Yet Another Large Packing Company Disrupted by a Cyberattack

27 May 2021

The recent Ardagh attack is just the latest in 2021’s impressive roster of successful manufacturing facility penetrations. And we’re not even halfway done with the year. 

The cyberattack targeted the packaging giant’s IT systems, causing shipping delays and substantial disruptions to some supply chains. Although key systems are progressively going back online, Ardagh reported that the attack will result in ‘loss of revenue as well incremental costs’. This example clearly demonstrates that IT has extended into operations, and no longer ends at the technical system. 

The attack comes just a few weeks after the devastating attack on one of the US's largest pipelines, Colonial Pipeline, which disrupted the supply of gasoline to the entire Eastern seaboard despite the company’s hushed-up $5m ransom payment. The Colonial Pipeline attack is yet another example of an attack that initially targeted IT systems, and ended up severely disrupting operations.

In 2021, the damage caused by cyberattacks has moved beyond data breaches and financial costs, to production shutdowns and severe operational disruptions. Moreover, we’ve seen more and more attacks targeting critical infrastructures with destructive impacts on human lives, such as the Colonial Pipeline. Another case of such a severe attack is the February hacking of a water treatment facility in Florida -- and the subsequent attempt to poison the water supply -- which highlights the potentially life-threatening, disastrous effects of a successful industrial cyberattack. 

By all accounts, this year is shaping up to be one for the books when it comes to industrial cyberattacks. 


Review of Production and Operations Disruptions in H1 2021

Our Q1 2021 Industrial Cyber Impact Report shines a light on this year’s dramatic rise in disruptive industrial cyberattacks. Specifically, it discusses the top trends in 2021 including ransomware, remote access vulnerabilities exploits and phishing attacks. Increased remote operations alongside heightened awareness of the inherent vulnerabilities of OT networks led to a steep rise in industrial cyberattacks in Q1 2021.


The Inherent Risks of IT-OT Convergence

In today’s hyper-connected industrial landscape, the convergence of IT and OT has become a best practice; it enables powerful new business capabilities that help industries achieve more. However, this new reality also includes significant threats that must be addressed for businesses to reap the benefits enabled by the latest technologies. 

Industrial digitization and automation is bringing IT and OT together in ways that were unimaginable just a few short years ago. Industry 4.0 has introduced advanced sensors, big data analytics and industrial control system automation onto the manufacturing floor. They empower real-time operational data from the plant that increases efficiencies and boosts productivity.  Additionally, Industry 4.0 provides manufacturers with new preventative and corrective maintenance capabilities that maximize uptime and minimize downtime using remote access tools that maintain operational environments without cost-prohibitive on-site visits.

Unfortunately, this convergence opens organizations up to collateral effects caused by successful attacks. As many manufacturers integrate with third parties to improve productivity and benefit from advanced logistic capabilities, these connections are channels through which malware can penetrate and wreak havoc on the interconnected IT and OT layers. 

Most existing OT cybersecurity solutions are based on traditional, reactive IT cybersecurity methodologies. But, IT and OT cybersecurity are different beasts. While IT cybersecurity focuses on securing bits and bytes that are crucial for the administration of business, OT cybersecurity specializes in securing both the data and the physical systems that generate it. Forward-thinking manufacturers should choose a cyber defense strategy that is suited specifically to the needs of OT environments. 


Avoiding Operational Disruptions

OTORIO combines a traditional reactive approach with a proactive risk reduction approach to OT cybersecurity that enables the highest level of protection for the manufacturing industry. Our proactive Operational Security (OpSec) methodologies identify potential vulnerabilities and mitigate gaps before they become breaches by incorporating governance and policy implementation, gap and exposure identification, network architecture and more. OpSec requires real know-how regarding a given facility’s processes to understand the potential impact of a specific threat and effectively prioritize preventative measures. 

By using OpSec with reactive SecOps measures like monitoring systems, logging, anomaly detection, threat hunting and incident response, OTORIO provides a truly holistic solution that meets the needs of today’s threat landscape. 


 Parting Words

2021 isn’t even halfway over yet and we’ve already seen a significant rise in industrial target attacks. The latest -- the attack on the packaging giant Ardagh -- penetrated the company’s IT systems, causing significant disruption to distribution and shipping. However, in today’s interconnected manufacturing floor, IT doesn’t stop at the technical system. The convergence of IT and OT enables significant business benefits but also opens up manufacturers to new risks as adversaries can now target the actual machines on the manufacturing floor.

Forward-looking manufacturers understand that a traditional reactive approach to cyber protection isn’t enough. There’s simply too much at stake to ignore any vulnerability or risk. OTORIO’s OT cybersecurity solution combines a traditional reactive approach with cutting-edge proactive capabilities to enable higher levels of protection for the industrial sector.