{"id":8483,"date":"2017-07-27T15:00:07","date_gmt":"2017-07-27T23:00:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/07\/27\/news-2257\/"},"modified":"2017-07-27T15:00:07","modified_gmt":"2017-07-27T23:00:07","slug":"news-2257","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/07\/27\/news-2257\/","title":{"rendered":"Why Cybersecurity Matters in Food & Beverage?"},"content":{"rendered":"

Credit to Author: Marilidia Clotteau| Date: Thu, 27 Jul 2017 22:01:29 +0000<\/strong><\/p>\n

May 2017, the world faced one of the most serious cyber-attacks. The Ransomware Wannacry put at risk 200,000 companies spread over 150 countries.<\/p>\n

Immediately after, every company, including those in Food & Beverage, started to assess their vulnerabilities and stance regarding their cybersecurity policy.<\/p>\n

June 2017, another ransomware, Petya, infected more than 2,000 companies. For the first time, two major Food & Beverage companies announced publicly they have been attacked.<\/p>\n

\u201cBecause cyber-attacks on Food and Agriculture sector offer little financial gain and likely pose only minimal economic disruption, the sector does not perceive itself as a target of such an attack\u201d, as stated in the publication Food and Agriculture Sector \u2013 Specific Plan (2015).<\/a><\/p>\n

So, what is at stake for the Food & Beverage industry and why should cybersecurity matter for F&B companies?<\/p>\n

Cost of Cyber-attacks<\/strong><\/p>\n

In June 27, an international F&B company<\/a> published that it was impacted by the attack. A Few days later, a Press Release<\/a> announced the consequences of the attack: a disruption in their ability to ship and invoice during the last days of their second quarter, and a first estimate on revenue impact.<\/p>\n

Furthermore, as stated in Kaspersky Labs Security Bulletin 2016<\/a>, the longer it takes to detect a security breach, the higher the mitigation costs and the greater the potential damage. From US400,000$ for an instant detection to more than US1.0 Billion$ for a detection taking over a week.<\/p>\n

It is clear that cyber-attacks may dramatically impact your business.<\/p>\n

Food Defence Plan<\/strong><\/h4>\n

With the implementation of a Food Defence Plan<\/strong> as part of a Food Safety Management standard, a Threat (or Vulnerability) Assessment Critical Control Point (TACCP) is recommended (Food Safety Modernization Act Final Rule for Mitigation Strategies to Protect Food Against Intentional Adulteration<\/a>).<\/p>\n

Furthermore, in Europe, the PAS96:2014 Guide to Protecting & Defending Food & Drink from Deliberate Attack<\/a>\u00a0states that “No Process can guarantee that Food & Food Supply are not the target of Criminal Activity”. \u201cCybercrime\u201d is clearly listed as a potential threat to be addressed.<\/p>\n

Industrial Control Systems\u00a0<\/strong><\/h4>\n

Cybersecurity is also a critical topic for automation<\/a> architectures<\/strong> such as HMI<\/a>s (Human Machine Interfaces) and SCADA (Supervisory Control And Data Acquisition) systems. It becomes even more important with increased connectivity, data exchange and the use of Industrial Internet of Things (IIoT). How do you make sure your process data is protected against cyber-attacks? Do your personnel have a general awareness of cybersecurity topics related to the use of such equipment? These are key challenges to answer.<\/p>\n

\"\" <\/p>\n

Security Implementation Is a Solution, Not a Product<\/strong><\/h4>\n

Security implementation is a combination of many items. It is about understanding the system, the threats and the risks. It involves people, policies, architectures and products.<\/p>\n

Of course, it is under vendor\u2019s responsibilities to design products and solutions with security features<\/a>, to ensure they enable customers to comply with security standards and to provide recommendations and methodologies to guide implementation. But the end-users need to define security procedures, to mandate responsible people and to ensure compliance with security standards.<\/p>\n

Finally, as Industrial security is more than just IT security, a \u201cDefense-in-Depth\u201d<\/a> approach is recommended. This approach underlines that no single item will provide security for your entire system.<\/p>\n

In conclusion, the Food & Beverage industry<\/a> is also vulnerable to cyber-attacks and cyber-threats which increase in complexity. Therefore, cybersecurity policies should be assessed regularly using the evolving regulations and standards as part of your Food Defence Plan.<\/p>\n

\"\"\u00a0To receive our infographic\u00a0\u201cWhy Cybersecurity Matters in F&B\u201d, please contact us at<\/em> SmartFood@schneider-electric.com<\/a>.<\/em>\u00a0<\/strong><\/p>\n

To know more: <\/strong><\/p>\n