May 2017, the world faced one of the most serious cyber-attacks. The Ransomware Wannacry put at risk 200,000 companies spread over 150 countries.
Immediately after, every company, including those in Food & Beverage, started to assess their vulnerabilities and stance regarding their cybersecurity policy.
June 2017, another ransomware, Petya, infected more than 2,000 companies. For the first time, two major Food & Beverage companies announced publicly they have been attacked.
“Because cyber-attacks on Food and Agriculture sector offer little financial gain and likely pose only minimal economic disruption, the sector does not perceive itself as a target of such an attack”, as stated in the publicationFood and Agriculture Sector – Specific Plan (2015).
So, what is at stake for the Food & Beverage industry and why should cybersecurity matter for F&B companies?
Cost of Cyber-attacks
In June 27, an internationalF&B companypublished that it was impacted by the attack. A few days later, aPress Releaseannounced the consequences of the attack: a disruption in their ability to ship and invoice during the last days of their second quarter, and a first estimate on revenue impact.
Furthermore, as stated inKaspersky Labs Security Bulletin 2016, the longer it takes to detect a security breach, the higher the mitigation costs and the greater the potential damage. From US400,000 for an instant detection to more than US1.0 Billion for a detection taking over a week.
It is clear that cyber-attacks may dramatically impact your business.
Cybersecurity is also a critical topic forautomationarchitecturessuch asHMIs (Human Machine Interfaces) and SCADA (Supervisory Control And Data Acquisition) systems. It becomes even more important with increased connectivity, data exchange and the use of Industrial Internet of Things (IIoT). How do you make sure your process data is protected against cyber-attacks? Do your personnel have a general awareness of cybersecurity topics related to the use of such equipment? These are key challenges to answer.
Security Implementation Is a Solution, Not a Product
Security implementation is a combination of many items. It is about understanding the system, the threats and the risks. It involves people, policies, architectures and products.
Of course, it is under vendor’s responsibilitiesto design products and solutions with security features, to ensure they enable customers to comply with security standards and to provide recommendations and methodologies to guide implementation. But the end-users need to define security procedures, to mandate responsible people and to ensure compliance with security standards.
Finally, as Industrial security is more than just IT security, a“Defense-in-Depth”approach is recommended. This approach underlines that no single item will provide security for your entire system.
In conclusion, theFood & Beverage industryis also vulnerable to cyber-attacks and cyber-threats which increase in complexity. Therefore, cybersecurity policies should be assessed regularly using the evolving regulations and standards as part of your Food Defence Plan.