Keeping your food processes secure

Aug. 27, 2017 – Cybersecurity has been top of the agenda for many businesses following the global Wanna Decryptor (WannaCry) ransomeware attack that grabbed headlines in May 2017. The latest in a line of high profile attacks, WannaCry saw over 45,000 attacks recorded in almost 100 countries, including the U.K., U.S., India and China.

As food manufacturing plants become more connected through the Industrial Internet of Things (IIoT), the threat of cyber attacks and how much damage they can do, has increased. Here, Robert Glass, global food and beverage communications manager at ABB, offers advice on how to ensure your manufacturing process is kept secure.
 
IIoT is creating many exciting opportunities for the manufacturing industry; however, the increased use of connected devices and systems has also resulted in a rise in cyber attacks. For many, the phrase cyber-attack conjures an image of email hacking and stolen bank details, but it can have a significant impact on plant processes and production if systems are not protected correctly.

While it can be difficult to prevent a cyber attack from happening, there are a number of precautions manufacturers can take to minimize risk and protect themselves.

Identifying the gaps
Research conducted by Gov.UK found that while one in four large firms experience a breach in cybersecurity at least once a month, only half have taken any action to address vulnerabilities. Furthermore, only one-third of the firms surveyed had any form of cybersecurity policy at all.

The first step in securing your plant’s system is to quickly identify the devices and software that are most vulnerable. To do this, plant managers should appoint an individual or team, dependent on the size of the facility, that takes responsibility for cybersecurity. Once appointed, they should conduct an in-depth security assessment and establish a program of regular monitoring to identify weaknesses and the actions that need to be taken to improve security.

Many plants now operate a bring your own device (BYOD) policy, allowing employees to access systems, software and networks through their own devices. The concept brings with it many benefits, including increased productivity and reduced IT costs. However, it is important that there is a security policy in place to ensure breaches do not occur.

The biggest cause of breaches is the lack of a functional firewall and up-to-date firmware across a business. Firewalls are often the first line of defence against a cyber attack, protecting the perimeter of a network. Users must ensure that their devices have the latest software updates, as they often include security patches to protect against new cyber threats. Cyber attacks are constantly evolving to get around security protocols, so it is vital that the software on any device accessing the network is up-to-date. Connecting to insecure Wi-Fi and Bluetooth networks can also pose a danger. Security managers should ensure users always connect to secure networks that are password protected.

Standards and policies
The digital landscape is constantly evolving and, as such, the standards and policies that business put in place to protect themselves should also adapt.

There is no single solution to protect all businesses, so it is important to seek the advice of organizations to create a company-wide policy that can detect, deter and prevent the threat of a cyber attack. In addition to a company’s IT network with traditional laptops, many food and beverage manufacturers also maintain a connected automation network. This network controls a manufacturing plants production; from simple control like mixing bagel dough to more potentially dangerous processes like decanting oils (where high kinetic speeds can pose safety hazards). Recipes are managed on these systems, and companies have a large financial interest in also protecting their automation networks from cyber attacks.

Software provides bespoke cybersecurity solutions across an entire system life cycle, with multiple layers of security controls that are continually updated.

Even with a robust security system in place, it is vital that manufacturers keep an off-site back-up to ensure data is protected in the event of cyber attack. Keeping this back-up off-the-grid will ensure a much smoother recovery process of critical data.

While awareness of cyber-attacks has risen since May, businesses must now move to take action and ensure their systems are adequately protected. The WannaCry ransomeware attack has proven that all businesses are vulnerable, no matter their size and that no one can take cyber security for granted.
 
Robert Glass is the global food and beverage communications manager at ABB.