PMMI ProSource – Start Your Search
Check out our packaging and processing solutions finder, PMMI ProSource.

How Kellogg Manages Cybersecurity Risks in Manufacturing

Seeing the writing on the wall as Mondelēz and other global companies became collateral damage in ransomware attacks, Kellogg set out to create a cybersecurity strategy that would keep it out of the headlines.

Jim Tassell, senior IT security architect for Kellogg, presents the food maker’s cybersecurity journey at the Automation Fair’s Food and Beverage Forum.
Jim Tassell, senior IT security architect for Kellogg, presents the food maker’s cybersecurity journey at the Automation Fair’s Food and Beverage Forum.

So much of the public focus on cybersecurity has been on what’s considered hardcore critical infrastructure—oil and gas, water supply, power generation, etc. A cyber attack on a food and beverage company might not create the kind of explosive disaster that could be created at an energy facility, but there is still plenty of reason to take those threats seriously.

“Food and beverage does not get enough attention” when it comes to cybersecurity, commented Dave Weinstein, chief security officer for cybersecurity provider Claroty, in a recent interview. “Bad actors can do a lot of harm by targeting that sector.”

A big tipping point for food and bev producers came about two and a half years ago when the NotPetya ransomware attack counted global food maker Mondelēz International among those affected. It wasn’t because Mondelēz was a target. This attack—like the similar WannaCry attack before it—did not discriminate by industry. The intention was simply to wreak havoc, wherever it might land. Other food companies “realized they didn’t have to be a target. They could just be collateral damage,” Weinstein said. “Things don’t necessarily go boom, but you lose view and have to bring down plants.”

Kellogg’s, for one, understood the message. More connected machines and devices, advanced analytics, remote access, wireless data sharing, and decentralized plant control are all technological developments that can provide the multinational food manufacturer with more efficient, more productive, and nimbler operations. But these technologies also increase the risk for cyber attack, broadening the attack surface.

2017 was a pivotal moment in time, acknowledged Jim Tassell, senior IT security architect for Kellogg. Referencing ransomware and virus attacks—from which Mondelēz estimated losses would reach $150 million; and from which other companies like Merck, FedEx, and Maersk also experienced significant disruption and loss—he acknowledged the realization that these companies were not specifically targeted, but faced significant damage nonetheless. Kellogg did not want to be one of those headlines, he said, so needed to figure out what its next move should be.

At the Food and Beverage Forum during Automation Fair 2019, Tassell described Kellogg’s journey to manage its cybersecurity risks. Assessing the company’s vulnerability was particularly difficult given that it has about 50 manufacturing plants worldwide, including acquisitions over the past few years that complicate the range of manufacturing systems the food maker is working with.

Kellogg brought in Deloitte as an auditing consultant to get a better idea about where its operations stood. “IT was a challenge with plants located all over the world,” Tassell said. “I didn’t have a device list and didn’t understand the vulnerabilities.”

While Deloitte assessed the various sites to identify gaps, Kellogg took immediate action by communicating and executing a segmentation strategy. Inter-site segmentation, arranged in a hub-and-spoke model, contained risk to a single site; vulnerabilities at one location were contained to that location. Intra-site segmentation, meanwhile, mitigated risk by placing security between manufacturing and the business side of the company, restricting potential vulnerabilities to either the IT or the operational (OT) network.

Back to Basics: Understanding Conveyors for Food Processing
Discover how modern conveyors enhance food processing—boost efficiency, ensure safety, and save space. Explore the latest tech and tips to optimize your operations.
learn more
Back to Basics: Understanding Conveyors for Food Processing