is equally important and manufacturers need to know what to protect and what to protect it against.
To do this, they can leverage the Purdue Model – formerly the Purdue Enterprise Reference Architecture (PERA) – a hierarchical structure for CI operators to easily break down and define CI assets across the network to achieve complete visibility and prepare for an attack.
With this level of visibility, manufacturers can gain insights into the weaknesses in their defences, which can help prioritise and drive remediation actions.
2PROTECT AND CONTROL CRITICAL ASSETS
While cyberattacks accelerate, companies are struggling to keep track of assets and devices on their networks, making it difficult to deploy appropriate security tools.
To safeguard operations and prevent supply chain disruptions, manufacturers must increase defence capabilities and understand what is needed to manage and defend against new and evolving cyberthreats. However, many organisations do not have the proper knowledge needed to protect their CI environments.
To close these knowledge gaps, manufacturers must leverage shared knowledge bases such as the MITRE ATT&CK framework
for industrial control systems (ICS) to understand real-world adversary groups and the behaviours they exhibit as well as the software they employ to aid in their attacks.
Vulnerability testing also helps prioritise risks that need immediate action before applying a multi-layered virtual patching solution to reduce downtime and give IT teams
framework enables businesses to identify and address 14 top level decisional risk areas that are associated with trust.
Ultimately, food and beverage manufacturers can further strengthen their approach to cybersecurity by adopting this intuitive framework.
Like most CI operators, food and beverage manufacturers are highly vulnerable targets of cyberattacks with significant consequences to production, distribution, and point of sale, if successful.
For this reason, it is crucial for food and beverage companies that manage CI to consider a three-pillar approach to building their cybersecurity framework. This will help to drive the cybersecurity agenda forward. It will also help manufacturers understand, measure, and manage their risk to achieve the best protection for their CI assets while continuing to generate substantial economic impact. ✷
✷ ABOUT THE AUTHOR
Michael Murphy is the
Australian head of
operational technology
(OT) and critical
infrastructure for
Fortinet. His focus is on
helping organisations build cyber resilience for OT and understanding how to achieve strong outcomes for OT security.
3
“ As cybercriminals become increasingly sophisticated, food and beverage manufacturers need a high level of visibility into their networks to not only comply with legislation, but to understand what assets need to be protected at all costs.”
PRIORITISE HIGHLY
EFFECTIVE, NON- INTRUSIVE TECHNIQUES Food and beverage manufacturers must be able to maintain control over critical assets to resist present and future cyberattacks.
The increasing convergence of IT and OT has expanded the threat surface and, without robust security controls and architecture in place, a cyberattack can disrupt operations and cause significant downtime.
To help protect CI assets against threats, manufacturers should consider adopting non-intrusive techniques that typically involve a simple scan to identify any vulnerabilities or gaps that cybercriminals can take advantage of.
time to close security gaps before an attack can occur.
CHECK THE NETWORK
Beyond these three key areas, it is also essential for food and grocery manufacturers to consider the risks that their wider network pose to their environment. One way that organisations can better protect their environments from vulnerabilities inherent in their network is by adopting the MITRE System of Trust (SoT) framework.
By adopting this framework, food and grocery manufacturers can build a basis of trust within their network by assessing the three main trust aspects of supply chain security: suppliers, supplies, and services.
•
•
• •
Subsequently, the MITRE SoT
www.foodanddrinkbusiness.com.au | September 2022 | Food&Drink business | 45
CYBERSECURITY