September 19, 2022
By Brian Van Vleet, Commercial Lead, Cybersecurity & Network Services, Rockwell Automation
The May 2021 ransomware attack on JBS Foods that knocked out the plant operations supplying roughly a fifth of the United States’ meat supply is an all too familiar story.
Since September of 2021, the Federal Bureau of Investigation (FBI) has been alerting food producers, processors, and manufacturers via an industry-specific notice that criminals are carrying out focused ransomware attacks targeting companies in this sector.
Food and Beverage organizations now see themselves in the crosshairs for Critical Infrastructure cyberattacks that aim to shut down operations. What’s more, all attacks of this type carry the potential for severe consequences.
The Food and Beverage sector requires proactive cybersecurity protection – not only to minimize the risks of downtime, stolen intellectual property, or financial loss – but because cyberattacks can compromise food safety and jeopardize society’s food supply.
Below are a few of the most pressing food and beverage industry cybersecurity challenges along with best practice advice to help you mitigate risks.
Challenge 1: Avoiding Downtime and Damage from Cyberattacks
Successful cyberattacks on operational technology (OT) often result in downtime, which is extremely costly for Food and Beverage manufacturers who produce hundreds or thousands of products per second. Recovering from a cybersecurity incident doesn’t happen instantly, and the financial hit can quickly reach into the millions of dollars. In the JBS Foods ransomware attack, the company paid $11 million to restore operations.
Another unique Food and Beverage cybersecurity challenge is the potential to intentionally spoil perishable products, which poses serious consumer safety concerns. Attacks on plant floor systems could disrupt operations by tweaking temperature controls on refrigeration systems, allowing micro-organisms to grow on products. Threat actors who gain control of plant floor machinery could also adjust product recipes and ingredient ratios that would impact product quality and safety.
While external threats grow, internal threats are equally vexing. Cybersecurity talent is scarce across all manufacturing industries. With a handful of personnel typically responsible for information security, those in charge often focus on securing enterprise IT networks rather than plant floor operations. And plant floor operators often lack OT cybersecurity expertise.
Rockwell Automation has built a global practice around industrial cybersecurity, securing some of the largest Food and Beverage industrial organizations in the world. Our experts can help identify cybersecurity risks to your industrial assets through risk and vulnerability assessments, including penetration testing, and then can develop as well as run the right program for your specific infrastructure.
Challenge 2: Modernizing Manufacturing Operations
As with many other sectors, Food and Beverage companies are working to modernize manufacturing operations through IT/OT convergence. Networks of Internet-connected sensors and actuators, increased automation, and industrial analytics each play a role in the connected enterprise.
While the benefits of IT/OT convergence are well-established, increasing connectivity also expands the attack surface by exposing more infrastructure to the internet. Manufacturing execution systems (MES), Supervisory Control and Data Acquisition (SCADA) systems, and other industrial control systems (ICS) that keep plants and production in operation can be compromised when attackers find entry through compromised enterprise assets.
It’s crucial to harden networks to manage this additional exposure with techniques such as network segmentation, firewall deployment, and ongoing threat monitoring. Food and Beverage companies should consider investing in a Converged Plantwide Ethernet (CPwE) architecture, which helps eliminate direct traffic flow between IT and OT networks using an Industrial Demilitarized Zone (IDMZ) segmentation strategy. Firewalls around the IDMZ then create a security perimeter, and switches facilitate secure connectivity.
This type of network design helps prevent threat actors from moving across the IT/OT boundary into production infrastructure, which in turn allows the benefits of secure digital transformation in Food and Beverage organizations – like greater speed and efficiency in manufacturing operations – to be fast tracked.
Challenge 3: Removing Legacy Plant Floor Computer Risks
Another barrier to secure Food and Beverage operations is the risk contained in legacy plant floor computers and devices. Many weren’t designed to participate in a connected enterprise. There are multiple security risks to allowing access to computers and servers that run vulnerable, outdated operating systems.
For example, patching is a well-known process that serves to close vulnerabilities and help prevent breaches, but it’s underserved by many industrial companies – in part due to the difficulty in patching legacy equipment. A recent survey by Rockwell Automation and ISMG found that nearly two thirds of organizations do not have effective OT patch management in place.
An Industrial Data Center (IDC) arms Food and Beverage manufacturers with a way to manage these legacy plant floor computer risks. A Rockwell Automation IDC replaces legacy assets with the hardware that you need to run multiple operating systems and applications on virtualized servers. Our managed Infrastructure-as-a-Service (IaaS) IDC offering simplifies cybersecurity protection even further by having Rockwell Automation specialists manage and maintain the virtualized environment and infrastructure.
Challenge 4: Proactively Detecting and Responding to Attacks
Even with baseline security protections in place, adversaries may still get inside a network, riding on an employee error or a zero day software vulnerability. Once inside your network, thwarting attacks becomes a race against time before cybercriminals steal sensitive trade secrets, such as product formulations, or encrypt infrastructure, grinding production to a halt.
Responding quickly is challenging because threat actors employ tactics to evade detection. Perpetrators know better than to make their presence on a network evident until they are able to carry out their malicious intentions. Evasive techniques include using commercially available tools to move laterally through networks and establish persistence.
A properly implemented network architecture can mitigate some risks, but to protect OT operations proactively and salvage critical recovery time, additional defense in depth solutions should be added to your cybersecurity strategy. Especially important are a continuous threat monitoring solution and a rehearsed incident response plan.
Threat detection solutions can detect malicious activities at any stage of an attack, helping to stop hackers from their nefarious work, such as conducting reconnaissance to executing malicious payloads. Plant floor anomalies, such as communication changes between industrial assets, can also indicate a lurking actor who may be preparing to attack. When time is of the essence and vast production losses are on the line, Food and Beverage makers need this real-time threat detection capability.
What’s more, an incident response plan can reduce impacts from cyberattacks. Your plan should include communications, roles, and responsibilities along with key steps around disengaging network assets when indicated. The plan should be practiced to work out any steps not accounted for and to gain speed and confidence.
The shock of an active cyberattack can be very confusing. Practicing in advance, in tabletop exercises, for example, allows security teams to act quickly and minimize losses.
Securing What the World Relies On
Overcoming cybersecurity challenges in the highly output-focused Food and Beverage industries can be overwhelming. That’s where industry-leading professionals can help.
Rockwell Automation recommends a phased approach, securing the most critical assets and systems first and addressing these four challenges within an overall industrial cybersecurity program.