PMMI ProSource – Start Your Search
Check out our packaging and processing solutions finder, PMMI ProSource.

Put Your Cyber Defenses Up Before They Take You Down

As cyber attacks escalate, the food and beverage sector eyes a fresh course of action to safeguard operations and prevent disruptions to the supply chain.

Cybersecurity Web

Since the start of the COVID-19 pandemic, we’ve all become aware of the supply chain issues facing the food and beverage and every other industry. Among the many pandemic-era product shortages was the case of cream cheese, which went missing from retail shelves last year just in time to put a damper on the making of cheesecake and many other holiday treats.

As it turns out, this cream cheese shortage was not the product of the typical supply chain issues seen by the industry. Instead, a ransomware attack knocked out core systems and operations for several days in October 2021 at Schreiber Foods. Not only was Schreiber on the hook for a reported $2.5 million in ransom, the attack wreaked havoc on peak production season for the large Wisconsin-based cheese producer. It was unable to conduct business as usual for days—a disruption that trickled down to smaller farmers, cooperatives, and companies that buy ingredients from Schreiber.

That’s just one example. Cyber attacks have hit the food and beverage industry hard this past year. In its State of Malware report, Malwarebytes clocked an eye-popping 607% surge in malware detections in the food and agriculture sector in 2020, with things dramatically settling down in first quarter 2021, yet still hovering at a notable 36% increase. One of the most high-profile incidents in 2021 was the strike at JBS Foods, a global meat processor that doled out $11 million in Bitcoin to the REvil ransomware gang and halted operations in more than a dozen U.S. processing plants, prompting meat shortages around the country. Smaller companies were also in the crosshairs. New Cooperative, an Iowa-based farm service provider, and farm co-op Crystal Valley were attacked by the BlackMatter ransomware group, while a U.S. bakery was one of more than 1,000 companies affected by the Kaseya supply chain attack as it lost access to key systems and had to pause operations.


Read article   See the initial announcement of the cyber attack at JBS.

The flurry of attacks on the sector prompted an official September 2021 warning from the FBI’s Cyber Division alerting food, beverage, and agriculture companies to the growing threat, especially as the adoption of smart technologies and Industrial Internet of Things (IIoT) applications increases the potential attack surface. Larger businesses are targeted because of their ability to pay higher ransom demands, the alert cautioned. But smaller entities are not immune because they’re generally viewed as soft targets, especially those in the early stage of digital transformation that aren’t as tech-savvy and versed in cybersecurity best practices. 

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems,” the report reads. “Ransomware attacks targeting the food and agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack.”

A changing landscape

The increasing number of cyber attacks on the food and beverage industry comes on the heels of threat actors targeting other critical infrastructure sectors, many of which are migrating from closed environments (often referred to as a walled garden) to networks of connected devices, equipment, and systems as part of efforts to digitally transform operations. Leveraging technologies like cloud, IIoT, advanced analytics, and artificial intelligence (AI) and machine learning (ML), manufacturers in this space aim to parlay terabytes of data long collected and stored in industrial equipment and systems into insights that will garner efficiencies, spark innovation, and optimize new business processes. Most share a common goal: to boost quality, improve plant performance and uptime, and enable predictive maintenance.

Companies in the food and beverage sector are gearing up cybersecurity efforts on the plant floor in the face of escalating attacks.Companies in the food and beverage sector are gearing up cybersecurity efforts on the plant floor in the face of escalating attacks.Photo courtesy of Rockwell AutomationThe global pandemic also sparked major changes to manufacturing operations that increased cybersecurity risks as remote access capabilities were used to accommodate personnel unable to physically be on the plant floor. “What accelerated with COVID-19 was remote access as not everyone could be on premise,” says Marilidia Clotteau, food and beverage marketing manager for the consumer packaged goods segment at automation supplier Schneider Electric. “Before, everything was in the plant. But when you start having a mix of on-premise, cloud, and connected devices, there are more potential vulnerabilities. There needs to be constant review and implementation of barriers to ensure the house is well kept, managed, and secure.”

While many in the food and beverage sector are hungry for Industry 4.0 applications to stake out a competitive edge, often, their existing production environments aren’t ready to digest new technologies securely. Most industrial control systems—from simple programmable logic controllers (PLCs) to more complex supervisory control and data acquisition (SCADA) and distributed control systems (DCSs)—as well as industrial networks were designed decades before cybersecurity was a major concern. As a result, many lack the basic encryption, authentication, and authorization controls along with automated asset management capabilities that are a staple of enterprise IT platforms. Moreover, the alphabet soup of proprietary protocols employed by industrial equipment, the landscape of siloed systems, and the lack of enterprise-grade monitoring tools makes it much more challenging to safeguard OT networks and assets compared with enterprise IT counterparts.


Read article   Learn about the key challenges to using automation in packaging and processing operations.

“Most of the industrial and control verticals weren’t developed with cybersecurity as a first principle, and plants were dependent on the enterprise to protect operations,” notes Mike Lester, director of cybersecurity strategy, governance, and architecture for Emerson Automation Solutions. “There’s now a spectrum of security capabilities and postures you have to deal with, but it hasn’t been the primary focus in this industry. That has been safety and control, and now there’s the cybersecurity wrinkle.”

Back to Basics: Understanding Conveyors for Food Processing
Discover how modern conveyors enhance food processing—boost efficiency, ensure safety, and save space. Explore the latest tech and tips to optimize your operations.
Read More
Back to Basics: Understanding Conveyors for Food Processing