How can forest products companies be cyber secure?

Mention cybersecurity and many people immediately think of the big public data breaches that made headlines in recent years by exposing personally identifiable information. Such breaches remain a growing threat. But as the physical and digital worlds merge, cyber threats are reaching much deeper and extending much wider across enterprises to impact manufacturing and processing operations. And forest products companies should be on alert.

Accenture research found that companies across industries faced an average of 270 attacks in 2021—a 31% increase over 2020. Just last year, a large industrial packaging company was hit with ransomware.¹ The attack impacted production, and the company lost millions in revenue. All this was the result of a cyberattack on the company’s operational technology (OT) systems that directly affect product manufacturing.

Financial loss is bad enough, however imagine if safety systems were compromised. What if a core manufacturing process were breached and began operating outside set parameters, potentially heating up systems that explode or cause a fire? People’s lives could be at risk. Hazardous materials such as black liquor or bleaching agents could leak out into public water supplies, impacting surrounding communities and a company’s reputation for decades.

Intellectual property also should be protected. Cyber criminals can find avenues into both IT and OT networks to find the “crown jewels”—the unique recipes that differentiate one company’s product from another. Losing such valuable information to a competitor or bad actor could severely erode market position and growth potential.

So, what do forest products companies need to understand about cybersecurity today, and what can they do to protect their businesses and their people?

Implement a three-point OT security strategy

Cybersecurity needs to be elevated from an IT-centric issue to a C-level imperative. CEOs should lead the cybersecurity charge and align business and security agendas to strengthen protections across all parts of the enterprise. As businesses transform and accelerate digital initiatives, getting cybersecurity right from the start is a key aspect to reducing business risk. This includes securing OT as a critical part of the enterprise and business operations.

For many organizations, cybersecurity measures have focused on IT resources and networks. Given the changing threat landscape, business leaders—and security teams—working with operations engineers need to form a cohesive cybersecurity strategy. They should thoroughly assess all of the equipment, systems and devices on the OT network and determine to what degree they have modern security capabilities deployed. Then, organizations should implement an OT security strategy—aligned with their overall cybersecurity and business strategies—that spans three key areas: security monitoring, detection and response.

Monitoring
Without proper monitoring, cyberattacks could run rampant at the risk of human safety, production uptime, business loss and more. Monitoring should include watching for anomalies in data traffic from the internet, between the IT and OT networks, and within the OT network itself. This is especially critical for forest products companies that could have hundreds of different mills and plants, each with its own—and most often different—security infrastructure.

Detection
Not all anomalies are necessarily malicious, while some require an immediate response. For an effective detection strategy, it is important to determine the criticality of the affected system and the level of concern (e.g., nuisance malware versus ransomware), and build a decision tree with trigger points or conditions that spawn the appropriate incident response procedures based on criticality.

We recommend engaging multi-discipline stakeholders in this process—ideally a level-one security analyst with knowledge of OT inventory and a relationship with OT and operations personnel. Forest products companies should involve mill and plant level employees in the design and deployment of the detection processes so they are more aware of the tools being used, the escalations steps for a response and how it could impact a paper machine or converting line.

Response
OT incident response (IR) requires a rapid, well-coordinated plan of action to handle the attack and manage any fallout to the business. An IR plan should first validate whether the threat has moved into the OT environment or remains on the IT side as OT incident response requires highly specialized knowledge and skills to thoroughly triage an incident. The plan should also be integrated with the company’s overall IR plans so the business continuity and crisis management activities can be triggered as appropriate. And it should specify details for “return to service” following the incident, when systems and processes are functioning at a viable level.

With much of the mill environment running equipment—such as the paper machine, digester, lime kiln, etc.—around the clock, it is crucial to periodically practice the response efforts in the same way mill employees conduct fire drills. Knowing the immediate actions to take or who is responsible for decision-making and execution can make the difference between maintaining critical operating and safety conditions or experiencing major disruptions, such as an extended production outage.

Fending off cybercrime while gaining greater operational resilience

To illustrate how these OT security strategies play out in the real world, consider a recent engagement between Accenture and a leading industrial manufacturing company. Having identified serious gaps in its OT security infrastructure, the company wanted to strengthen protections against the growing risk of cyberattacks, such as ransomware. A successful cyberattack could impact dozens of the company’s production plants, so we proposed a cloud-based OT security solution to centrally protect all production sites.

Business sponsorship and executive support are essential for security strategies like this to be successful. These strategies and programs enable forest products organizations to standardize elements of their OT infrastructure to fend off cyberattacks and enable operational resilience in the event of an attack. The result is greater assurance that the business would be able to sustain production operations while remediating an incident. It could also help a company recover quickly to resume operations following a more serious breach and minimize any negative human, financial or reputational impact.

As the rate of cybercrime grows, the costs associated with response and mitigation are also rising. In fact, Cybersecurity Ventures projects that by 2025, industries worldwide could suffer cybercrime damages totaling as much as US$10.5 trillion annually.² Leaders in the forest products industry can act now to forestall the disruption and expense of cyberattacks by making cybersecurity an integral part of the business across both IT and OT environments.

Let’s start a conversation about how to help your business be more secure and resilient in the digital age.