Mounting ransoms and data loss show the need for COOP in manufacturing, engineering and agribusiness

Farming and manufacturing in the digital age require safeguarding online systems

American engineering and agribusiness operations face the same ransomware and business interruption losses as healthcare facilities. Food processors, meat packers, dairy operations and bottling plants, and even individual farmers have moved to Internet of Things (IoT) hardware that automates the milking of dairy cows to storing FDA-required packaging records a potential data target. 

Non-farm industrial engineering firms risk customer data loss, financial record breaches, and sensitive trade secrets like CAD software files and access to equipment in their manufacturing environment being compromised. Industry and agriculture operations need to approach Continuity of Operations Planning (COOP) in manufacturing, similar to how healthcare providers do.

Adapting a prevention and response approach to ransomware and data breaches in engineering

A manufacturing engineer or plant operations expert should approach their facility’s technology and COOP strategies with the same basic understanding as fire prevention and OSHA safety regulations: work to prevent the disaster, but if it does happen, know how to react quickly, safely, and efficiently as it unfolds. 

This includes:

• Maintaining accurate records off-site, in a secure location.
• Training employees with access to sensitive systems to recognize phishing, scams, and “social engineering” hacks
• Develop robust quality assurance protocols throughout your supply chain to ensure they’re keeping trade secrets, customer information, and other data you share with them secure
• Ensure your manufacturing process has backups or mechanisms to continue operations where possible without access to the internet
• Develop maintenance plans that combine IT and mechanical processes to ensure firmware and other software, including PCs, equipment, sensors, and any internet-connected device are up-to-date
• Be aware of critical times of the year your operation is most at-risk

The FBI says ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons. The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.

Cyber actors may perceive a co-op as a lucrative target with a willingness to pay due to the time-sensitive role they play in agricultural production and the number of people involved in a typical co-op program.

Although ransomware attacks against the entire farm-to-table spectrum of the sector occur regularly, the number of cyber attacks against agricultural cooperatives during key seasons is notable.

Similarly, an engineering company or manufacturing engineering firm should recognize when their risks are highest. This includes the products you make. In the automotive industry, Hyundai and Kia have endured significant negative press coverage and now city and state-level lawsuits this year from failing to include security mechanisms to protect those car’s ignitions. 

Ford Motor Company narrowly escaped a data breach after friendly researchers notified the company of an issue in 2001. No company can not and should not rely on “friendly hackers” to notify them of issues.

Develop an engineering co-op COOP program to train and prepare

Vantage Point can help you design Continuity of Operations plans and test those plans in real-world tabletop exercises or real-time simulations. It’s the same level of interaction we design and build COOP exercises for healthcare facilities:

• Using real-world scenarios to test your team’s readiness and understanding of processes
• Coordinating simulations, drills, and exercises with your partners, such as suppliers or distribution customers in the supply chain
• Creating written after-action reports that detail what worked, what didn’t, and where weaknesses need addressing

Every industrial operation, agriculture operation, and manufacturing or engineering facility is different and faces unique challenges depending on who they serve, where, and how. We incorporate these variations and needs into plans as VPC accounts for the significant demands placed on Level 1 Trauma Centers in urban environments versus smaller, rural specialty ambulatory surgical centers.

VPC can also help you test and drill your engineering and IT teams in cyber threat and data breach exercises. These tabletop simulations pinpoint weaknesses in equipment, your network, employees, chain of command, communications, leadership, and working with the press and media.