F&B Manufacturer Implements Powerful Cybersecurity

With industry facing an alarming rise in cyberattacks, one leading food and beverage (F&B) manufacturer moved to harness the skills of Rockwell Automation and Claroty to implement a bespoke solution and harden their Operational Technology (OT) and Information Technology (IT) defences.

A recent Threat Intelligence Index report revealed that manufacturing had become the world’s most attacked industry — outpacing finance and insurance for the first time in five years. The majority of manufacturers who fall victim to cyberattacks generally experience production stoppages, and with the convergence of IT and OT, the attack surface increases significantly.

“What is more worrisome is that many manufacturers admit to possessing limited cybersecurity skills within their businesses,” says Rod Beard, network services lead, Rockwell Automation.

Operating in such an environment with growing risks, a major F&B company sought full end-to-end OT visibility across their sites. One of the company’s objectives was to ensure continuous uninterrupted production at their plants in Australia, Canada, and the United Kingdom.

Strong local team a distinct benefit

The F&B company already had a well-established long-term relationship with Rockwell Automation. Being able to engage with Rockwell Automation’s strong local team gave the client the confidence that the right solution would be recommended.

“Older technology needed to be modernised to enable better visibility,” said Beard. “As the adage goes, ‘if you can see it, you can protect it’.” Rockwell Automation worked with its partner, Claroty, which specialises in assisting organisations secure cyber-physical systems in their environments with purpose-built cybersecurity technology.

Claroty’s Continuous Threat Detection (CTD) solution has been implemented across four sites in Australia, with six more scheduled globally over the next few years. It was implemented as a virtual appliance that sniffs network traffic when passing through the OT network. It is currently used to provide visibility of threats within the network, but there are plans to integrate it into the F&B company’s wider IT network team for alerting and monitoring.

“OT systems are particularly vulnerable as they do not run on regular operating systems, lack traditional security tools, and are usually programmed from conventional computers,” said Alson Huynh, cybersecurity consultant, Rockwell Automation. “This leaves them open to the risk of attack from malicious entities which can disrupt production – even the slightest manipulation of a sensor could be enough to significantly disrupt production.”

World’s best practice security solutions

To help mitigate cybersecurity risks, the solution developed by Rockwell and Claroty, enables the F&B company to adhere to the NIST Framework, which is considered by many to be industry best practice. A US Department of Commerce initiative, National Institute of Standards and Technology (NIST) helps businesses better understand, manage, and reduce their cybersecurity risk to protect their networks and data.

“The Claroty solution also implements the Mitre ATT&CK (Adversarial Tactics, Techniques, & Common Knowledge) framework,” said Huynh. “The framework specifies a comprehensive list of known adversary tactics and techniques to be deployed during a cyberattack.”

The robust Mitre ATT&CK system has users from 226 countries contributing real-world observations and helps model cyber adversaries' tactics and techniques — and then shows how best to detect or stop them.

Getting it correct from the beginning

Rockwell Automation drew on its extensive experience in handling both IT and OT and, as consultants on this project, understood the functionality and system integration aspects. Their expertise was particularly beneficial in this project as the F&B company’s OT systems are heavily integrated with their IT systems.

This skill was useful when reducing alert noise in the system. “The tuning process can prevent false positive or irrelevant alerts, and effectively tuning the Claroty CTD requires an in-depth understanding of both OT and IT,” said Huynh. “We drew on our knowledge of how PLC (Programmable Logic Controller) and SCADA (Supervisory Control and Data Acquisition) systems interact across the network, as well as interactions with IT services in the cloud such as Azure Active Directory and Windows Defender.”

After the successful implementation, engineers at the F&B client company appreciated the end-to-end visibility and information gathered. Apart from adding value to their operation, wrong connections that were usually undetected, could now be seen and rectified. The system displays all assets on the network and features real-time threat detection.

After successfully connecting the F&B company’s OT and IT communities, a spokesperson for the client said: “Rockwell and Claroty are the glue that hold these two departments together.”