Industrial control systems (ICSs) in the food and beverage industry face a growing exposure to cyber-attack, according to a report by the Food Protection and Defense institute (FPDI). The study was supported by Department of Homeland Security and was the result of at least two years of research into ICSs in the food industry as well broader network security vulnerabilities present in industrial systems worldwide.
The report concluded that food and beverage businesses face greater risks for cyber attacks due to gaps in technology controls, and the lack of development in this area inviting exploitation by bad actors. Many manufacturers and processors in this sector have lagged behind on migrating to new technology or have done so piecemeal – allowing components like network security and traceability to stagnant. This puts much of the industry at risk of noncompliance and being held liable in the event of a data breach, or if product becomes contaminated from disruption.
Here are the factors that make food and beverage manufacturing vulnerable to cyber-attack, and how these risk factors may be addressed:
Food & Beverage Industrial Control Systems
The study centered on the ICSs most commonly used in food processing and manufacturing, as well as additional technology and processes surrounding these systems. These included not only operational technology (OT) items and procedures, but the knowledge and understanding (or lack thereof) of their connection with IT environments at the decision-making level. The researchers found that leaders in food processing and manufacturing typically were unaware of the extent of the cyber risk present in their industrial systems and OT/IT networks.
Legacy Food Processing Control Systems
One of the largest contributors to cyber risk in the food industry is the widespread presence of outdated ICSs in processing plants. Legacy manufacturing software and hardware inherently generate cybersecurity risk when introduced into networks as they are not configured for modern threats. These systems present such a danger to the supply chain that national security agencies have had to release public warnings for far-reaching vulnerabilities.
Legacy food and beverage systems are often unsecured and have rigid controls that rely too much on physical security alone. However, even newer solutions in this sector are often absent of long-term cybersecurity thinking and remain unprotected from external access attainable through built-in vendor channels or remote server connections. Many repurposed and misconfigured software applications can suffer from these types of vulnerabilities, as those protocols are often overlooked when upgrading technology in more mature industries.
Food & Beverage Supply Chain Attack Surface
The food and beverage sector is one of the most routinely targeted for theft by organized crime, which, according to the study, is often facilitated by cyber attacks exploiting credential and transport data. The food industry’s supply chain is littered with disparate, often legacy system-powered endpoints that attackers can leverage to infiltrate connected networks unnoticed.
The cybersecurity danger in food and beverage is present in all ICSs – most people are ignorant of cyber risk in manufacturing and other industrial sectors. Human error accounted for over half of all ICS network incidents in 2019, according to a separate study by Kaspersky. However, that same report also discovered that security vigilance levels are reflective of industry adoption, so the examples of vulnerabilities found by the FPDI may even be more widespread throughout food processing and manufacturing.
Changing Digital Landscape
The reliance on decades-old legacy software is symptomatic of the greater problem in the food and beverage industry, as outlined in the FPDI study. The stagnation of OT networks echoes the lack of awareness from equipment operators up to the executive level of changing security realities. Outdated coding, operating systems, and other components have been allowed to languish even as hackers have rapidly expanded and streamlined methods for breaking through such weaknesses.
This complacency is dangerous to food and beverage processors and manufacturers, who face many safety regulations in addition to increasing data security protocols. Any supply chain disruption could lead to food adulteration, which in turn can cause noncompliance penalizations and consumer backlash. To prevent losing ROI from legacy control systems, the food industry must be able to adapt to the digital transformation of their market and migrate to compliant technology solutions.
Lack of Knowledge Creates the Biggest Risk of Cyber Attack
The cloud has created a more connected world, and any software you use can be linked to the Internet with access to an integrated application. Hackers rely on your ignorance to get in and out with no repercussions, but you can both protect your network and move your technology into the modern age by migrating to the first SMB cloud service monitored around-the-clock by our strategic partner CyberHat, a Security Operations Center (SOC).
Watch our on-demand webinar here to learn how you can migrate to a cyber-secure cloud for FREE with Secure Cloud Hosting by SWK Technologies.