Piscium SecurityPISCIUMSECURITY
Cement & Aggregates (Illustrative Scenario)← All Case Studies

Illustrative Walkthrough: RiverClear Cement Reduces Exploitable Attack Paths by 40% in 90 Days

RiverClear Cement is a fictional company. This reference walkthrough uses a modeled multi-plant scenario to show how Piscium works: RiverClear operates 6 production plants with interconnected OT/ICS environments controlling kiln operations, raw material handling, and emissions monitoring. Legacy PLCs and HMIs share flat network segments with corporate IT, creating unmonitored lateral movement opportunities. Annual pen tests miss persistent attack paths through OT convergence points, and manual patching windows are limited to planned maintenance shutdowns every 8 weeks.

-40%

Exploitable Attack Paths (Modeled)

Modeled reduction in exploitable OT attack paths across all 6 plants within 90 days

-55%

Mean-Time-to-Remediate (Modeled)

Modeled reduction from 56 days to 25 days average for critical OT findings

2,100+

Assets Discovered (Modeled)

Previously unmonitored OT assets identified and mapped in the reference environment

The Challenge

RiverClear Cement is a fictional company. This reference walkthrough uses a modeled multi-plant scenario to show how Piscium works: RiverClear operates 6 production plants with interconnected OT/ICS environments controlling kiln operations, raw material handling, and emissions monitoring. Legacy PLCs and HMIs share flat network segments with corporate IT, creating unmonitored lateral movement opportunities. Annual pen tests miss persistent attack paths through OT convergence points, and manual patching windows are limited to planned maintenance shutdowns every 8 weeks.

The Solution

In this modeled scenario, Piscium's autonomous CTEM platform is deployed across all 6 plants, continuously mapping the OT/IT attack surface, including previously invisible PLC-to-HMI paths and historian-to-corporate data flows. Offensive AI agents safely validate exploitability of discovered paths without disrupting kiln or emissions operations. Prioritization by operational impact focuses remediation on paths that could affect safety-critical systems first, and automated playbooks are dispatched to the plant operations team via ServiceNow.

About this walkthrough: RiverClear Cement is a fictional company. This is an illustrative reference walkthrough built on a modeled environment. The metrics shown are modeled estimates of how Piscium is designed to perform, not measured results from a customer deployment.

## Background RiverClear Cement is a fictional cement and aggregates producer we use to illustrate a realistic industrial environment: 6 production plants with over 2,000 OT/ICS assets. The modeled operational technology environment includes legacy Siemens and Allen-Bradley PLCs, Wonderware HMIs, OSIsoft PI historians, and a mix of Modbus TCP and EtherNet/IP protocols. In this scenario, the convergence of IT and OT networks (originally designed for operational efficiency) has created unmonitored lateral movement paths that traditional security tools can't see. Annual penetration tests provide only point-in-time snapshots, missing the dynamic attack surface created by OT configuration changes, firmware updates, and new network connections added during maintenance windows. ## Implementation In the modeled walkthrough, Piscium is deployed in a phased rollout across all 6 plants: 1. **Discovery Phase (Week 1 to 3):** Passive and active discovery maps 2,147 OT assets across all plants, identifying 180+ previously unknown lateral movement paths, including paths from historian servers through corporate VPN concentrators to the kiln control network. 2. **Validation Phase (Week 4 to 6):** Offensive AI agents conduct safe attack simulations against discovered paths, validating exploitability without triggering safety interlocks or disrupting production. In the model, 73% of critical paths are exploitable using known techniques against unpatched HMI interfaces. 3. **Remediation Phase (Ongoing):** Impact-prioritized remediation playbooks are generated automatically. The operations team addresses safety-critical paths first (network segmentation changes between kiln control and corporate segments), followed by HMI patching during scheduled maintenance windows. ## Results In this modeled scenario, RiverClear reduces exploitable attack paths by 40% across all 6 plants within 90 days. Continuous validation confirms that implemented remediations actually break the attack paths, eliminating the "patch and pray" approach that previously left gaps unverified between annual assessments. Modeled mean-time-to-remediate for critical OT findings drops from 56 days to 25 days, driven by automated prioritization and pre-built playbooks aligned with plant maintenance schedules. All figures above are modeled estimates from an illustrative reference environment, not measured outcomes from a production deployment.

See What Piscium Could Find in Your Environment

Learn how Piscium can validate and reduce cyber risk in your environment.