dynamic documentation shortcomings within the manufacturing process that needed to be addressed to meet API validation.

From there, Novaspect architected, configured, and deployed the hardware, software, and services in alignment with FDA’s API guidance and ISA/IEC 62443 standards, through Best-in-Class:

• Backup and Recovery – to easily recover and restore DeltaV Process Automation System configuration files, databases, and system images in the event of emergency.
• Patch Management – to apply system-wide security hotfixes and patches across multiple workstations and embedded nodes with an Independent Domain Controller (IDC) environment.
• Endpoint Protection & Application Whitelisting – to block unauthorized executables and potential threats on servers and workstations.
• Audit Trail/Version Control Software – to automatically document changes to manufacturing processes and software versions.
• NTP Server – solution utilized to keep all machines – operator stations, application stations used for Historian purposes, etc. synchronized by World Clock. This is another requirement of API guidelines, so all records are time stamped accurately for validation purposes.

Creating a secure and validated system enabled expansion into the Life Sciences environment which increased revenue, and it also strengthened the company’s posture and resilience to weather future fluctuations in product demand.

Move forward in your pursuit of OT cybersecurity and connect with an experienced team you can trust.