OT security risks in production lines made visible

The food manufacturing company with over 20,000 employees in more than two dozen countries sought visibility and clarity on existing cybersecurity risks in its production lines.

Initial situation and challenges

Modern food production is fully automated. From the field and the stables to processing and packaging, software-controlled processes work hand in hand. Despite this sophisticated digitalization and industrial automation, the analyzed company lacked visibility into its process control technology, the OT. In the wake of stricter cybersecurity regulations on the one hand and increasing cyberattacks on the IT and OT of large corporations on the other, the food producer decided to thoroughly examine the OT networks at four of its locations.

Solution

Risk analysis and vulnerability assessment

Rhebo Industrial Security Assessment

• detect and analyze assets and communication structures,
• dentify vulnerabilities, stability and security gaps,
• define mitigation measures for system hardening.

Implementation and insights

At four of the food producer’s locations, Rhebo sensors were integrated into the OT networks. These passively and non-intrusively recorded all OT communication without interruption for several weeks. Next, as part of a Rhebo Industrial Security Assessment, Rhebo experts analyzed the communication logs using deep packet inspection, automated anomaly detection and forensic analysis, among other things.

What emerged was that each OT network had between 200 and 550 devices from around two dozen manufacturers in operation. The assessment made it possible to visualize all devices, their firmware versions, connections to other systems and communication patterns for the first time. It was already apparent that several systems were using outdated software, operating systems or firmware for which vulnerabilities had been known for some time or which had long since reached their end-of-life.

Selection of identified security risks:

• plaintext password protocols
• systems without log-in and authentication measures
• insecure authentication methods
• connections to the internet

Selection of stability risks:

• unreachable systems
• network instabilities
• Checksum errors

Results

• FULL OT VISIBILITY AND UNDERSTANDING GAINED through asset discovery and visualization of connections and systems properties.
• EXISTING VULNERABILITIES MITIGATED which could pose security risk for physical processes.
• STABILITY RISK FOR PRODUCTION LINES REDUCED through identification of malfunctioning connections, communication and devices.

Text taken over from original – Rhebo