Cement & Aggregates

RiverClear Cement Reduces Exploitable Attack Paths by 40% in 90 Days

RiverClear Cement operates 6 production plants with interconnected OT/ICS environments controlling kiln operations, raw material handling, and emissions monitoring. Legacy PLCs and HMIs shared flat network segments with corporate IT, creating unmonitored lateral movement opportunities. Annual pen tests missed persistent attack paths through OT convergence points, and manual patching windows were limited to planned maintenance shutdowns every 8 weeks.

All Case Studies

The Challenge

The Solution

Piscium deployed its autonomous CTEM platform across all 6 plants, continuously mapping the OT/IT attack surface — including previously invisible PLC-to-HMI paths and historian-to-corporate data flows. Offensive AI agents safely validated exploitability of discovered paths without disrupting kiln or emissions operations. Prioritization by operational impact focused remediation on paths that could affect safety-critical systems first, and automated playbooks were dispatched to the plant operations team via ServiceNow.

Outcomes

-40%

Exploitable Attack Paths

Reduced exploitable OT attack paths across all 6 plants within 90 days

-55%

Mean-Time-to-Remediate

Reduced from 56 days to 25 days average for critical OT findings

2,100+

Assets Discovered

Previously unmonitored OT assets identified and mapped

“Piscium showed us attack paths we didn't know existed — through our kiln control network to corporate IT. Within 90 days, 40% of those paths were eliminated with validated remediations.”
VP of Industrial Cybersecurity

## Background RiverClear Cement is one of the largest cement and aggregates producers in the region, operating 6 production plants with over 2,000 OT/ICS assets. Their operational technology environment includes legacy Siemens and Allen-Bradley PLCs, Wonderware HMIs, OSIsoft PI historians, and a mix of Modbus TCP and EtherNet/IP protocols. The convergence of IT and OT networks — originally designed for operational efficiency — had created unmonitored lateral movement paths that traditional security tools couldn't see. Annual penetration tests provided only point-in-time snapshots, missing the dynamic attack surface created by OT configuration changes, firmware updates, and new network connections added during maintenance windows. ## Implementation Piscium was deployed in a phased rollout across all 6 plants: 1. **Discovery Phase (Week 1–3):** Passive and active discovery mapped 2,147 OT assets across all plants, identifying 180+ previously unknown lateral movement paths — including paths from historian servers through corporate VPN concentrators to the kiln control network. 2. **Validation Phase (Week 4–6):** Offensive AI agents conducted safe attack simulations against discovered paths, validating exploitability without triggering safety interlocks or disrupting production. The platform identified that 73% of critical paths could be exploited using known techniques against unpatched HMI interfaces. 3. **Remediation Phase (Ongoing):** Impact-prioritized remediation playbooks were generated automatically. The operations team addressed safety-critical paths first — network segmentation changes between kiln control and corporate segments — followed by HMI patching during scheduled maintenance windows. ## Results Within 90 days of deployment, RiverClear reduced exploitable attack paths by 40% across all 6 plants. Continuous validation confirmed that implemented remediations actually broke the attack paths — eliminating the "patch and pray" approach that had previously left gaps unverified between annual assessments. Mean-time-to-remediate for critical OT findings dropped from 56 days to 25 days, driven by automated prioritization and pre-built playbooks that aligned with plant maintenance schedules.

See Similar Results for Your Organization

Learn how Piscium can validate and reduce cyber risk in your environment.

Request a Demo More Case Studies