Food and Beverage Manufacturers Face Mounting Cybersecurity Attacks – Food Engineering Magazine




Notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks.
Connectivity provides manufacturing plant operations many advantages like increased productivity, faster identification and remediation of quality defects, and better collaboration across functional areas. However, this connectivity is dramatically increasing smart factories’ vulnerabilities and leaving them exposed to cybersecurity threats. In a recent survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation, 48% of respondents identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives.1
Food and beverage processing plants are under particular assault.
According to Trustwave, a leading data security firm, food and beverage was the third-most compromised industry after retail and hospitality, accounting for 10% of all attacks. While that number may seem small compared to the massive breaches reported recently by news outlets, it’s important to understand that 70% of hacked food and beverage companies go out of business within a year of an attack.2 
The size of these companies doesn’t seem to matter to the attackers. According to the FBI, “Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes.”3
A few of the attacks that have occurred just in the past year include Molson Coors, which experienced a systems outage that caused delays and disruption to the brewery operations, production and shipments; an unidentified “U.S. bakery company” suffered a ransomware attack in July 2021 that interrupted its operations for one week as the firm couldn’t access its server, files or applications; ahead of last year’s Halloween season, cyber criminals attacked confectionary firm Ferrara’s (maker of SweeTarts, Nerds and Boston Baked Beans) computer system, which disrupted operations for several weeks; a “cyber event” temporarily halted operations at all of Schreiber Foods’ dairy processing plants and warehouses; and the well-publicized attack at meat processor JBS whose North America operations were shut down and an $11 million ransom was paid to the attackers.4  
The food supply’s vulnerability is not lost on the U.S. Department of Homeland Security, which considers the entire food and agriculture industry one of the 16 national critical infrastructures. This designation has generated attention for a new type of cyber threat called “agro-terrorism”: deliberately contaminating the country’s food supply with the intent to terrorize and harm people.5
Surprisingly, a significant share of manufacturers have yet to build the cyber capabilities to secure some of these business-critical systems. Deloitte’s survey found that while 90% of manufacturers reported capabilities to detect cyber events, very few companies today have extended monitoring into their operational technologies environments.6
The majority of vulnerabilities in technology and software can often be found in remote access to networks, insufficient security configurations, outdated firewalls, weak passwords and a lack of proper staff training. It’s ironic that as manufacturing plants adopt more smart technologies to increase production and efficiencies, cyberattack risks escalate.  

 
Coincidentally, turning to additional technology is one way to address this challenge. 
Many SCADA systems are simply overexposed to the internet by remote desktop applications (e.g. RDP and TeamViewer). In an attempt to offer process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege (to provide no more authorizations than necessary to perform required functions) and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk for companies.  
Advanced remote alarm notification software allows remote operators access to only the information they need from SCADA but not access to the SCADA itself or its operating system host. Such notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. This is done by deploying notification solutions alongside the SCADA system at the network’s control level and using notification modalities that are not internet facing or distributing internet-facing notification processes to higher levels. For example, internal email servers, SMS modems and voice via PBX devices allow communication with the outside world without internet exposure. Likewise, distributing the processes that interface with SCADA from those that interface with external email servers, VoIP solutions and cloud apps allows internet-based notifications without compromising security.
Of course, there are valid use cases for desktop sharing software that do not violate the principle of least privilege and go well beyond operator access to process information. For such systems it’s critical that the remote desktop solutions be implemented with sound security.
There are several steps that manufacturers should take to improve their cybersecurity:

 
Manufacturers should also take steps to secure any remote access software. They should not use unattended access features, and IT leaders should configure the software such that the application and associated background services are stopped when not in use.8  Integrating the remote alarm notification software through the SCADA system is critical to further reducing cyberattacks.
While cybersecurity is rarely recognized as a food safety issue, the systems companies use for processing and manufacturing food contain many vulnerabilities that experts believe will soon present a more appealing target for cyberattacks than industries that are more commonly affected by, and therefore better prepared for, such attacks.9
Automation and connectivity increase productivity and allow companies to focus more on innovation, however, these technologies also create new security challenges, expose unprotected industrial control systems and heighten cyber risks. The scope of the threat is growing, and no organization is immune. Companies must reinforce their defenses and understand the myriad technological tools that will help them combat the ever-growing cyber threats.
https://www2.deloitte.com/us/en/pages/energy-and-resources/articles/smart-factory-cybersecurity-manufacturing-industry.html (accessed June 7, 2022).
2  “Risky Business: Cyberattacks on the Food Supply,” Capstone Logistics.
3  John S. Forrester, “Why Cybersecurity is a Major Concern for Food Firms in 2022,” Powder & Bulk Solids, February 4, 2022.
4  Ibid
5  “Risky Business: Cyberattacks on the Food Supply,” Capstone Logistics.
6  https://www2.deloitte.com/us/en/pages/energy-and-resources/articles/smart-factory-cybersecurity-manufacturing-industry.html (accessed June 7, 2022).
7  https://biztechmagazine.com/article/2021/04/cybersecurity-lessons-utilities-can-learn-oldsmar-water-plant-hack (accessed March 1, 2022).
8  Ibid
9  Stephen Streng, “Adulterating More than Food: The Cyber Risk to Food Processing and Manufacturing,” Food Protection and Defense Institute, September 2019.

subscribe to Food Engineering
Cody Bann is director of engineer at Austin, Texas-based WIN-911 and may be reached at [email protected]. The company helps protect over 19,000 facilities in 85 countries by delivering critical machine alarms via smartphone or tablet app, voice (VoIP and analog), text, email, and in-plant announcer, reducing operator response times, system downtime, and maintenance costs. For more information, visit https://www.win911.com/.

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Food Engineering audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
Combining scientific depth with practical usefulness, this book serves as a tool for graduate students as well as practicing food engineers, technologists and researchers looking for the latest information on transformation and preservation processes as well as process control and plant hygiene topics.
Foodmaster.com

Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page