• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Three Cyber Soft Spots in the Food and Ag Industry

Think Tank
Think Tank RSS FeedRSS

Three Cyber Soft Spots in the Food and Ag Industry

Agricultural Industry
March 28, 2021
Guilad Regev, SCB Contributor

Digitally-enabled supply chains have been great for helping food and agriculture companies pivot and make changes as a result of fluctuating demand. Unfortunately, they also leave companies highly vulnerable.

The food and agriculture industry has seen a 56% increase in vulnerabilities from 2019 to 2020, according to a report by industrial cybersecurity company Claroty Ltd. While a maturation of industrial control systems (ICS) security research and increased adversaries contribute to this rise, digital transformation also played a major role as I.T. systems and operational technology (OT) networks converge. 

These companies face three major risks that threaten continuous operational availability: third-party remote access, malware infection and change in controller operations at remote facilities. 

Third-Party Access

A top threat vector for targeted attacks on OT systems are the individuals or third parties and remote employees who have access directly through OT networks. This can easily impact any part of the supply chain. Traditionally, OT engineers in many cases have shared admin access since they might need access to the process immediately. The sharing of credentials is now highly frowned upon, particularly at a time when many workers are logging into OT environments remotely. Even with site-to-site VPNs, third-party consultants, workers and vendors — and their remote access to networks for routine maintenance — are also a risk. 

This includes any I.T.-connected aspect of the supply chain: systems that regulate or keep track of the produce-growing process; the transportation of raw ingredients from farm to factory; the packaging, shipping and distribution logistics for a finished product. All of these different steps in the process, no matter where it’s being served, are at-risk and need to be closely monitored. 

Malicious Software

The pandemic sped up the convergence of I.T. and OT networks, which can make food and agriculture supply chains run more efficiently, but also expands the attack surface available to adversaries. Ransomware can target facilities that process ingredients or package the product, putting OT systems at risk for a potential attack or breaches. For organizations that have weaked security postures, malware attacks can easily crossover from I.T. systems to the OT environment.

Remote Users

Manufacturers that use water, electric and gas to power their production sites expect these systems to operate the same way every time. However, even a slight change in controller operations at remote facilities can threaten and contaminate the production process. The struggle is that most companies lack granular visibility into these systems outside of their control to understand and explain changes.

This isn’t to say digital transformation should be undone, rather, it must be better secured. Organizations need to have proper protocols in place, especially when embracing industry 4.0 and digital transformation.

Security teams can start by monitoring all connections to better detect changes in operations, especially at remote sites to prevent unwanted external access. Having the ability to observe real-time, remote sessions and manage user access requests based on various factors can help OT leaders safeguard their networks from threats by third-party, unmonitored access.

Given how heavily organizations rely on remote connectivity now, it’s critical to define and enforce access permissions, especially those with privileged access. Riskier processes like packaging or wastewater treatment require more sensitivity when it comes to maintenance operations. These types of remote access may require an additional approval before gaining access to the device. Food and agriculture companies should adopt a multi-tiered network defense model like the Purdue model to mitigate lateral movement when systems are compromised, and protect critical process control assets. It also helps to limit authorized user activity to specific assets on OT networks while keeping corporate I.T. networks separate to prevent any incident spillover. 

With access also comes authentication. Using, sharing and managing passwords have become the norm in today’s remote workforce. Companies should look to eliminate or limit the use of passwords for external users. This can include requiring administrators to approve remote access sessions. Multi-factor authentication also adds another layer to protect against unwanted access. 

Even when it will be safe for teams to return to manufacturing floors, organizations must maintain stringent audit and compliance requirements for remote access. Threat actors constantly look for opportunities to strike and take advantage of workforce changes to gain access to critical networks. To lessen the risk, food and agriculture companies must stay diligent with capturing and documenting remote access session activity and credential usage to meet compliance requirements and ease future forensic analysis. 

With a better understanding of the cyber risks to their supply chain, food and agriculture companies can take the appropriate measures to reduce their risk and move forward with more confidence. These best practices of monitoring all connections, defining and enforcing privileged access control, verifying authentication and maintaining audit and compliance requirements can help better secure OT environments and extend the value of digital transformation efforts. 

Guilad Regev is senior vice president of global customer care at Claroty.

Data Management (Big Data/IoT/Blockchain) Cloud & On-Demand Systems Technology Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A MAN APPLIES PACKING TAPE TO A BROWN CARDBOARD BOX IN A LIVING ROOM OR OFFICE

    How Apparel and Retail Companies Are Implementing Intelligent Returns

    Reverse Logistics
  • A NURSE IN BLUE SCRUBS AND A WHITE TURTLENECK WEARING A MASK LOOKS INTO THE CAMERA WHILE HOLDING A CLIPBOARD.

    How Can Employers Repair the ‘Disconnect’ With Essential Frontline Workers?

    Artificial Intelligence
  • A ROW OF CHILDREN SITS CARVING WOODEN PANELS ON A DIRT FLOOR.

    Is Artificial Intelligence a Solution for Modern Slavery?

    Logistics
  • A SHIP LOADED WITH ORANGE CONTAINERS MAKES WAY UNDER A BRIDGE OVER A MUDDY BROWN WATERWAY

    Panama Chaos Grows as U.S. Diesel Shippers Bypass Canal

    Ocean Transportation
  • TWO PEOPLE SHAKE HANDS OVER A DESK

    Eight Keys to Vetting Suppliers for Success

    Sourcing/Procurement/SRM

Digital Edition

Scb nov 2023 lg

2023 Supply Chain Innovation Award

VIEW THE LATEST ISSUE

Case Studies

  • A GRAPHIC SHOWING MULTIPLE FORMS OF SHIPPING, WITH A HUMAN STANDING AT THE CENTER, TOUCHING A SYMBOLIC MAP OF THE WORLD

    Enhancing High-Value Electronics Shipment Security with Tive's Real-Time Tracking

  • A GRAPHIC OF INTERLACING HONEYCOMBED ELEMENTS REPRESENTING GLOBAL BUSINESS TRANSACTIONS

    Moving Robots Site-to-Site

  • JLL Finds Perfect Warehouse Location, Leading to $15M Grant for Startup

  • Robots Speed Fulfillment to Help Apparel Company Scale for Growth

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

Visit Our Sponsors

Antuit Zebra Anvyl AutoStore
BEUMER Group Blue Ridge Global Brightdrop
Brother CHEP Cleo
Coenterprise Comarch Data Capture
E2open Enveyo Eva Air
ForwardX Robotics Frayt GAINSystems
Generix Geodis GEP
Global Supply Chain Marketing Summit GreyOrange Here
HICX Holman Logistics Infor
Inmar Kinaxis Lexis Nexis
Locus Robotics Logility LogistiVIEW
Lucas Systems MCA Connect MCA Connect
Moody’s Analytics MPO Old Dominion
OneRail Overhaul PartnerLinQ (Visionet)
Port of Virginia Rockwell Automation Ryder E-commerce by Whiplash
Saddle Creek Logistics SAP Servicon
Shyft Sourcemap SPS Commerce
Tecsys TGW Systems Thomson Reuters
Veho Verusen Walmart
Workshop
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing