System Integrators Play a Unique Role as Honest Brokers Offering Unbiased Solutions

By Cody P. Bann

Every industry is under the threat of a cyberattack. And it’s not if, but rather when. As system integrators , you understand the consequences of a cyberattack on your customers — critical infrastructure, food and beverage manufacturers, and even warehouses that keep the supply chains moving.

By better understanding cybersecurity challenges and solutions, you can further solidify your unique role as an honest broker and trusted advisor with both IT and OT – offering unbiased counsel that can play an important part in guiding clients on best practices to prevent an attack.

Critical Infrastructure and Cybersecurity

There are over 150,000 public water systems in the U.S. that provide tap water to nearly 300 million people. This critical infrastructure spans tens of thousands of miles, involves many remote sites, and requires multiple networks with complex software and hardware needs. The sheer size and scope of these systems offers hackers many exploitable entry points.

As utilities transition to the cloud, remote access, smart devices, and the Internet of Things — IT and OT are no longer separate. Over the past decade, the technology behind water infrastructures and utilities has become more interconnected with OT & IoT devices.

The different connected devices such as controllers, sensors, and smart meters are being used by water utilities to remotely monitor and manage processes. In a recent West Monroe survey, 67 percent of utility leaders cited cybersecurity as their top concern of the converged IT and OT network.

A cyberattack causing an interruption to drinking water and wastewater services could erode public confidence, or worse, produce significant public health and economic consequences. The diverse nature of the water and wastewater sector, with organizations of varying size and ownership, the sector’s splintered regulatory regime, and a lack of cybersecurity governance protocols, present significant [cybersecurity] challenges.

Moreover, entities within the sector often face insufficient financial, human, and technological resources. Many organizations have limited budgets, aging computer systems, and personnel who may lack the knowledge and experience for building robust cybersecurity defenses and responding effectively to cyberattacks.[1]

Food and Beverage Sector and Cyberattacks

According to Trustwave, a leading data security firm, food & beverage was the third most compromised industry after retail and hospitality, accounting for 10 percent of all attacks.

While that number may seem small compared to the massive breaches reported recently by news outlets, it’s important to understand that 70 percent of hacked food & beverage companies go out of business within a year of an attack.[2]

The size of these companies doesn’t seem to matter to the attackers, either. According to the Federal Bureau of Investigation, “Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes.”[3]

A few of the attacks that have occurred in the past few years include:

  • Molson Coors, which experienced a systems outage that caused delays and disruption to the brewery operations, production and shipments;
  • An unidentified “US bakery company” suffered a ransomware attack in July 2021 that interrupted its operations for one week as the firm could not access its server, files, or applications;
  • Ahead of a recent Halloween season, cyber criminals attacked confectionary firm Ferrara’s (maker of SweetTarts, Nerds and Boston Baked Beans) computer system, which disrupted operations for several weeks;
  • A “cyber event” temporarily halted operations at all of Schreiber Foods’ dairy processing plants and warehouses;
  • And the well-publicized attack at meat processor JBS whose North America operations were shut down and an $11 million ransom was paid to the attackers.[4] 

The food supply’s vulnerability is not lost on the U.S. Department of Homeland Security, which considers the entire food & agriculture industry one of the 16 national critical infrastructures. This designation has generated attention for a new type of cyber threat called agro-terrorism: deliberately contaminating the country’s food supply, with the intent to terrorize and harm people.[5]

Surprisingly, a significant share of manufacturers have yet to build the cyber capabilities to secure some of these business-critical systems. Deloitte’s survey found that, while 90 percent of manufacturers reported capabilities to detect cyber events, very few companies today have extended monitoring into their operational technologies environments.[6]

Warehouses and Threat of Cyberattacks

Even before the pandemic started, global supply chains were experiencing growing pains as they adapted to meet the pressures of rising demand and a delivery system in need of an overhaul. Supply and demand issues during the pandemic revealed how fragile supply chains can be, particularly with the increased threat of cyberattacks.

Technologies such as embedded sensors, GPS, and RFID have helped companies transform their existing traditional (a mix of paper-based and IT-supported processes) supply chain structures into more agile, flexible, open and collaborative digital models. Digital transformation in supply chain management enables organizational flexibility, business process automation and accelerates innovation in supply chain management.

A digital supply chain provides visibility into the workings of the chain; it is the process of integrating and applying advanced digital technologies into supply chain operations from procurement data, inventory management to transportation and distribution. Companies are layering more systems into their IT networks to support remote work, enhance the customer experience, and generate value, all of which creates potential new vulnerabilities.

As companies have accelerated their digitalization strategies – and as more equipment becomes connected – they have become more dependent on third-party software and technology. This, in turn, has increased firms’ attack surface exposure and points of vulnerability.

Integrating remote alarm notification software with the SCADA system is critical to reducing cyberattacks.

Supply chain attacks are when a company’s data is compromised via the hacking of a third-party supplier with legitimate access to its customers’ systems. Hackers can insert malicious code into trusted hardware or software at the source, compromising the data of its customers — and their customers — in an onward chain.

Common Thread

These industry examples have commonalities all relating to technology vulnerabilities that can be found in remote access to networks, insufficient security configurations, outdated firewalls, weak passwords, and a lack of proper staff training. It’s ironic that as these industries adopt more smart technologies to increase efficiencies, cyberattack risks escalate.

As you know from years of working as a system integrator, that, coincidentally, turning to additional technology is one answer to address this challenge.  Many SCADA systems are simply over-exposed to the internet by remote desktop applications (e.g., RDP and TeamViewer).

To offer process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege and opening their entire control systems and hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk for companies.

Increased Technology Adds Protection
Notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. 

Counseling clients about more robust technology with greater functionalities to increase productivity and efficiencies is the perfect time to address cybersecurity and best practices such as upgrading aging systems, creating robust backup and recovery plans, and adding software like remote alarm notification software as added protection against cyberattacks.

Advanced remote alarm notification software allows remote operators access to only the information they need from SCADA without granting access to the SCADA itself or its operating system host like remote HMI or remote desktop solutions. Such notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. This is done by deploying notification solutions alongside the SCADA system at the network’s control level and using notification modalities that are not internet facing or distributing internet-facing notification processes to higher levels.

For example, internal email servers, SMS modems, and voice via PBX devices allow communication with the outside world without internet exposure. Likewise, distributing the processes that interface with SCADA from those that interface with external email servers, VoIP solutions, and cloud apps allows internet-based notifications without compromising security.

Remote alarm notification software protects against cyberattacks by deploying notification solutions alongside the SCADA system at the network’s control level.  

Of course, there are valid cases for desktop sharing software that do not violate PoLP and go well beyond operator access to process information. For such systems it’s critical that the remote desktop solutions be implemented with sound security.

There are several steps operators in each of these industries can take to improve their cybersecurity:

  • Update any software to the latest version;
  • Deploy multifactor authentication;
  • Use strong passwords to protect remote desktop protocol credentials;
  • Ensure anti-virus systems, spam filters and firewalls are up to date, properly configured and secure.[7]
Unique Role

Rapid globalization, technological advancements, changing consumer preferences, and evolving government policies are reshaping every industry. Trying to meet these challenges with manually intensive processes and outdated technology is difficult. However, by incorporating advanced technology, critical infrastructure, manufacturers and warehouses can increase productivity and efficiency, and reduce maintenance costs.

SIs play an important role as honest brokers in this process by listening to clients’ challenges and recommending solutions. The unique expertise brought by a skilled controls system integrator provides an invaluable link between IT vendors who offer solutions — like remote alarm notification software — and clients with complex projects and the ever-looming threat of cyberattacks.

Cody P. Bann is director of engineer at Austin, TX-based SmartSights. He can be reached at cody.bann@smartsights.com. SmartSights, previously known as WIN-911 and SyTech, is a global leader in data-drive analytics, reports and notifications, serving the industrial sector.  

This content is sponsored by SmartSights.

[1] https://www.awwa.org/Portals/0/AWWA/Government/AWWACybersecurityRiskandResponsibility.pdf (accessed March 1, 2022).

[2] “Risky Business: Cyberattacks on the Food Supply,” Capstone Logistics.

[3] John S. Forrester, “Why Cybersecurity is a Major Concern for Food Firms in 2022,” Powder & Bulk Solids, February 4, 2022.

[4] Ibid

[5] “Risky Business: Cyberattacks on the Food Supply,” Capstone Logistics.

[6] https://www2.deloitte.com/us/en/pages/energy-and-resources/articles/smart-factory-cybersecurity-manufacturing-industry.html (accessed June 7, 2022).

[7] https://biztechmagazine.com/article/2021/04/cybersecurity-lessons-utilities-can-learn-oldsmar-water-plant-hack (accessed March 1, 2022).