Digitally-enabled supply chains have been great for helping food and agriculture companies pivot and make changes as a result of fluctuating demand. Unfortunately, they also leave companies highly vulnerable.
The food and agriculture industry has seen a 56% increase in vulnerabilities from 2019 to 2020, according to a report by industrial cybersecurity company Claroty Ltd. While a maturation of industrial control systems (ICS) security research and increased adversaries contribute to this rise, digital transformation also played a major role as I.T. systems and operational technology (OT) networks converge.
These companies face three major risks that threaten continuous operational availability: third-party remote access, malware infection and change in controller operations at remote facilities.
A top threat vector for targeted attacks on OT systems are the individuals or third parties and remote employees who have access directly through OT networks. This can easily impact any part of the supply chain. Traditionally, OT engineers in many cases have shared admin access since they might need access to the process immediately. The sharing of credentials is now highly frowned upon, particularly at a time when many workers are logging into OT environments remotely. Even with site-to-site VPNs, third-party consultants, workers and vendors — and their remote access to networks for routine maintenance — are also a risk.
This includes any I.T.-connected aspect of the supply chain: systems that regulate or keep track of the produce-growing process; the transportation of raw ingredients from farm to factory; the packaging, shipping and distribution logistics for a finished product. All of these different steps in the process, no matter where it’s being served, are at-risk and need to be closely monitored.
The pandemic sped up the convergence of I.T. and OT networks, which can make food and agriculture supply chains run more efficiently, but also expands the attack surface available to adversaries. Ransomware can target facilities that process ingredients or package the product, putting OT systems at risk for a potential attack or breaches. For organizations that have weaked security postures, malware attacks can easily crossover from I.T. systems to the OT environment.
Manufacturers that use water, electric and gas to power their production sites expect these systems to operate the same way every time. However, even a slight change in controller operations at remote facilities can threaten and contaminate the production process. The struggle is that most companies lack granular visibility into these systems outside of their control to understand and explain changes.
This isn’t to say digital transformation should be undone, rather, it must be better secured. Organizations need to have proper protocols in place, especially when embracing industry 4.0 and digital transformation.
Security teams can start by monitoring all connections to better detect changes in operations, especially at remote sites to prevent unwanted external access. Having the ability to observe real-time, remote sessions and manage user access requests based on various factors can help OT leaders safeguard their networks from threats by third-party, unmonitored access.
Given how heavily organizations rely on remote connectivity now, it’s critical to define and enforce access permissions, especially those with privileged access. Riskier processes like packaging or wastewater treatment require more sensitivity when it comes to maintenance operations. These types of remote access may require an additional approval before gaining access to the device. Food and agriculture companies should adopt a multi-tiered network defense model like the Purdue model to mitigate lateral movement when systems are compromised, and protect critical process control assets. It also helps to limit authorized user activity to specific assets on OT networks while keeping corporate I.T. networks separate to prevent any incident spillover.
With access also comes authentication. Using, sharing and managing passwords have become the norm in today’s remote workforce. Companies should look to eliminate or limit the use of passwords for external users. This can include requiring administrators to approve remote access sessions. Multi-factor authentication also adds another layer to protect against unwanted access.
Even when it will be safe for teams to return to manufacturing floors, organizations must maintain stringent audit and compliance requirements for remote access. Threat actors constantly look for opportunities to strike and take advantage of workforce changes to gain access to critical networks. To lessen the risk, food and agriculture companies must stay diligent with capturing and documenting remote access session activity and credential usage to meet compliance requirements and ease future forensic analysis.
With a better understanding of the cyber risks to their supply chain, food and agriculture companies can take the appropriate measures to reduce their risk and move forward with more confidence. These best practices of monitoring all connections, defining and enforcing privileged access control, verifying authentication and maintaining audit and compliance requirements can help better secure OT environments and extend the value of digital transformation efforts.
Guilad Regev is senior vice president of global customer care at Claroty.
Timely, incisive articles delivered directly to your inbox.