Discover your next big idea in food packaging & processing this Sept.
Experience a breakthrough in food packaging & processing—explore solutions from 2,300 suppliers spanning all industries at PACK EXPO Las Vegas.
REGISTER TODAY & SAVE

Alarming Signs on Operational Technology Cybersecurity

Reports from OT cybersecurity thought leaders paint an alarming picture for food and beverage manufacturers regarding cybersecurity threats to their operations. Here’s how you can mitigate those risks.

NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework 2.0 earlier in 2024, a framework with guidelines for organizations to manage their cybersecurity risks.
NIST

During a recent meeting, FSO Institute’s Manufacturing Health Roundtable (MHRT) explored the importance of cybersecurity, especially threats to operational technology (OT) in manufacturing, to business continuity.

What follows are a few key points from that discussion and some operational insights by FSO Institute Coach Roman Havriliak, formerly of Pfizer, and an information technology thought leader.

1. Some alarming signs

Reports from OT cybersecurity thought leaders at Dragos paint an alarming picture for food and beverage manufacturers regarding cybersecurity threats to them. Just a few months ago multiple cybersecurity organizations including EPA, NSA, USDA, and FDA urgently warned of current threats to OT manufacturing systems. Globally, North America has a disproportionate number of ransomware incidents (187) by region in Q2/2024, compared to next highest region Europe at 82.

Manufacturing leads the way in ransomware incidents by ICS Sectors (Industrial Control Systems) registering 210 incidents in Q2/2024 with transportation, government, and oil and gas trailing significantly. Ransomware incidents by manufacturing subsector in Q2/2024 is led by construction (33) followed closely by consumer food and beverage (27). MHRT members shared some of their own experiences with cybersecurity disruptions both direct (their company) and indirect (their supplier companies) that underscored the significance of this issue for business continuity.

2. Bridging the IT/OT divide to mitigate the threat

MHRT members are unanimous in their belief that collaboration between information technology (IT) and operational technology (OT) is critical to mitigating cybersecurity threats to manufacturing. One of the most useful tools to bridge this divide comes from the PMMI MaX Forum that recently published a work document Bridging the IT-OT Gap on Cybersecurity. The key differences and compatibilities of the two systems is highlighted including the corporate functions and operating systems covered by each (common corporate functions versus systems that focus on physical transformation of a product), the end point being managed (human using a computing device versus physical assets like pumps, motors, valves, etc.), the purpose of software applications (people-centric to help people do their jobs versus device-centric to help make product by controlling physical equipment), the type of data processing (transactional versus real time) and the highest priorities (data security, integrity and availability versus production operations and customer deadlines). To sum it up, IT focuses on data and communications while OT focuses on machine behavior and outcomes. The document highlights the constraints place on both IT and OT and presents solutions for overcoming them.

3. Implementing a framework for managing cybersecurity risk

The MHRT shared some of their challenges and solutions regarding their own cybersecurity threats they’ve faced. Most of these falls into perhaps one of the most useful frameworks for managing cybersecurity risk, the NIST Cybersecurity Framework (CSF) 2.0 published in February 2024. The National Institute of Standards and Technology is a governmental agency responsible for advancing technology and security standards within the United States. Here’s a brief description of each element of the framework:

Govern – Ensuring that the organization’s cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored.

Identify – Ensuring that the organization’s current cybersecurity risks are described and understood.

Dairy Food & Beverage Innovations Report
Discover cutting-edge packaging and processing solutions in the inaugural Packaging World/ProFood World Innovations Report. From high-speed filling machines to mono-material lids, see how the latest advancements from PACK EXPO International 2024 are driving safety, sustainability, and extended shelf life—shaping the future of dairy food and beverage packaging.
Access Now
Dairy Food & Beverage Innovations Report
Proteins Innovations Report
Discover cutting-edge protein packaging innovations from PACK EXPO International 2024! Our editorial team spotlights hygienic equipment and materials designed for the demanding protein sector. From IP66-rated washdown systems and all-servo chub packaging to advanced auto-bagging technology and compostable trays replacing EPS, this report reveals how manufacturers are addressing clean, safe design while improving efficiency.
Take Me There
Proteins Innovations Report