Operational Excellence has long been a philosophy that manufacturers have striven to achieve. But a combination of pressures around operational costs, production efficiency, and quality in Food & Beverage/Consumer Packaged Goods (F&B/CPG) industries form a complex operating environment to achieve Operational Excellence. However, one important aspect often overlooked is industrial security. In today’s environment, incorporating industrial cyber controls must be mandatory. One only needs to look at the recent hack on a Burlington Electric Company to see the importance of cyber security.
Most manufacturing companies equate cyber protection to traditional IT equivalent security systems and assume proven workflows and processes implemented on the IT side of the business can easily be translated across the Operational Technology (OT) space. When in reality, as more industrial platforms become machine learning with advanced platform algorithms relying on TCP/IP for system-wide interconnection, there’s a critical disconnect. Henceforth, more operational risk is naturally introduced in parallel with operational efficiency. The industrial Internet of Things (IIoT) is here and industrial convergence is happening across all major manufacturing verticals, especially F&B/CPG.
There are 3 key behaviors for implementing proactive measures for industrial cyber resilience:
- Conduct an OT detailed vulnerability assessment of the production operations by a team that has experience in actually performing industrial site or device assessments (i.e. SCADA, PLCs, DCS environments)
- Evaluate the results of the assessment with candor and with honest reflection of how to improve overall workflows and commitment to actionable steps for cyber protection
- Implement needed industrial tactical and strategic strategies for protecting the industrial eco-system
In the absence of the above three behaviors, industrial operations may be at risk. Fortunately, there is a better way forward. I’ve identified six steps that industrial companies can take to improve your security posture. This is applicable across all critical industries and there’s room for significant improvement:
- Secure Automation collection and Processing of manufacturing data. Automated data collection is the basis for creating the real-time enterprise, and significantly differentiates successful companies from their poorer performing peers. However, no endpoint protection will be 100% effective, so the needed approach is defense-in-depth that assumes employees will make mistakes and that attackers will compromise an endpoint. That’s why customers need a solution to monitor and control OT protocol command traffic on their operational networks.
- Develop standardized compliance and traceability into your processes. F&B/CPG companies have unique compliance and safety mandates; build these into your production processes to ensure they are adhered to every step of the way. Prevent unintended changes to configurations of control systems without shutting down manufacturing lines.
- Utilize historical and real-time data to minimize asset downtime. By using trending data and analytics, companies are able to predict adverse events and downtime before they occur. Build replicable stands and protocols that require any real-time changes to production operations first receive approvals from supervisor and production floor managers prior to execution.
- Proactively anticipate a cyber attack. Designate in advance an industrial “Ready Reaction Team” for Cyber specific incidents. You want to make sure you have the right team members to implement possible production wide industrial system disruptions. These team members should come from the industrial BU and not from IT SME’s. This team should also develop an active isolation process in the event of a cyber attack. This allows for the virtual segregation of other interconnected platforms and systems immediately (IT and remote connectivity).
- Build CAPEX and OPEX into your budget planning cycles annually. You can’t overlook brand remediation. The time and effort needed to remediate cyber attacks can lead to substantial revenue loss and impact the company’s bottom-line revenues. Don’t forget to factor in any labor impact/costs into operational planning to improve resiliency.
- Digitize your manufacturing processes (Document management, WIP, HAACP, etc.) through a secure MES. MES builds the foundation of process control and automation that successful manufacturers rely upon. In addition, it eliminates inefficient paper-based systems and provides a timely, unified picture for decision makers. Validated workflows have checks and balances across all production lines and not legacy operating systems or manual processes (i.e. WinXp or spreadsheets)
Secure Operational Excellence is an evolving journey
Implement and remain laser focused about developing continuous Cyber improvement processes into your operations, commit to it, and you will be set up for long-term successes.
Food, beverage, and CPG manufacturers face constant pressures around security, quality, efficiency and cost. Making effective decisions to address all four of these concerns can be challenging for companies that are not properly structured to protect their industrial footprint.
Secure operational excellence programs are requiring manufacturers to honestly reflect their cyber protection posture and arm decision makers with critical information they need to maximize productivity, ensure product safety and quality, and limit production downtime costs.