Agroterrorism: food and beverage sector needs to minimise risk

Many people are familiar with the financial risks associated with cyber attacks, but agroterrorism — the intentional disruption of the food supply chain with the intention to harm the population — is an increasing risk. Although the consequences of agroterrorism are relatively high, there has been little attention on minimising this type of threat. Connected automation systems are making food and beverage manufacturing more efficient, productive and cost-effective, but this greater connectivity creates greater opportunities for agroterrorism. Darcy Simonis, Industry Network Leader for ABB’s food and beverage segment, discusses the need to integrate data protection into a wider plant safety system.

The food and beverage industry has historically been a slow adopter of technology, but this is changing. A high level of connectivity allows plant managers to gather and monitor multiple data points spanning all areas of the production line, including changes in temperature, equipment performance and the quality of ingredients. This can reap multiple benefits such as increased efficiency, quality, profits and improvements to human safety. Unfortunately, many automation systems like this are prime targets for cybercriminals looking to disrupt a business or industry.

Data vulnerability can fall into several risk categories: for example, theft, public exposure, data corruption or loss, and data manipulation. Making sure that process data is protected against cyber attacks should be a priority for all food and beverage manufacturers.

A major risk of data breaches is the malicious manipulation of recipes. Over two million people die from food-related illnesses every year and more than 1.3 billion tons of food are discarded due to spoilage. According to a Trustwave Global Security report, the retail, food and beverage sectors are more commonly attacked than banking and financial firms. With increasingly automated production lines, hackers have the potential to hack into programmable logic controllers (PLCs) to poison a food supply or endanger food safety by shutting down refrigeration systems. This could not only impact suppliers but also impact transporters, distributors and restaurant chains.

Unlike the banking and financial sector, food manufacturing is not widely regarded as a high-risk industry. Therefore, it is common that food and beverage companies lack comprehensive cybersecurity programs. However, as evidence suggests, this can risk causing illness and fatalities through tainted food, thus incurring legal battles, fines and negative impact on the brand. That is not to mention the costly downtime associated with shutting down a production line until the problem is dealt with.

Many operational technology systems are interconnected with IT networks, leaving them more exposed as there are multiple access points for cyber attacks. Insecure remote access, operating system flaws and a lack of staff training can all impact the cybersecurity strength of an organisation. However, there are steps to minimise the likelihood of attacks.

Simple measures, such as implementing firewalls, timely deployment of security updates and using antivirus software, can protect against some common attacks. Security zones should also be essential so that all data can be protected. To ensure safety systems are adequately secured, risk assessments should be carried out to detail each potential threat area and assess the identified vulnerabilities for their likelihood.

Threat detection aims to track and monitor the status of all operational devices and configuration of parameter settings, preventing any unauthorised interventions. Continually monitoring these systems provides plant managers with an early warning sign of any unauthorised changes or malicious events.

Services like the ABB Ability Cyber Security Services can provide manufacturers with customised cybersecurity solutions with multiple layers of control. Delivering protection for the entire system life cycle, from identification of security risk to the recovery of compromised systems, ABB’s service can identify the vulnerabilities that exist in a system, so that the areas of weakness can be addressed and security controls implemented.

Plant managers should also opt for safety systems with cloud infrastructure built into the platform, allowing them to securely store their data.

Food and beverage manufacturers must adhere to fast production cycles to preserve nutrition value and freshness, while meeting the high-quality standards that the industry demands — and it’s clear that automation is the key to remaining competitive and achieving these goals. However, an effective cybersecurity solution should be integral to keeping these systems safe.

Image credit: ©stock.adobe.com/au/A. Zaytsev