Dole attack once again brings into focus cybersecurity concerns in food and agriculture sector

The recent ransomware attack on food giant Dole plc emphasizes the growing threat that cyber-attacks continue to pose to critical infrastructure sectors. Such attacks showcase the persistent need for organizations to work on identifying and assessing threats, vulnerabilities, and impacts from these high-consequence and catastrophic incidents, while prioritizing resources to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk.

Hackers were able to infiltrate Dole’s systems, causing the company’s operations to be disrupted, resulting in the temporary shutdown of production plants and the playing havoc with food supplies to U.S. grocery stores. The attack serves as a reminder that cybercrime can strike even large organizations with robust security measures. Dole acted to contain the threat and engaged third-party cybersecurity experts, who have been collaborating with the company’s internal teams to remediate the issue and secure systems.

With global headquarters located in Dublin, Ireland and U.S. headquarters based in Charlotte, North Carolina, Dole has over 300 product lines that take advantage of the company’s collective reach and resources with the experience, expertise, and infrastructure of a local operator. Grown and sourced locally and globally from over 80 countries, Dole’s vertically integrated supply chain delivers its produce to the marketplace in pristine condition. Its operations include approximately 162 distribution and manufacturing hubs, 75 packhouses, 12 cold storage facilities, 5 salad processing plants, 13 ships, and 109,000 owned acres of production.

The Dole attack once again serves as a reminder that cybercrime can strike even large organizations, leading to operational and production disruptions and supply chain constraints. It highlights the importance of investing in cybersecurity training and tools, as well as taking proactive measures to avoid attacks in the first place. As businesses rely more on digital systems and data storage, ensuring the safety and security of these assets will be critical to long-term success.

U.S. cybersecurity agencies and the administration have flagged potential threats and attacks to the food and agriculture sector, which is extensive, interconnected, diverse, and complex. Designated as critical infrastructure and primarily owned and operated by the private sector and non‑federal entities, food and agriculture systems and supply chains are vulnerable to disruption and damage from domestic and global threats. Prevailing threats in the cyber domain, such as disruption to systems as a result of increasing IT and operational technology (OT) convergence and intellectual property theft. 

Australia’s Cyber and Infrastructure Security Centre (CISC) released last month a risk assessment advisory for the food and grocery sector. It assesses that the international and domestic threat landscapes continue to evolve; natural hazards are becoming more prevalent with longer-lasting impacts, and critical infrastructure networks continue to be targeted globally by both state and criminal cyber actors. The document recommends an ‘all-hazards’ approach that critical infrastructure organizations must adopt to determine risk. 

All-hazards is an integrated approach to risk management, preparedness, and planning that focuses on businesses enhancing their capacities and capabilities across a full spectrum of threats and hazards to Australia’s critical infrastructure. All-hazards risk assessment considers both threats (human-induced) and natural and environmental hazards that could impact a critical infrastructure entity and its operations. 

Last month, the World Economic Forum (WEF) revealed in a recent report that ​​food and energy have become weaponized by the war in Ukraine, sending inflation soaring to levels not seen in decades, globalizing a cost-of-living crisis, and fueling social unrest. Furthermore, it pointed out that technology will exacerbate inequalities while risks from cybersecurity will remain a constant concern.

“Spurred by state aid and military expenditure, as well as private investment, research and development into emerging technologies will continue at pace over the next decade, yielding advancements in AI, quantum computing, and biotechnology, among other technologies,” the WEF report disclosed. “For countries that can afford it, these technologies will provide partial solutions to a range of emerging crises, from addressing new health threats and a crunch in healthcare capacity to scaling food security and climate mitigation. For those that cannot, inequality and divergence will grow.” 

The WEF added that in all economies, these technologies also bring risks, from widening misinformation and disinformation to unmanageably rapid churn in both blue- and white-collar jobs. “However, the rapid development and deployment of new technologies, which often comes with limited protocols governing their use, poses its own set of risks. The ever-increasing intertwining of technologies with the critical functioning of societies is exposing populations to direct domestic threats, including those that seek to shatter societal functioning.” 

Alongside a rise in cybercrime, attempts to disrupt critical technology-enabled resources and services will become more common, with attacks anticipated against agriculture and water, financial systems, public security, transport, energy, and domestic, space-based, and undersea communication infrastructure, the report identified. “Technological risks are not solely limited to rogue actors. Sophisticated analysis of larger data sets will enable the misuse of personal information through legitimate legal mechanisms, weakening individual digital sovereignty and the right to privacy, even in well-regulated, democratic regimes.”

Commenting on the Dole cyber attack, Grant Geyer, chief product officer at Claroty, wrote in an emailed statement that what has become clear over the past few years is that due to the interconnected nature of the food supply chain, the agriculture and food sector is a prime target for cybercriminals. “As we’ve seen from recent cyber attacks against grain cooperatives, food processors, the transportation, water, and energy sectors, a disruption in one aspect of the nation’s critical infrastructure can have a cascading effect on the supply chain that can impact economic security of the United States.”

Geyer points out that this incident puts further emphasis on managing cyber-related risks in production environments where vulnerable legacy technology rules the day, and downtime is unacceptable. “With four processing plants in the US and employs more than 3,000 people, Dole’s operations are running 24/7 and any downtime or compatibility issues could cost millions. Much of the IT equipment in manufacturing plants can’t be patched frequently, making these assets a prime target for attacks such as ransomware, which can seize up operations abruptly with a dramatic cost to the enterprise,” he added.

Threat actors who have long ago moved away from spray-and-pray types of ransomware attacks clearly understand this dynamic and are adept at targeting organizations intolerant of interruptions, Geyer said.

Additionally, many food and beverage production sites run on legacy OT that was never designed to be connected to the internet, according to Geyer. “OT networks predate the internet, and with digital transformation leading many food and beverage companies to automate parts of the manufacturing processes, OT is suddenly being exposed to a whole host of new cyber threats lurking on the web.” 

Another unique and concerning facet of the food industry is the very broad set of third-party automation vendors that maintain site-to-site access directly into the OT environment for maintenance, Geyer wrote. “These connections have surprisingly limited identity and access management controls and even fewer – if any – session monitoring and recording. With so many potential OT entry points, attackers don’t even need to transit the IT/OT boundary to wreak havoc.”

“Similar to other devastating ransomware attacks we have seen recently, these attacks are highly targeted, and existing technologies are insufficient to cope with these modern attack variants,” Darren Williams, CEO and founder, at BlackFog, wrote in an emailed statement. “The speed at which attackers can breach and leverage a network infrastructure is now unparalleled with the time to deployment down from 60 days to less than 4 days. Detecting and responding to these events manually is no longer feasible for an organization. Focus must be around prevention and stopping data exfiltration before any damage can be done.”

Geyer said that to protect themselves against any kind of attack or security breach, producers, manufacturers, and anyone involved in the food and beverage and their supply chain should ensure that they have complete visibility into all of their systems and processes and make sure to continuously monitor for any threats that could result from a targeted or opportunistic attack.  “An accurate asset inventory is the first step toward proper vulnerability management to ensure critical systems are up to current patching levels and compensating controls are in place when appropriate.”

Network segmentation is also a critical strategy to impede attackers’ lateral network movement, he pointed out. “OT networks are no longer air-gapped and network segmentation compensates for this by preventing attackers from using stolen credentials or compromising Active Directory and other identity infrastructure in order to move from system to system stealing data and-or dropping malware or exploits.”

Strategically, organizations should regularly test incident response plans, and conduct tabletop exercises to put those plans into motion without impacting production environments. Training and testing improve response, and ensures business continuity, Geyer concluded.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.