H Asset

Q&A: Retrofitting cybersecurity to upgrade legacy machines in the food & beverage sector

Aug. 2, 2023
"Digitization only compounds the risks that legacy assets pose to industrial organizations."

New industrial assets come equipped with the latest smart sensors and digital devices that enable owners to more quickly realize their overall digital transformations. But, of course, most of us work in facilities equipped with brownfield assets—old machines—that require more attention and maintenance then new assets and present unique challenges on the cybersecurity front. This is especially true for those of us in the consumer packaged goods space. 

Here we chant with Brian Van Vleet, commercial lead for cybersecurity & network services at Rockwell Automation, to explore some of these topics. Take a look…

Smart Industry: What are the most common cybersecurity vulnerabilities with brownfield industrial assets?

Brian: Outdated or unpatched software, lack of network segmentation, weak or default passwords, insufficient authentication and authorization controls, and the use of legacy or unsupported systems. These vulnerabilities can expose industrial assets to potential cyberattacks, data breaches and unauthorized access. This poses significant risks to critical infrastructure and industrial operations in every industry, but especially in the consumer packaged goods (CPG) industry, which often relies on legacy equipment. 

Implementing robust cybersecurity measures, regular updates, and adopting modern security protocols are crucial to mitigating these risks and safeguarding brownfield industrial assets.

Smart Industry: Is the problem with legacy assets getting better as digitalization matures? 

Brian: Digitization only compounds the risks that legacy assets pose to industrial organizations. As connected devices rapidly enter the OT environment, CPG companies face a widening attack surface without the essential skillsets and bandwidth to properly secure all threat vectors. Despite the significant advantages of updating legacy automation, an alarming two-thirds of organizations lack effective operational technology (OT) patch-management procedures. Poor inventorying of industrial-automation environments further compounds the issue, as without proper knowledge of connected devices, securing the environment becomes challenging. To address these vulnerabilities, collaboration between IT and OT teams, along with guidance from industry experts, is essential in closing these gaps and bolstering the cybersecurity posture of industrial assets.

Smart Industry: How is risk-management changing in the Industry 4.0 era?

Brian: The manufacturing sector has undergone a significant transformation with the emergence of smart-manufacturing technologies, introducing automation, connectivity, and data-driven operations. While these advancements enhance efficiency and productivity through Internet of Things (IoT) devices, cloud computing and analytics, they also increasingly expose manufacturers to new cybersecurity risks. Industrial organizations must diligently weigh their overall security posture against the appropriate level of investment to holistically address cyber-risk. To help protect against potential attacks, manufacturers must prioritize proactive cybersecurity measures tailored for smart manufacturing. Adopting robust security approaches enables them to fully embrace the potential of these technologies, maintaining operational resilience and data integrity for organizations. 

Smart Industry: What is cause for optimism on this front?

Brian: A proactive risk-management program in conjunction with a shift toward digital transformation offers significant reason for optimism. The integration of smart-manufacturing technologies like IoT, AI, and big-data analytics enables industries to achieve real-time monitoring and data-driven decision-making.

Moreover, smart manufacturing enables predictive maintenance, improving operational efficiency and resource allocation while promoting a safer working environment. By leveraging a holistic approach to IT/OT cybersecurity—one that allows for the identification, prevention and remediation of potential cybersecurity risks—CPG organizations not only reduce the likelihood of costly downtime, they can unlock the potential of the connected enterprise.

Ultimately, embracing digital transformation with smart manufacturing empowers industries to optimize processes, enhance safety and bolster overall resilience, which leads to increased productivity and long-term sustainable growth.