Tag Archives: cyberattacks

Willem Ryan, AlertEnterprise
FST Soapbox

Cybersecurity: Risk Moves Squarely to Operational Technology

By Willem Ryan
No Comments
Willem Ryan, AlertEnterprise

Data breaches, ransomware attacks and now, operational shutdowns. Recent events bear out that cyber strikes are not reserved solely to data breaches and IT systems but now include Operational Technology (OT) and industrial controls to disrupt operations, distribution and the entire food supply chain.

JBS Foods, the one of the world’s largest meat producers, was leveled by a cyberattack in early June, affecting U.S. and Australia operations. In a public statement, the organization revealed that it paid the equivalent of $11 million in ransom in response to the criminal hack against its operations. “At the time of payment, the vast majority of the company’s facilities were operational. In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” according to company documents.

There’s a security divide that shouldn’t be there—distinct lines between Cyber, OT and physical security teams that has resulted in disjointed and ineffective detection, mitigation and response to risk—forged by years of siloed departments.

It’s not a new problem—in fact the vulnerability of the critical infrastructure has been a discussion for decades. Moving to a converged approach across all departments, including HR, IT/cyber and OT/SCADA can effectively secure our most critical food production and distribution resources while actively enforcing compliance and company policies. Identity and Access is at the center of it all and the best way to holistically protect the enterprise.

In the example of high-profile enterprise Molson-Coors, a cyberattack in March centered on ransomware. In its SEC filing after the event, the beverage giant stated that the attack “has caused and may continue to cause a delay or disruption to parts of the company’s business,” which includes brewery operations, production and shipping.

The February attack on a Florida Water Treatment plant, hacked by compromise to a remote access software program on a facility computer, is still another stark reminder of the growing dangers of cyber-physical threats and that even employees can be part of the problem.

You can see just how fragile and vulnerable our supply chains and critical business processes have become. Cybercriminals now realize how disruptive and lucrative attacks targeting these systems can be so they will continue unabated without immediate stop-gaps.

Because these attacks have become blended and omni-present on every part of the critical infrastructure, executives need to move beyond IT-centric cybersecurity to minimize supply threats. This emergence of new attack vectors has other implications. It highlights the dire need to transition from siloed IT, OT, HR and physical security to a converged approach, yet executives remain at odds with how to execute this while working in their own bubbles.

The threat has become even greater than the organization itself. According to predictions by Gartner liability for cyber-physical security incidents will “pierce the corporate veil to personal liability,” for 75% of CEOs by 2024.

Security Convergence Key Ingredient to Digital Transformation

As the food industry continues to digitally transform, systems and processes move to rapidly connect. Security convergence, centered around identity and access governance, links all these separate departments and operations, so communications and processes actively and collectively address and shore up risk preemptively. Events, exceptions, alerts, alarms and targeted attacks on all points, including the network, control systems and physical security can be integrated for a coordinated and cohesive response.

Securing our most important critical resource—the food supply chain—means correlating threats across underlying HR, IT, physical security and OT used in production and processing. Physical access control and identity now links to specialized plant applications like manufacturing execution systems (MES), plant historians and demand management from ERP that can deliver information directly to production. Monitoring insider and contractor access to modifying batch recipes provides alerts and detection when the addition of a preservative has been suppressed, causing a contaminated batch to be produced, for example.

Integrating seamlessly with HR applications, converged software further prevents insider threat by automating background checks and risk analysis during the on-boarding and off-boarding process for employees and contractors.

The threat landscape today demands a single solution to manage operational risk and security. The following just one example of how this converged approach works.

A fictitious company named Big Food was dealing with disgruntled production foreman Tom. Tom not only had physical access to the production floor, but was intimately familiar with the control system settings to configure recipes for the MES.

Security software’s real-time link to SAP SuccessFactors HCM provided critical real-time data that identified Tom’s history of workplace issues. When Tom accessed the plant area after his normal shift hours, the security platform detected that he was making unusual changes to the production settings to eliminate the addition of preservatives. An alert was immediately sent to security operations staff as well as the plant manager. Incident prevented, with huge savings from avoided downtime and protection from loss of reputation to the company brand.

The food and beverage industry must meet high quality standards and adhere to rapid production cycles to preserve nutrition value and freshness. Convergence and automation are the keys to achieving these goals. As OT and IT networks become increasingly interconnected, OT environments become more exposed to cyber-physical attacks, which can result in tainted products, downtime and revenue losses. Security solutions secure enterprise IT applications and plant applications deliver continuous monitoring that prevents sabotage, acts of terrorism and other malicious acts. There’s also the ability to manage other supply chain risks, including changes to master data and transactions as well as the movement of goods and arrival notifications requirements by the FDA.

Today’s malicious actors don’t think in silos but most companies still do. As security and technology leaders we are compelled to rise and meet the challenge. It’s clear that only a converged approach, beyond IT-centric cybersecurity, is the way forward.

Cybersecurity

As Cyber Threats Evolve, Can Food Companies Keep Up?

By Maria Fontanazza
No Comments
Cybersecurity

The recent cyberattack that shut down meat supplier JBS should be a wakeup call to the food industry. These attacks are on the rise across industries, and food operations both large and small need to be prepared. In a Q&A with Food Safety Tech, Brent Johnson, partner at Holland & Hart, breaks down key areas of vulnerability and how companies in the food industry can take proactive steps to protect their operations and ultimately, the consumer.

Food Safety Tech: Given the recent cyberattack on JBS, how vulnerable are U.S. food companies, in general, to this type of attack? How prepared are companies right now?

Brent Johnson, Holland & Hart
Brent Johnson, partner, Holland & Hart

Brent Johnson: Food companies are in the same boat as other manufacturers. Cyber threats are constantly evolving and hackers are developing increasingly sophisticated delivery systems for ransomware. Food companies are obviously focused on making and delivering safe and compliant products and getting paid for them. Cybersecurity is important, but it’s difficult for manufacturers to devote the resources necessary to make their systems bulletproof when it’s an ancillary part of their overall operations and a cost driver. Unfortunately, hackers only have one job.

We tend to think of big tech and financial services companies as the prime targets for ransomware attacks because of the critical nature of their technology and data, but food companies are really no different. Plus, unlike tech companies and the financial services industry, food companies haven’t, as a general matter, developed the robust defenses necessary to thwart attacks, so they’re easier targets.

Food Safety Tech: What is the overall impact of a cyberattack on a food company, from both a business as well as a consumer safety perspective?

Johnson: It may come as a bit of a surprise to those who don’t work in the food industry, but food production (from slaughterhouses to finished products) is highly automated and data driven. That’s one of the lessons of the JBS ransomware attack. The attack shut down meat processing facilities across the United States and elsewhere. I work in Utah and the JBS Beef Plant in Hyrum was temporarily shut down. JBS cancelled two shifts at its meatpacking operation in Greeley, Colorado where my firm has a large presence as well, because of the ransomware attack. So, the impact on a food company’s business from a successful ransomware attack is dramatic.

On the consumer safety side, a ransomware attack that impacts automated safety systems would cause significant problems for a food manufacturer. Software controls much of the food industry’s safety systems—from sanitation (equipment washdowns and predictive maintenance) to traceability (possible pathogen contamination and recalls) to ingredient monitoring (including allergen detection). Every part of a food company’s production system is traced, tracked, and verified electronically. A ransomware attack on a food maker would very likely compromise the company’s ability to produce safe products.

Food Safety Tech: What proactive steps should food companies be taking to protect themselves against a cyberattack?

Johnson: I wish there was an easy and foolproof system for food companies to implement to protect against cyber attacks, but there isn’t. The threats are always changing. The Biden Administration’s recent memorandum to corporate executives and business leaders on strengthening cyber defenses is a good starting point, however. The White House’s Deputy National Security Adviser for Cyber and Emerging Tech, Anne Neuberger, reiterated the following “Five Best Practices” from President Biden’s executive order. These practices are multifactor authentication, endpoint detection and response, aggressive monitoring for malicious activities on the company’s networks and blocking them, data encryption, and the creation of a skilled cyber security team with the ability to train employees, detect threats and patch system vulnerabilities.

Food Safety Tech: Are there specific companies within the food industry that are especially susceptible?

Johnson: Not really. Hackers are opportunistic and look for the paths of least resistance. That said, as can be seen from the recent Colonial Pipeline and JBS ransomware attacks, hackers have transitioned from the early days of going after individuals and small businesses to whale hunting. The money is better.

It’s important to observe that the recent attacks have been directed at industries that present national infrastructure concerns (oil, the food supply). There’s no evidence of any involvement by a foreign government in these attacks, but it’s a fair question as to whether the hackers, themselves, expect that the federal government will step in at some point to assist the victims of cyber attacks financially due to their critical importance.

Food Safety Tech: Where do you see the issue of cybersecurity and cyberattacks related to the food industry headed in the future?

Johnson: Other than the certainty that the attacks will increase in both intensity and sophistication, I have no prediction. It’s not a time for complacency.