The June 2021 ransomware attack on JBS Foods that knocked out the plant operations supplying roughly a fifth of the United States’ meat supply and created shortages across the country proved not only that no industry is immune to cyber-attack, but also that consumer packaged goods, food and beverage manufacturing is a critical industry. In Fall of 2021, the FBI issued a notice alerting food businesses that cybercriminals are focused on carrying out ransomware attacks against companies in this sector.
The consumer-packaged goods and food and beverage industry requires proactive cybersecurity protection – not only to minimize the risks of downtime, stolen intellectual property, or financial loss – but because cyber-attacks can compromise food safety and jeopardize our food supply.
As plant managers in the consumer-packaged goods and food and beverage industry are increasingly asked to improve cyber defenses, there are four key challenges that they face.
Challenge 1: Avoiding Downtime and Damage from Cyber-Attack
Successful cyber-attacks on Operational Technology (OT) often result in downtime, which is extremely costly when you are producing hundreds or thousands of products per second. Recovering from a cybersecurity incident doesn’t happen instantly, and the financial hit can quickly reach into the millions of dollars. In the JBS Foods ransomware attack, the company paid $11 million to restore operations.
Another unique consumer packaged goods, food and beverage manufacturing cybersecurity challenge is the potential to intentionally spoil perishable products, which poses serious consumer safety concerns. Attacks on plant floor systems could disrupt operations by tweaking temperature controls on refrigeration systems, allowing micro-organisms to grow on products. Threat actors who gain control of plant floor machinery could also adjust product recipes and ingredient ratios that would impact product quality and safety.
While external threats grow, internal threats are equally vexing. Cybersecurity talent is scarce across all manufacturing industries. With a handful of personnel typically responsible for information security, those in charge often focus on securing enterprise IT networks rather than plant floor operations. Plant floor operators often lack OT cybersecurity expertise.
Challenge 2: Modernizing Manufacturing Operations
As with many other sectors, consumer packaged goods and food and beverage companies are working to modernize manufacturing operations through IT/OT convergence. Networks of Internet-connected sensors and actuators, increased automation, and industrial analytics each play a role in the connected enterprise.
While the benefits of IT/OT convergence are well-established, increasing connectivity also expands the attack surface by exposing more infrastructure to the internet. Manufacturing execution systems, Supervisory Control and Data Acquisition systems, and other industrial control systems that keep plants and production in operation can be compromised when attackers find entry through weak IT links.
It’s crucial to harden networks to manage this additional exposure with techniques such as network segmentation, firewall deployment, and ongoing threat monitoring. Companies should consider investing in a Converged Plantwide Ethernet architecture, which eliminates direct traffic flow between IT and OT networks using an Industrial Demilitarized Zone (IDMZ) segmentation strategy. Firewalls around the IDMZ then create a security perimeter, and switches facilitate secure connectivity.
This type of network design prevents threat actors from moving across the IT/OT boundary into production infrastructure, which in turn allows the benefits of secure digital transformation in consumer-packaged goods and food and beverage organizations – like greater speed and efficiency in manufacturing operations – to be fast tracked.
Challenge 3: Removing Legacy Plant Floor Computer Risks
Another barrier to secure operations is the risk contained in legacy plant floor computers and devices. Many weren’t designed to participate in a connected enterprise. There are multiple security risks to allowing access to computers and servers that run vulnerable, outdated operating systems.
For example, patching is a well-known process that serves to close vulnerabilities and prevent breaches, but it’s underserved by many industrial companies – in part due to the difficulty in patching legacy equipment. A recent survey found that nearly two thirds of organizations do not have effective OT patch management in place. Therefore, it is important to have internal policies to manage these legacy plant floor computer risks and to manage and maintain the virtualized environment and infrastructure.
Challenge 4: Proactively Detecting and Responding to Attacks
Even with baseline security protections in place, adversaries may still get inside a network, riding on an employee error or a zero-day software vulnerability. Once inside your network, thwarting attacks becomes a race against time before cybercriminals steal sensitive trade secrets, such as product formulations, or encrypt infrastructure, grinding production to a halt.
Responding quickly is challenging because threat actors employ tactics to evade detection. Perpetrators know better than to make their presence on a network obvious until they are ready to activate their full attack. Evasive techniques include using commercially available tools to move laterally through networks and establish persistence.
A properly implemented network architecture can mitigate some risks, but to proactively protect OT operations and gain precious speed, additional defense-in-depth solutions should be added to your cybersecurity strategy. Especially important are continuous threat monitoring and a rehearsed incident response plan.
Threat detection software can detect malicious activities at any stage of an attack, helping to stop hackers from their nefarious work, such as conducting reconnaissance to executing malicious payloads. Plant floor anomalies, such as communication changes between industrial assets, also indicate a lurking actor who may be ready to pounce. When time is of the essence and vast production losses are on the line, Food and Beverage makers need this rapid threat detection capability.
What’s more, an incident response plan can reduce impacts from cyber-attacks. Your plan should include communications, roles, and responsibilities along with key steps around disengaging network assets when indicated. The plan should be practiced in order to work out any steps not accounted for and to gain speed and confidence.
The shock of an active cyber-attack can be very confusing. Practicing in advance, in tabletop exercises for example, allows security teams to act quickly and minimize losses.
Summary: food and beverage cybersecurity challenges
Overcoming cybersecurity challenges in the Food and Beverage industry may seem overwhelming. That’s where experienced experts can help.
A phased approach is recommended, securing the most critical assets and systems first and addressing these four challenges within an overall industrial cybersecurity program.
Subscribe today to the United States Cybersecurity Magazine at www.uscybersecurity.net/subscribe for more in-depth information!
Brian Deken
Tags: Cyber-Attacks, Food and Beverage Cybersecurity, IT, OT, Ransomware
