Guest article: Ransomware and the brewing process
A cyber crisis has long been a distant concern for many companies. Today, cybersecurity should be one of their top priorities. Every company is vulnerable, whether multinational or SME. Manufacturing companies typically have an even more diverse and broad attack surface compared to other sectors.
Guest article by Soteria Cybersecurity
In addition to important data (customer data, order data, supplier data, invoicing, intellectual property, contracts...), they have an additional company-critical component to protect, namely, the shop floor.
When a manufacturing company falls victim to a ransomware attack, the IT department is forced to shut down operations company-wide. Otherwise, it risks further ransomware spreading.
This means that there is no production during such a cyber incident, which is of course a major business disruption.
Cybersecurity on the shop floor has been under-researched for many years. However, recent attacks show that cybersecurity on Operational Technology (OT) can no longer be ignored. A European beverage producer was attacked on their automated bottling process in late 2021, shutting down production for some time.
So it shows: criminals will choose the easiest way to an impactful attack, and in manufacturing companies that is more often the shop floor than the IT environment.
What is Operational Technology?
A good illustration of Operational Technology in the food industry is how today's beer is produced in a traditional brewery.At the beginning of the 20th century, an estimated 3223 breweries still existed in Belgium. However, increasing regulations, such as those concerning water purity, cut down on this number. Brewers had to invest. Even today, this is still the case.
According to the sector organization, the Belgian Brewers, several 100 million euros are invested in the Belgian brewing industry every year. Traditional brewers continue to invest non-stop in installations for water purification and recovery, computer-controlled brewing halls, filling lines, canning lines and bottling lines. T
his is a perfect example of how a centuries-old artisanal tradition is able to preserve its mystique while benefiting from modern technology.
Professional brewers manage to systematically transform tons of malt and hops into your favorite beer, which consistently has the same taste and quality. This magical process is often computer-controlled and uses programmable logic controller (PLC) devices.
For example, it filters water and adds additives so that the exact standard is achieved when brewing the beer. Fermentation is done according to specific temperature conditioning so that the same brewing process can be repeated systematically again and again. An automated line ensures the correct filling, sealing, weighing and packaging of bottle, can or keg.
Meanwhile, it is clear that these computer-driven production environments can also be vulnerable to cybercrime, because all types of communication can also be found in these production environments: with the IT environment, with external suppliers such as machine manufacturers and the Internet.
In addition, penetration tests are usually not performed on these types of environments, because one cannot risk disrupting or shutting down production. In fact, these systems are in charge of the production quality, as well as the safety of the shop floor employees.
Therefore, cybersecurity in terms of Operational Technology (OT) requires a completely different approach, a different mindset than cybersecurity in terms of IT.
Every OT environment, like every IT environment, has its own challenges, namely legacy systems, integrations with other sites, requirements from suppliers and/or customers,...
Nevertheless, there are some basic principles for OT security that can substantially reduce the risk:
Basic priciples of a cyber secure OT environment
Inventory IT and OT assets.
It is important to have and maintain a good overview of all assets within the environment. What assets are on the corporate network, and what are their specifications?
Separate the OT environment from the IT environment as much as possible.
This creates a layer of protection on an environment characterized by outdated systems and a general lack of software updates. It is the interconnectivity of IT and OT systems that just increases the attack surface on your OT environment.
Monitor and fortify the environment.
Systematic monitoring and detection allows insight into communications running within the corporate network, vulnerabilities on the network, the risk profile of the environment and threats.
Consider IT and OT cyber security as equals.
Establish a cybersecurity policy that takes both disciplines into account. On the OT side, be sure to consider the Security principles from ISA/IEC 62443.
Soteria Cybersecurity specializes in outlining the required security policies for manufacturing companies, and guides executives, IT teams and operations managers in their implementation. Our IT & OT experts are more than happy to advise and assist.
How can we help you?
Simulate a cyberhacking with Food Security and Soteria Cybersecurity.
Let’s organize a cyber crisis and improve your technical action plan together.
Food Security:
- Hacking simulation for your crisis team
- Observation of crisis management: business continuity, HR, security, contact with the right partners and communication with different stakeholders
Soteria Cybersecurity:
- Observation of ERT (IT team): technical roadmap to get OT and IT systems operational again
Learning points
First aid for consumer complaints
When receiving a sensitive consumer complaint, a swift response is key. Proper complaint management directly affects consumer confidence in your brand and products.
A vibrant security culture: your secret weapon against crisis situations
Investing in a strong security culture is the best way to arm your company against internal and external threats. It is therefore crucial that your company recognizes risks at a...
Sustainability and risk management: two sides of the same coin
There is no doubt that companies will continue to roll out their sustainability plans in 2024. The European Corporate Sustainability Reporting Directive (CSRD) requires more com...