With the rise of data and digital solutions that streamline operations, manufacturers are keen to update their business operations for fear of falling behind. Yet, the digital frontier presents a different challenge.
By Agatha Wong
Back in late May 2021, JBS Foods, the world’s largest meat processing company, paid US$11 million in ransom to stopper cyberattacks against their infrastructure. Most recently, there was a ransomware attack against NEW Cooperative, a US-based farmer organisation in September 2021. More than mere fearmongering, these events serve as signals to food manufacturers to fortify their digital infrastructure.
“The food manufacturing industry has low maturity in terms of cybersecurity, and these incidents highlight the urgent need for these companies to prepare for, and learn to manage, cyber-related risks. This is especially pertinent for environments where vulnerable legacy technology exists, and any downtime could result in huge ramifications for the company, and the public at large, as was the case with JBS Foods,” explained Vijay Vaidyanathan, regional vice-president of Solutions Engineering, APJ at Claroty.
The issue of cybersecurity becomes even more apparent with businesses that still operate via legacy operational technology (OT) which was never designed to be connected to the Internet. Moreover, it is possible that during the pandemic these systems may have been rapidly connected to the internet to control them remotely without proper security controls put in place.
Vaidyanathan, elaborated: “OT networks often predate the Internet, yet the pressing need for digital transformation has meant that food and beverage companies are automating parts of the manufacturing process. This move has meant that OT networks have suddenly been exposed to a host of new cyber threats lurking on the web.
“OT networks run on proprietary protocols, where legacy equipment can often be incompatible with traditional information technology (IT) security tools. The same security tools that work well in IT are inadequate for OT networks, which need purpose-built security measures. Connecting OT assets to the corporate IT network without taking appropriate security measures gives threat actors an expanded attack surface, with numerous pathways into the OT network, and to the critical systems and physical processes that the OT network controls.”
For many manufacturers, taking down servers or network equipment for patch testing and deployment can be a costly affair. Threat actors take advantage of this, using ransomware to target large companies that cannot afford interruptions and can afford to pay exorbitant figures to resolve them.
“A key learning from [JBS] is that digital transformation expands an organisation’s attack surface, making it easier for threat actors to enter the network and gain control of OT assets. Without the correct security tools in place, organisations cannot identify vulnerabilities or detect malicious activity, giving way for cyber criminals to exploit organisations,” Vaidyanathan said.
A price to pay
The most common of cyber threats facing manufacturers are ransomwares. Threat actors can easily purchase ransomware from service providers online as a subscription-based model, with step-by-step instructions, dashboards to monitor victims, collect payments and share profits with the service providers.
Cyber-attacks will continue insofar as the industry continue to digitalise and connect with the internet and cloud, with threat actors finding more ways to compromise industrial operations through ransomware and extortion attacks. Fortunately, there is a growing awareness towards cybersecurity, and how it can create greater business resiliency. Governments are taking action to address this issue as well.
Vaidayanathan opines that cyberattacks can be prevented with the correct security tools identifying vulnerabilities and detecting malicious activities. An accurate asset inventory is the first step toward proper vulnerability management to ensure critical systems are up to current patching levels and compensating controls are in place when appropriate.
Network segmentation is another strategy. Since most OT networks are no longer air-gapped, network segmentation can prevent attackers from using stolen credentials or compromising Active Directory and other identity infrastructure in order to move from system to system stealing data and-or dropping malware or exploits.
Alternatively, virtual segmentation improves network monitoring and access control, and greatly accelerates response time. In the event an attacker does establish a foothold, virtual segmentation makes it possible to shut down specific portions of the network, regain control, and drive intruders out, saving cost and reducing downtime.
Encryption of data at rest and in motion is also important for good cyber defense and resilience with respect to ransomware. Secure, available, offline backups are also crucial to implementing rapid recovery from such attacks.
Vaidayanathan recommends the following practices to mitigate cyber threats:
- Ensure operational visibility. Real-time visibility into all operational systems linked to food production and distribution enables security teams to notice unusual activity in the systems, allow quick action. Additionally, visibility identifies vulnerabilities such as out-of-date operating systems and software, and any common vulnerabilities and exposures associated with products.
- Establish secure remote access. Organisations need to use remote access solutions that are purpose built for industrial environments that allow for auditing, control and monitoring capabilities. This includes extremely granular role- and policy-based access controls for industrial assets at multiple levels and geographic locations while supporting Zero Trust and Least Privilege security principles. Ideally, to protect their facilities, manufacturers should deploy specialists that embrace OT and the IT/OT connect when it comes to securing remote access to critical environments. Purpose-built OT solutions far better address OT needs than general remote access solutions. The investment is worthwhile as remote work will likely continue in some capacity long after the pandemic is over.
- Stay up to date on cybersecurity standards. Organisations can also look to OT cyber security recommendations by respective government agencies.
This article was first published in the December 2021/January 2022 issue of Food & Beverage Asia.