A spate of serious cyberattacks on manufacturing businesses in recent years propelled the sector into the cybersecurity spotlight. The food and beverage industry is an area of manufacturing that somewhat went under the radar in discussions of cyber risk compared to other areas such as energy. But this industry is also critical, so it’s time to glean a better understanding of cybersecurity in the food and beverage industry.
As with other areas of manufacturing, the prospect of operational downtime is an outcome that those in charge of operational technology (OT) in food and beverage manufacturing plants want to avoid at all costs. And costs are the main reason for this avoidance of downtime, with over a third of respondents in one survey saying a downtime event at their plant would cost $1 million per hour.
Ransomware is a real concern in terms of operational downtime because it can rapidly replicate and spread between different systems. Closer convergence in recent years between IT and OT drives a range of benefits in terms of process efficiency as analysts derive insights from data generated at the machine level.
However, this IT/OT convergence also increases the attack surface. Without robust security controls and architecture, a cyberattack starting at the IT level can intrude into operations and cause downtime. These downtime events are significant risks for cybersecurity in the food and beverage industry.
Cyberattacks can interfere with the machines that control processes on plant floors. This carries the potential of causing safety risks due to the fact that food and beverage outputs are consumable products. The safety of these products depends on a delicate balance of external factors, such as the processing and storage temperatures.
Consider a threat actor using a remote access trojan to control or intentionally modify plant floor systems. Examples include distributed control systems (DCS) and supervisory control systems like SCADA. A whole slew of safety risks become possible with malicious actors targeting these systems.
For example, a slight temperature alteration on the plant floor for certain foods or beverages could put thousands of people at risk for foodborne illness. Seizing control over operational technology also puts plant floor workers at risk from unexpected movements in heavy machinery.
Loss of IP and Sensitive Information
Another important risk from cyberattacks in food and beverage is a loss of intellectual property. Threat actors might use their access to OT networks to obtain recipe information or secrets about production processes. This information can be offered for sale on the dark web, revealed openly or sold to competitors seeking any means of obtaining sensitive information.
An important driver of this risk is slow detection and response across the attack cycle within OT environments. Threat actors use various evasive methods to disguise their presence within networks, and ineffective detection and response ensures they roam free to seek out this sensitive information undetected.
Talent Shortages Being Exploited
Cybersecurity talent shortages continue to plague every industry, but the dearth of skills in operational security is even more profound than standard IT security roles. The individuals who operate and maintain the machines used on plant floors in food and beverage are experts in food safety, but they often lack cybersecurity skills.
There are several well-defined standards and frameworks for ICS security, but the problem is having the right team to implement them effectively on plant floors. Threat actors are usually swift in realigning their targets to sectors lacking security skills, so expect to see more food and beverage companies being affected by cyber campaigns over the coming years.
These three attacks and their consequences exemplify why cybersecurity in the food and beverage industry is such a pressing concern.
A May 2021 ransomware attack on JBS Foods caused havoc for the meat processing giant. The chaos that ensued resulted in operational shutdowns at meat processing plants worldwide, including nine plants in the United States. Not only was there a significant downtime event, but the panic about this downtime spurred JBS executives’ decision to pay $11 million to threat actors in return for decrypting all affected systems.
A document submitted to the U.S. Securities and Exchange Commission in March 2021 by beverage company Molson Coors sketched the details of a cybersecurity incident that caused a systems outage. There were disruptions to brewery operations, production and shipments. The repercussions included a $2 million one-off cost to forensics experts, consultants and data recovery providers who helped Molson Coors restore operations.
Ferrera is a Chicago-based American candy manufacturing company that produces popular treats, such as Nerds, Rain-Blo and Fruit Stripe. In October 2021, a ransomware attack on Ferrera encrypted its systems. It’s unclear if the incident originated in the IT environment or OT, but it resulted in halting production in several manufacturing facilities.