Food Engineering logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • PRODUCTS
  • TOPICS
  • EXCLUSIVES
  • MEDIA
  • FOOD MASTER
  • EVENTS
  • RESOURCES
  • EMAGAZINE
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Latest Headlines
  • Manufacturing News
  • People & Industry News
  • Plant Openings
  • Recalls
  • Regulatory Watch
  • Supplier News
  • PRODUCTS
  • New Plant Products
  • New Retail Products
  • TOPICS
  • Alternative Protein
  • Automation
  • Cannabis
  • Cleaning | Sanitation
  • Fabulous Food Plants
  • Food Safety
  • Maintenance Strategies
  • OEE
  • Packaging
  • Sustainability
  • More
  • EXCLUSIVES
  • Plant Construction Survey
  • Plant of the Year
  • Sustainable Plant of the Year
  • State of Food Manufacturing
  • Top 100 Food & Beverage Companies
  • MEDIA
  • Podcasts
  • Videos
  • Webinars
  • White Papers
  • EVENTS
  • Food Automation & Manufacturing Symposium and Expo
  • Industry Events
  • RESOURCES
  • eNewsletter
  • Custom Content & Marketing Services
  • FE Store
  • Government Links
  • Industry Associations
  • Market Research
  • Classified Ads
  • EMAGAZINE
  • eMagazine
  • Archive Issue
  • Advertise
Food Engineering logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Engineering logo
  • NEWS
    • Latest Headlines
    • Manufacturing News
    • People & Industry News
    • Plant Openings
    • Recalls
    • Regulatory Watch
    • Supplier News
  • PRODUCTS
    • New Plant Products
    • New Retail Products
  • TOPICS
    • Alternative Protein
    • Automation
    • Cannabis
    • Cleaning | Sanitation
    • Fabulous Food Plants
    • Food Safety
    • Maintenance Strategies
    • OEE
    • Packaging
    • Sustainability
    • More
  • EXCLUSIVES
    • Plant Construction Survey
    • Plant of the Year
    • Sustainable Plant of the Year
    • State of Food Manufacturing
    • Top 100 Food & Beverage Companies
  • MEDIA
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • FOOD MASTER
  • EVENTS
    • Food Automation & Manufacturing Symposium and Expo
    • Industry Events
  • RESOURCES
    • eNewsletter
    • Custom Content & Marketing Services
    • FE Store
    • Government Links
    • Industry Associations
    • Market Research
    • Classified Ads
  • EMAGAZINE
    • eMagazine
    • Archive Issue
    • Advertise
  • SIGN UP!
AutomationLatest headlines

Cybersecurity and OT

Industrial control systems risk shutdowns and other dangerous outcomes due to cybersecurity attacks

No doubt a ransomware or malware attack can shut down enterprise business systems, but cybersecurity attacks can do a lot more damage on manufacturing systems

By Wayne Labs, Senior Contributing Technical Editor
Don't let ransomware shut you down!

Even if you can manage to prevent ransomware entering the process control system from the IT network, it can still find its way via other routes to key OT systems, such as a CIP system. Imagine CIP temperatures not being met or too much or not enough chemicals with not enough rinse—all ways to make you throw away a batch if you catch it. What happens if you don’t? Photo: Wayne Labs

August 31, 2020

Of late, several companies have taken hits on their worldwide IT and Web based systems. Perhaps the most recent, Canon, suffered a global ransomware attack, taking down many Canon websites and systems—also with a threat of making their private business data public. But can these IT/enterprise attacks threaten and/or damage OT systems? And what can they do to food and beverage products? Make them unsafe by altering a critical kill step or omitting preservatives? What else?

I asked Barak Pereleman, VP of OT Security at Tenable, what attack vectors may pose danger to OT-based systems.

Tenable provides vulnerability management services to manufacturers around the world. It helps users manage risk with IT and cloud-based systems, and with the recent purchase of Indegy, allows OT users gain complete visibility, security and control of OT networks.

FE: Assuming that non-state hackers (e.g., criminals or kids attempting to make a cash haul), have the ability to come up with a destructive virus that attacks PLCs and DCSs, are they interested in taking down a system (e.g., critical process or power grid) for the “I can do this” self-satisfaction, or are they looking for a pile of money via extortion—that is “pay me for protection against the bad guys,” which are the same entity?

Barak Perelman: Two of the more prominent motivating factors are financial gain and the weaponization of an attack.  Financial gain is the typical motivation of ransomware attacks. Cybercriminals go where the money is. There are, unfortunately, many instances where it is simply cheaper and less disruptive to pay the bad actor than to avoid payment and suffer the consequences. So the payouts are big and increasingly likely. The weaponization of attacks is also increasing in frequency and scope. It is attractive because it doesn’t require many resources, but can cause as much or more damage and disruption as conventional military tactics.

FE: Is ransomware still the most effective method for securing a pile of money from a company? Are they now threatening to destroy OT (process control data)? Or is stealing business/banking information the easier approach? 

Perelman: Ransomware is increasingly popular because it is easy to do, hard to trace and in many cases relatively “safe” for the attacker to carry out. There have been a number of instances where cyber insurance companies advise the victim organization to pay the ransom because it is actually cheaper and less disruptive than non-payment. This is something that needs to change, because incentivizing attackers by paying out large sums of untraceable cash makes it an easy and lucrative method to achieve large paydays with little chance of getting caught. 

I cannot emphasize enough that financial/banking information theft this day and age is orders of magnitude harder than breaching an OT network and handling it as your own. 

FE: Is email still the most used way to penetrate a system today? I certainly get enough stuff that most likely leads to viruses and the like. Since Stuxnet, I assume that everyone knows about memory sticks.

Perelman: Email is still indeed the leading attack vector on the IT side of the house that can migrate to industrial OT networks, particularly if the environment is converged. Another method often employed by attackers is taking over a third party website and infecting it, causing malware to download on the devices of anyone who visits a seemingly trustworthy website. This was best described in the FBI & DHS report, “Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors,” a couple of years back. I would be happy to claim otherwise but, amazingly, USBs lying around are still an issue today; although, awareness is indeed much better compared to a decade ago.

FE: Are non-state hackers actually familiar with PLC/DCS coding that they could reprogram or shutdown critical systems? Are they familiar with specific apps that they could reprogram a PLC or DCS?

Perelman: The knowledge of hacking in industrial environments is not as pervasive as IT cybercrime. However, anyone with fairly entry-level technical skill—definitely someone writing malware—can easily learn to write code that deletes PLC code in one day. Give them another week and they'll know how to change the threshold level of an active ingredient in a drug. 

FE: In food and beverage, theft of intellectual property and business information (e.g., client lists, recipes, etc.) is probably more lucrative than shutting part of a processing or bottling system, right?

Perelman: Recipes and intellectual property are largely protected with trademarking. So, even if they got out, there are protections in place. The alarming part of a food and beverage attack is the far reaching ramifications in changing the formulation of goods or the methodology in the manufacturing process. Just one minor change to a process can disrupt the supply and taint products, causing untold harm to the business and consumers. Many “mainstream” attacks are inconvenient, and some even have significant consequences. Society can do without a lot of things, but when it comes to food and beverages, even a small attack can have dire consequences. [Food and beverage] is simply something we cannot live without. 

FE: Are non-state hackers entering OT and/or process control systems wirelessly—either through nearby Wi-Fi or through a cellular connection where they may have stolen logons, etc.?

Perelman: We are seeing an uptick of rogue actors accessing OT environments in a variety of ways. Not surprisingly and most typically they are performing reconnaissance and finding the “weak link” in the system to find their way in. We are seeing more attacks that start on the IT side and move to the OT side. This is often seen in converged IT/OT systems where the level of security is not where it needs to be. Increasingly, however, these same attacks are occurring in systems that are “air-gapped.” As history has proven, the unfortunate reality is that even the most secure air-gapped environments may experience “accidental convergence,” a situation where information accidentally flows across the air gap. 

Over the years, additional attack vectors in air-gapped environments have been discovered, including FM frequency signals from a computer to a mobile phone; thermal communication channels between air-gapped computers; the exploitation of cellular frequencies; and near-field communication (NFC) channels. Even LED light pulses among OT equipment have exposed critical systems to malicious activity.  Organizations that don’t have specific initiatives for IT and OT convergence are among the most at risk because no additional security is implemented beyond air gapping. Securing operations requires more than building a digital moat around the OT infrastructure. Even under the most favorable of circumstances, this isolation is nearly impossible to maintain. The introduction of one seemingly harmless variable into a sterile environment can permanently destroy the most stringently enforced air gap.

FE: How has the hacking landscape changed since COVID-19? In the last year? The last five years?

Perelman: COVID 19 has changed the operating environment for infrastructure and manufacturing organizations. Wherever possible, many employees have been directed to work from home and utilize laptops, tablets, smartphones and conference bridge services.  But working from home is not always an option, especially when it comes to OT. The following are a couple of new risk factors the OT community need to stay vigilant against:

  • Erroneous changes: This can include less experienced team members making erroneous changes to the system without the direct oversight of managers due to quarantine. 
  • Delayed response: Due to short staffing, or the need to divert employees to other tasks, security personnel may be negatively impacted in their ability to react to alarms in a timely fashion
  • Opportunistic attacks: Nefarious activity will likely increase during this period as bad actors look to exploit the procedural disruptions and overstretched skeleton crews associated with non-standard business operations.

Taking an honest look at these vulnerabilities and gaps is the first step to understanding which security measures need to be in place to keep critical operations running smoothly and safely.

For more information, visit Tenable.

About Barak Perelman

Barak Perelman, VP of OT Security at TenableBarak Perelman serves as VP of OT Security at Tenable. Previously, he was co-founder and CEO of industrial cybersecurity company Indegy, before it was acquired by Tenable. Perelman is a graduate of Israel's elite Talpiot military academy and brings over 15 years of hands-on experience in cybersecurity strategies and protection of critical infrastructures. Before founding Indegy, he led large-scale cyber security projects in the IDF and received commendations for his service achievements.

KEYWORDS: cybersecurity industrial networks

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Wayne labs 200px
Wayne Labs has more than 30 years of editorial experience in industrial automation. He served as senior technical editor for I&CS/Control Solutions magazine for 18 years where he covered software, control system hardware and sensors/transmitters. Labs ran his own consulting business and contributed feature articles to Electronic Design, Control, Control Design, Industrial Networking and Food Engineering magazines. Before joining Food Engineering, he served as a senior technical editor for Omega Engineering Inc. Labs also worked in wireless systems and served as a field engineer for GE’s Mobile Communications Division and as a systems engineer for Bucks County Emergency Services. In addition to writing technical feature articles, Wayne covers FE’s Engineering R&D section.

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • Global Organic Food & Beverage Market to Grow

    Global Organic Food & Beverage Market to Grow

    With a CAGR of 12.07%, Bonafide Research estimates this...
    Latest headlines
  • skilled MEP worker

    Predicting Food and Beverage Manufacturing Trends for 2024

    The two words that should be kept in mind are labor and...
    Automation
    By: Derrick Teal
  • cleaning and sanitation

    The basics of cleaning and sanitation in food plants

    Sanitation maintains or restores a state of cleanliness...
    Cleaning | Sanitation
    By: Richard F. Stier
Subscribe For Free!
  • eMagazine
  • eNewsletter
  • Online Registration
  • Manage My Preferences
  • Customer Service

OT Cybersecurity Vulnerabilities in Food Manufacturing Facilities

OT Cybersecurity Vulnerabilities in Food Manufacturing Facilities

Understanding Impacts of OT Cybersecurity Events in Food Manufacturing

Understanding Impacts of OT Cybersecurity Events in Food Manufacturing

Food Plant Openings and Expansions April 2025

Food Plant Openings and Expansions April 2025

FA&M 2025 in Rewind

FA&M 2025 in Rewind

More Videos

Popular Stories

Conagra Logo

Conagra Brands to Sell Chef Boyardee Brand to Hometown Food Company

Salt

FDA to Amend Standards of Identity to Include Salt Substitutes

Vilter IHP in plant

Industrial Heat Pumps: Sustainable Energy Solutions for Now and the Future

CHECK OUT OUR NEW ESSENTIAL TOPICS

Alternative ProteinAutomationCleaning/SanitationFabulous Food Plants

Food SafetyMaintenance StrategiesOEE

PackagingSustainability

Events

June 5, 2025

Mass Customization Driving Innovation in the Food and Beverage Industry

The food and beverage industry is at the nexus of transformative global manufacturing trends, driving a shift toward personalized, customer-centric solutions. 

June 5, 2025

How Cafe Spice Uses Automation to Propel Private Label

Learn about Cafe Spice’s new, state-of-the-art, highly automated manufacturing facility in Beacon, New York. 

View All Submit An Event

Products

Recent Advances in Ready-to-Eat Food Technology

Recent Advances in Ready-to-Eat Food Technology

See More Products

Plant of the Year

Related Articles

  • Remote Desktop Connection and protocols can lead to a cybersecurity break-in

    Remote attacks on process/automation systems can wreak havoc

    See More
  • Claroty

    Control system vulnerabilities put food & beverage at serious risk

    See More
  • Preventing Hacking

    Knowing Vulnerabilities In OT Systems Can Help Cybersecurity Efforts

    See More

Events

View AllSubmit An Event
  • May 6, 2025

    Fortifying Food Production: Automation and the Critical Role of Cybersecurity

    On Demand Food manufacturers face many challenges, including maintaining quality, managing labor shortages and sustaining the safety of their products, workforce and facilities. How can producers possibly keep up?
View AllSubmit An Event
×

Elevate your expertise in food engineering with unparalleled insights and connections.

Get the latest industry updates tailored your way.

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Food Master
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Food Engineering logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Engineering logo
  • NEWS
    • Latest Headlines
    • Manufacturing News
    • People & Industry News
    • Plant Openings
    • Recalls
    • Regulatory Watch
    • Supplier News
  • PRODUCTS
    • New Plant Products
    • New Retail Products
  • TOPICS
    • Alternative Protein
    • Automation
    • Cannabis
    • Cleaning | Sanitation
    • Fabulous Food Plants
    • Food Safety
    • Maintenance Strategies
    • OEE
    • Packaging
    • Sustainability
    • More
  • EXCLUSIVES
    • Plant Construction Survey
    • Plant of the Year
    • Sustainable Plant of the Year
    • State of Food Manufacturing
    • Top 100 Food & Beverage Companies
  • MEDIA
    • Podcasts
    • Videos
    • Webinars
    • White Papers
  • FOOD MASTER
  • EVENTS
    • Food Automation & Manufacturing Symposium and Expo
    • Industry Events
  • RESOURCES
    • eNewsletter
    • Custom Content & Marketing Services
    • FE Store
    • Government Links
    • Industry Associations
    • Market Research
    • Classified Ads
  • EMAGAZINE
    • eMagazine
    • Archive Issue
    • Advertise
  • SIGN UP!