Tales From the Road: A Wake-Up Call to the Food Production Industry

Tighten Cybersecurity Controls Before the Next Ransomware Attack Comes to You

Food production is highly regulated by the Federal Food & Drug Administration (FDA) and U.S. Department of Agriculture (USDA) to ensure food safety. However, the computer systems that are used to accomplish and maintain food safety processes don’t fall under the purview of those government organizations, making them more vulnerable to a ransomware attack or other cybersecurity breach.

DirectDefense was called upon by a major food producer to review their systems and assess their Supervisory Control and Data Acquisition (SCADA) architecture. The goal of this assessment was to ensure greater cybersecurity protections for the computer systems controlling this organization’s food production, inventory, storage and shipping processes. Their timing couldn’t have been better considering a recent ransomware attack that crippled Brazil-based beef and pork supplier JBS, shutting down some operations in the U.S. and Australia.

Food for Thought… No Industry is Off the Table

The JBS attack is the starkest example yet of the food system’s vulnerability to digital threats, especially as internet technology and automation increase. In addition to hobbling operations, the ransomware attack forced JBS to pay out an $11 million ransom. All told, the attack cost the company far more than the ransom payment.

Most of us connect the concept of cyberattacks to other industries – IT, financial, government, or retail, to name a few – but experts have warned the food industry for years about the threat of disruptive cyberattacks. The warning has now become the new reality.

Consequences Run Down the Food Chain

Perhaps most critical to keep in mind is that ransomware attacks are about more than collecting a sizeable ransom. These types of attacks to major industrial operations like food processing or water treatment plants can bring significant harm to the public who rely on these services every day.

And aside from the potential for severe consequences to public health, an attack on food production can impact the supply chain, leading to food shortages and higher prices.

The Perfect Target for a Ransomware Attack

The increasing number of ransomware attacks, and the payouts by companies to regain some control of their compromised systems and data, has signaled to perpetrators that these attacks work. Ransomware and other cybersecurity breaches will not cease, so the best thing companies can do is be prepared.

Being prepared, however, is part of the challenge. With virtually no mandatory cybersecurity rules to govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy, it’s easy to see why the food production industry is the perfect target for cybersecurity and ransomware attacks. These industrial organizations must choose to invest in cybersecurity to keep themselves protected.

Does Automation and Efficiency Have to Come at a Cost?

Unless properly managed with a secure SCADA architecture, the very nature of the food production process lends itself to security vulnerabilities:

• A single, automated system controls and stores food shipment data.

• Food storage facilities are fully computer-automated.

• Refrigeration and temperature controls are computer automated.

• Computer systems can be accessed remotely from online connections.

As a food producer, you don’t have to choose between expensive, time-consuming upgrades and getting breached. When we worked with our food producer client, we reviewed their IT system to determine how vulnerable the business was to cyberattacks. Then, we recommended the necessary steps toward increasing their SCADA architecture to reduce their cybersecurity risks.

We can help your business in the same way.

Here are the top three risks we found during our clients’ penetration test and our recommendations to secure their SCADA architecture so they won’t be the next ransomware target!

With so many critical food distribution and storage processes handled by computer systems, and providing potential access into the company’s corporate systems, our assessment identified multiple vulnerabilities that could be costly from a reputational and financial standpoint. The overarching issue at hand was that these systems were not designed for security at the time they were installed:

  1. The control systems in this facility were configured by default to allow access.
  2. Food distributors were required to log into the system to order products, an additional touchpoint that allowed for potential compromise.
  3. Not all of the correct security controls were in place in certain areas of the organization.

The main threats we identified were:

  • Insecure Protocol Usage: Clear-text and/or insecure protocols were in use to interact with sensitive systems, which put our client at risk for sensitive credentials and data being captured or compromised on these assets. Per best practices and industry standards, organizations should only use secure protocols to transmit sensitive information, even for internal systems.
  • Unsupported/Unpatched Software: Several systems covered by our test used software that was unpatched and no longer supported (which makes it impossible to patch to an acceptable level). While many of these systems did not have significant known security vulnerabilities, there were exceptions where an application was vulnerable to deserialization, which resulted in limited-privilege code execution on this system.

The strategic fixes we recommended:

  • Vulnerability Management: During this assessment, known exploits for unpatched software were a factor. We recommend that our client examine the overall vulnerability management process to determine why the in-scope systems were running outdated or unsupported software. They should ensure that the current vulnerability management program applies to all systems in the organization regardless of their purpose or sensitivity.
  • Improved Transport Security: We recommended that our client discontinue the use of insecure protocols within the environment and replace them with secure alternatives that employ strong encryption and authentication mechanisms to strengthen security controls.

If your food production organization is looking to stay out of the headlines for falling prey to a ransomware attack, we’re ready to help. Contact Us Today!


2023 Security Operations Threat Report