Managing cyber threats to operational technology – lessons from the JBS ransomware attack
The meat industry, like many other industries, once relied upon employees to manually monitor and manage systems on local IT infrastructure (PCs and other non-connected devices). These employees were ultimately responsible for maintenance, and identifying and reporting issues within their business. Without a network interface, cyber criminals found it difficult to access systems and cause any significant or widespread damage or disruption, leaving the sector relatively unscathed – until now.
With the rapid digitisation of industries, the threat landscape has changed. There is now far greater integration between information technology (ICT), which is primarily used for administrative and communication purposes, and operational technology (OT), which is used for managing, controlling and monitoring industrial equipment and processes. In fact, the meat industry has been an early adopter of digital connectivity to optimise production and increase operational efficiencies. And this is the reason the meat industry has become more vulnerable to cyber crime.
The May 2021 ransomware attack on meat processing company JBS successfully shut down operations in Australia, Canada and the US. It shows that cyber criminals are indeed targeting this kind of technology and are simply looking for the path of least resistance.
JBS ransomware attack – what can we learn?
Many were shocked that JBS could fall victim to a cyber attack, highlighting that any industry with critical infrastructure, including the meat industry, is not exempt from such threats.
When compared to the May 2021 Colonial Pipeline ransomware attack, it is evident that although both Colonial Pipeline and JBS were attacked in the US, there are cascading consequences into multiple geographic locations, and the impact to their customer bases are quite significant and concerning.
As companies cannot afford the luxury of shutting their operations in the event of an incident, they need to become more resilient, not only in securing their OT, but also in their recovery capabilities.
What are the key challenges for businesses?
- ICT and OT network segmentation: The ICT environment and the OT environment are now converging, making it difficult to segment networks and balance industry best security practices against an evolving architecture.
- Proliferation of connected devices: The Internet of Things (IOT) and Industrial Internet of Things (IIOT) era has led to an abundance of unsecured data being transmitted through the corporate network.
- Increasing regulatory requirements: Governments are imposing increasingly stringent regulations on critical infrastructure (those assets essential to the functioning of our economy), and the expectation is that businesses more broadly will need to meet these high standards of compliance to achieve ‘best practice’ cyber security.
- Rising costs: The financial burden of compliance, and the ever increasing cost of implementing and uplifting additional cyber security controls and tools can be difficult for businesses of all sizes to manage and budget for.
What can you do?
Understand and manage your cyber risk landscape by identifying your vulnerabilities and implementing an information security management system.
Build a solid cyber policy with standards and guidelines for your business. A great place to start is the ACSC Essential Eight, which provides eight mitigation strategies recommended by the Australian Cyber Security Centre (ACSC).
Engage a cyber risk consulting specialist to assist your business in understanding, measuring and managing your cyber risk landscape and organisational cyber security maturity levels.
What does this mean moving forward?
The JBS incident has frighteningly demonstrated that there are significant cyber risks associated with operating in an environment with OT, and that even the meat industry isn’t immune to cyber-criminal activity and the potentially catastrophic financial, operational and reputational consequences of such an attack. With increasing regulatory requirements, businesses must not only take action to better secure their OT and ICT environments, but also take greater accountability for their cybersecurity and ensure they have a robust cyber strategy in place that will give them the best chance of mitigating the impacts of a cyber attack.
With the appropriate cybersecurity and risk management strategies in place, your business can both reduce the likelihood and severity of a cyber attack, and improve your ability to recover quickly and effectively.
Effectively protecting your OT environment requires cyber security solutions based on a deep understanding of this landscape. It’s important to engage the assistance of an expert cybersecurity advisor who understands your business risks, but also the niche intricacies of your industry, operations and environment.
By conducting an OT industry framework-based assessment, your business can gain a thorough understanding of the maturity of your OT environment, assist in developing a bespoke cyber strategy and create a road map to help minimise your OT cyber exposure.
