How Secure is your Business?
For businesses that have invested heavily in IT security and come to rely on partners for protection of their enterprise network, there is a belief that their cybersecurity is "good enough" to meet the current threats. However, the challenge is that most of the IT security methods that manufacturers have relied on for years were not designed to identify or protect operational technology. Manufacturers must be aware that layering IT solutions on top of one another is not adequate protection for these IoT, IIoT and ICS systems and devices.
One such attack was in May of 2021 on the world’s largest meat processing company, JBS, which was hit by a cyberattack that crippled its beef and pork production. The only way for the company to stop the attack was to pay $11 million in ransom. This disruption in meat production was felt across the United States, even though it only lasted a few days before the ransom was paid and the attack was halted.
In March of 2021, Molson Coors Beverage Co. was hit by a cyberattack that disrupted its brewing operations and shipments. While some plants were restored within 24 hours, others were not fully operational for days. The risks of these cyberattacks have cost companies millions, if not billions, of dollars in revenue.
The Biden Administration’s May 12, 2021, executive order directed federal agencies to implement Zero Trust Architecture, as defined by the National Institute of Standards and Technology. These requirements will likely impact manufacturers to take more responsibility for protecting their systems and their supply chain partners, as the risks include not only loss of data, but also loss of life. Put simply, the stakes are high.
CPG manufacturers should review and start to understand the recommended Zero Trust guidelines and use this level of security as the framework for their overall strategy. Their IT systems, including OT and IoT, and existing security standards, should comply with Zero Trust and other federal information security policies. Given the administration’s emphasis and existing trends -- Gartner estimates 60% of businesses will shift to Zero Trust networks by 2023 -- it seems certain that adopting a Zero Trust architecture will ensure not only compliance with the strictest standards, but also the ability to interact with business partners.
How can you adopt Zero Trust to improve your network security?
Most of the IT security methods that manufacturers have relied on for years are not designed to identify or protect IoT/IIoT and OT. The goal of a Zero Trust framework deployed in an enterprise is to verify trust in people, devices, systems, and networks before engaging/interacting with them - and continuously verify that trust to ensure nothing is compromised. It changes the old saying of 'trust, but verify' to 'never trust, and always verify' and that any request for network access must be continuously authorized.
As a core component of Zero Trust principles, micro-segmentation is the emergence of software-defined networks and network virtualization. Access to OT/IoT devices and systems in software can be managed and separated from the industry standard perimeter-focused security tools. Through this proven approach, it’s easier to deploy segmentation across all networks and systems unlike traditional firewalls, intrusion prevention systems (IPS) and other security systems. Micro-segmentation limits potential lateral exploration of networks by hackers. Zero Trust is not software or a specific network. It is, rather, a strategic approach to security.
As CPG manufacturers continue to integrate between companies and their supply chain partners, manufacturers have been warned that the rise in cybersecurity threats is due to both the growth in Internet-enabled devices and operational technology. As cyberattacks on SolarWinds, Bombardier, Colonial Pipeline, and others have demonstrated, these threats put critical and confidential data at risk, as well as jeopardize operations and production.
Partnering with a Zero Trust cybersecurity leaders such as Onclave Networks can help CPG manufacturers protect their smart factories and supply chain. The Onclave network eliminates the attack surface area for operational technology, while simplifying management issues and reducing costs.
ABOUT THE AUTHOR
Scott Martin is CMO of Onclave Networks, Inc., and has nearly 25 years of experience in emerging technology, software, IoT, durables, and consumer products. Onclave provides the first true Zero Trust+ secure communications platform - protecting legacy and new operational technologies from cyberattacks by securing the edge with Zero Trust, micro-segmentation and continuously reassessing trust.