Food Engineering logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • PRODUCTS
  • TOPICS
  • EXCLUSIVES
  • MEDIA
  • FOOD MASTER
  • EVENTS
  • RESOURCES
  • EMAGAZINE
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Latest Headlines
  • Manufacturing News
  • People & Industry News
  • Plant Openings
  • Recalls
  • Regulatory Watch
  • Supplier News
  • PRODUCTS
  • New Plant Products
  • New Retail Products
  • TOPICS
  • Alternative Protein
  • Automation
  • Cannabis
  • Cleaning | Sanitation
  • Fabulous Food Plants
  • Food Safety
  • Maintenance Strategies
  • OEE
  • Packaging
  • Sustainability
  • More
  • EXCLUSIVES
  • Plant Construction Survey
  • Plant of the Year
  • Sustainable Plant of the Year
  • State of Food Manufacturing
  • Top 100 Food & Beverage Companies
  • MEDIA
  • Podcasts
  • Videos
  • Webinars
  • White Papers
  • EVENTS
  • Food Automation & Manufacturing Symposium and Expo
  • Industry Events
  • RESOURCES
  • eNewsletter
  • Custom Content & Marketing Services
  • FE Store
  • Government Links
  • Industry Associations
  • Market Research
  • Classified Ads
  • EMAGAZINE
  • eMagazine
  • Archive Issue
  • Advertise
Food Engineering logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Engineering logo
  • NEWS
    • Latest Headlines
    • Manufacturing News
    • People & Industry News
    • Plant Openings
    • Recalls
    • Regulatory Watch
    • Supplier News
  • PRODUCTS
    • New Plant Products
    • New Retail Products
  • TOPICS
    • Alternative Protein
    • Automation
    • Cannabis
    • Cleaning | Sanitation
    • Fabulous Food Plants
    • Food Safety
    • Maintenance Strategies
    • OEE
    • Packaging
    • Sustainability
    • More
  • EXCLUSIVES
    • Plant Construction Survey
    • Plant of the Year
    • Sustainable Plant of the Year
    • State of Food Manufacturing
    • Top 100 Food & Beverage Companies
  • MEDIA
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • FOOD MASTER
  • EVENTS
    • Food Automation & Manufacturing Symposium and Expo
    • Industry Events
  • RESOURCES
    • eNewsletter
    • Custom Content & Marketing Services
    • FE Store
    • Government Links
    • Industry Associations
    • Market Research
    • Classified Ads
  • EMAGAZINE
    • eMagazine
    • Archive Issue
    • Advertise
  • SIGN UP!
Manufacturing News

Knowing Vulnerabilities In OT Systems Can Help Cybersecurity Efforts

By Wayne Labs, Senior Contributing Technical Editor
Preventing Hacking

While a hacker may not gain access directly to a processor’s sensor/actuator digital network, the nefarious individual could gain access to controlling a fermentation system through un-patched controllers or by using remote desktop protocols (RDP) to a supervisory user interface, allowing direct access to the controls such as in the break-in to the Oldsmar, Fla., water treatment facility. Photo credit: Background industrial shot, Wayne Labs; and foreground hacker image, Gerd Altmann from Pixabay.

August 26, 2022

According to the IBM “X-Force Threat Intelligence Index 2022,” ransomware was the number one attack type in 2021, accounting for 21% of all attacks. Sixty-one percent of incidents at OT-connected organizations last year were in the manufacturing industry. In addition, 36% of attacks on OT-connected organizations were ransomware, according to IBM.1

While a food company like Mondelēz may experience a ransomware IT break-in, extorting money and stealing business/personal data, that doesn’t mean cybercriminals are only going for enterprise-level targets. In fact, OT (operational technology) attacks are also in vogue as demonstrated by the attack of the Oldsmar, Fla. fresh water treatment center. These OT attacks, while seemingly aimed only at high-stakes targets like oil and gas or the electrical grid, could be just as devastating to a food or agri-food company where sensitive ICS equipment is used.

However, OT attacks can be minimized by having an exhaustive picture of facility networks—all the way from device level to OT and to IT networks. Through good engineering practices (secure by design), many attacks on OT systems can be thwarted by using firewalls and routers correctly (and keeping their rules updated), knowing data flows and directions in the entire plant network, minimizing the use of remote desktop protocols (an open invitation to hackers to take over control systems as demonstrated by the Oldsmar break-in) and training operators on human engineering tactics used by cyberattackers. For a processor whose engineering staff thinks an OT device may be directly open to the internet, one way to check is by doing a search on Shodan.io for devices exposed to the public internet.2

CISA and OT:ICEFALL

Recently, CISA (the U.S. Cybersecurity & Infrastructure Security Agency) released several advisories related to an “OT:ICEFALL” (Insecure by Design) Report from Forescout’s Vedere Labs.3 Forescout has discovered a set of 56 vulnerabilities affecting 26 devices from ten operational technology (OT) vendors caused by insecure-by-design practices in OT. The affected products are known to be prevalent in several critical industries employing this technology. According to Forescout, many of these products are sold as “secure by design” or have even been certified with OT security standards.

Searching For Exposed Devices
For a processor whose engineering staff thinks an OT device may be directly open to the internet, one way to check is by doing a search on Shodan.io for devices exposed to the public internet. Photo courtesy of Shodan.io

CISA, whose mission is to defend ICS environments, offers a wide range of free products and services to support the ICS community’s cybersecurity security risk management efforts. CISA publishes an up-to-date list of ICS equipment and systems advisories regarding patch statuses and risk assessments.4

According to the Forescout report, OT vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution (RCE) via native functionality. Among the vulnerabilities found, 38% allow for compromise of credentials, 21% for firmware manipulation and 14% for remote code execution. The report found 74% of affected product families have some form of security certification.

Discovering Vulnerabilities
Forescout has discovered a set of 56 vulnerabilities affecting 26 devices from 10 operational technology (OT) vendors caused by insecure-by-design practices in OT. Photo courtesy of Forescout/Vedere Labs

Cybersecurity is fundamental for the safe operation of industrial control systems, due to an emerging threat landscape with new cybercriminals and targets and the increased connection between IT and OT systems. Today, threats targeting industrial equipment include internal and external attackers, for example, disgruntled employees, hacktivists, cyber criminals, and state-sponsored parties. Threats in the OT space have evolved significantly, showing more disruptive and destructive intent over the last decade.

According to the Forescout report, high-profile malware using OT technologies include Industroyer, which was used to cause Ukraine power outages in 2016, and the newer Industroyer2 variant found in Ukraine in 2022; TRITON, which targeted industrial safety systems in the Middle East in 2017; and INCONTROLLER, an APT toolkit targeting several OT devices, such as OPC UA servers and PLCs from Omron and Schneider Electric, according to the Vedere Labs report.

Secure-by-design vs. insecure-by-design

Today, most all ICS equipment is designed to be secure, meaning that software products and capabilities have been engineered to be foundationally secure. Unfortunately, much older equipment wasn’t designed to be capable of withstanding direct hacks and tampering. Modbus equipment, for example, wasn’t necessarily designed to be cybersecure. But now Modbus-based equipment is among some of the equipment to have common vulnerabilities and exposures (CVEs).

Cybersecurity is Fundamental for Safe Operation
Cybersecurity is fundamental for the safe operation of industrial control systems, due to an emerging threat landscape with new cybercriminals and targets and the increased connection between IT and OT systems. Photo courtesy of U.S. Cybersecurity & Infrastructure Security Agency

Unfortunately, risk management is complicated by the lack of known CVEs, says the Forescout report. It’s not enough to know that a device or protocol is insecure. To make informed risk management decisions, asset owners need to know how these components are insecure. Issues that considered the result of insecurity by design have not always been assigned CVEs, so they often remain less visible and actionable as they should.

According to the Forescout report, there are insecure-by-design supply chain components, and the vulnerabilities in them tend not to be reported by every affected manufacturer. Vedere researchers looked at two vulnerabilities with CVEs assigned to the ProConOS runtime that is often used in PLCs and RTUs without an associated CVE or public discussion that they were affected.

Web-based Internet Security
Web-based internet security checkup and information services, like ShieldsUP! from GRC, can detect if equipment has specific vulnerabilities. Photo courtesy of Gibson Research Corporation

How should processors look at this situation?

While all these issues are serious, they may not necessarily be impactful if otherwise secure-by-design engineering principles are followed in system development. Ron Fabela, CTO & co-founder at SynSaber5 , a provider of industrial asset and network monitoring solutions and SCADA security systems, explains:

“These CVEs focus on architecture, which stems from requirements for reliability but appear insecure by design. These would require complete refactoring or redesign to address as one cannot simply ‘patch Modbus.’ Past industrial vulnerability disclosures felt very familiar with typical software vulnerabilities that had some hope of being patched, although the dreaded ‘forever-day’ vulnerabilities still do exist, where the vendor refuses to or cannot generate a patch for that system.

“OT:ICEFALL, by design, set out to take these previous insecure-by-design elements and generate CVEs with the expected outcome of bringing more attention to these underlying issues. In reality, these unfixable issues have now exceeded managing and reporting thresholds for critical infrastructure, especially regulated industries like electric utilities. Now that CVEs have been identified, and ICS advisories posted by CISA, asset owners have no choice but to answer the following questions: Are the affected products in my environment? And, if so, what is the plan to patch or remediate?

“This has already kicked off a scramble to answer these questions and, more importantly, keep track of multiple CVEs that can never be actioned,” says Fabela.

“While I understand and appreciate the intent of OT:ICEFALL, the potential impact on the community, as a result, was either not fully understood or dismissed,” Fabela adds. “Researchers looking for high CVE counts and a blog post could now literally generate 100s or 1000s more meaningless disclosures, restating the same issues that asset owners, vendors, and operators can do little about. The ICS security community should be looking for ways to work with product security at OEMs and asset owners to drive real engineering informed security to remove these insecure-by-design flaws. Keeping our critical infrastructure teams buried in busy work CVEs is not the way.”

Resources:

1“X-Force Threat Intelligence Index 2022,” IBM Security, IBM Corporation, Armonk, NY, 2-2022; USA

2“Shodan: Search Engine for the Internet of Everything,” https://www.shodan.io/

3Forescout: “OT:ICEFALL: 56 Vulnerabilities Caused by Insecurity-by-Design Practices in OT;” webinar and research study; accessed 29 June 2022; https://www.forescout.com/research-labs/ot-icefall/

4“CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report,” CISA, 28 June 2022, https://www.cisa.gov/uscert/ncas/current-activity/2022/06/22/cisa-releases-security-advisories-related-oticefall-insecure

5SYNSABER Web site, https://synsaber.com/

KEYWORDS: cybersecurity industrial control IT/OT systems ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Wayne labs 200px
Wayne Labs has more than 30 years of editorial experience in industrial automation. He served as senior technical editor for I&CS/Control Solutions magazine for 18 years where he covered software, control system hardware and sensors/transmitters. Labs ran his own consulting business and contributed feature articles to Electronic Design, Control, Control Design, Industrial Networking and Food Engineering magazines. Before joining Food Engineering, he served as a senior technical editor for Omega Engineering Inc. Labs also worked in wireless systems and served as a field engineer for GE’s Mobile Communications Division and as a systems engineer for Bucks County Emergency Services. In addition to writing technical feature articles, Wayne covers FE’s Engineering R&D section.

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • Global Organic Food & Beverage Market to Grow

    Global Organic Food & Beverage Market to Grow

    With a CAGR of 12.07%, Bonafide Research estimates this...
    People & Industry News
  • skilled MEP worker

    Predicting Food and Beverage Manufacturing Trends for 2024

    The two words that should be kept in mind are labor and...
    Automation
    By: Derrick Teal
  • cleaning and sanitation

    The basics of cleaning and sanitation in food plants

    Sanitation maintains or restores a state of cleanliness...
    Cleaning | Sanitation
    By: Richard F. Stier
Subscribe For Free!
  • eMagazine
  • eNewsletter
  • Online Registration
  • Manage My Preferences
  • Customer Service

OT Cybersecurity Vulnerabilities in Food Manufacturing Facilities

OT Cybersecurity Vulnerabilities in Food Manufacturing Facilities

Understanding Impacts of OT Cybersecurity Events in Food Manufacturing

Understanding Impacts of OT Cybersecurity Events in Food Manufacturing

Food Plant Openings and Expansions April 2025

Food Plant Openings and Expansions April 2025

FA&M 2025 in Rewind

FA&M 2025 in Rewind

More Videos

Popular Stories

Conagra Logo

Conagra Brands to Sell Chef Boyardee Brand to Hometown Food Company

Salt

FDA to Amend Standards of Identity to Include Salt Substitutes

Butterfly pea flower

FDA Approves Three Food Colors from Natural Sources

CHECK OUT OUR NEW ESSENTIAL TOPICS

Alternative ProteinAutomationCleaning/SanitationFabulous Food Plants

Food SafetyMaintenance StrategiesOEE

PackagingSustainability

Events

June 5, 2025

Mass Customization Driving Innovation in the Food and Beverage Industry

The food and beverage industry is at the nexus of transformative global manufacturing trends, driving a shift toward personalized, customer-centric solutions. 

June 5, 2025

How Cafe Spice Uses Automation to Propel Private Label

Learn about Cafe Spice’s new, state-of-the-art, highly automated manufacturing facility in Beacon, New York. 

View All Submit An Event

Products

Recent Advances in Ready-to-Eat Food Technology

Recent Advances in Ready-to-Eat Food Technology

See More Products

Plant of the Year

Related Articles

  • Emerson cybersecurity

    How Does Your OT Cybersecurity Stack Up? Tips and Techniques for a Safer and More Secure Operation

    See More
  • neon light circuit board

    Ransomware Attacks Get the Lion’s Share of Publicity, but OT Incursions Can Be More Pernicious

    See More
  • Don't let ransomware shut you down!

    Industrial control systems risk shutdowns and other dangerous outcomes due to cybersecurity attacks

    See More

Related Products

See More Products
  • Functionalized_Carbohydrate.gif

    Functionalizing Carbohydrates for Food Applications

See More Products

Events

View AllSubmit An Event
  • May 6, 2025

    Fortifying Food Production: Automation and the Critical Role of Cybersecurity

    On Demand Food manufacturers face many challenges, including maintaining quality, managing labor shortages and sustaining the safety of their products, workforce and facilities. How can producers possibly keep up?
View AllSubmit An Event
×

Elevate your expertise in food engineering with unparalleled insights and connections.

Get the latest industry updates tailored your way.

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Food Master
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Food Engineering logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Engineering logo
  • NEWS
    • Latest Headlines
    • Manufacturing News
    • People & Industry News
    • Plant Openings
    • Recalls
    • Regulatory Watch
    • Supplier News
  • PRODUCTS
    • New Plant Products
    • New Retail Products
  • TOPICS
    • Alternative Protein
    • Automation
    • Cannabis
    • Cleaning | Sanitation
    • Fabulous Food Plants
    • Food Safety
    • Maintenance Strategies
    • OEE
    • Packaging
    • Sustainability
    • More
  • EXCLUSIVES
    • Plant Construction Survey
    • Plant of the Year
    • Sustainable Plant of the Year
    • State of Food Manufacturing
    • Top 100 Food & Beverage Companies
  • MEDIA
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • FOOD MASTER
  • EVENTS
    • Food Automation & Manufacturing Symposium and Expo
    • Industry Events
  • RESOURCES
    • eNewsletter
    • Custom Content & Marketing Services
    • FE Store
    • Government Links
    • Industry Associations
    • Market Research
    • Classified Ads
  • EMAGAZINE
    • eMagazine
    • Archive Issue
    • Advertise
  • SIGN UP!