Cream Cheese is the Just the Smooth Tip of a Sharp Problem

Operational Technology in action.

Operational Technology in action. iStock.com/Falookii

With ransomware hackers varying their targets to include operational technology used by U.S. factories and manufacturers, is an OT executive order needed to help combat them?

I realize that the problem I am about to describe is not a critical one, and certainly not life-altering, but it’s one that brought the challenge of increased cyberattacks, especially those made against operational technology (OT), home for me.

As I am sitting here writing my column, I have a freshly toasted everything bagel beside me. Warm steam is flowing out of it, filling my office with the delightful scent of freshly baked bread. It smells delicious and I can’t wait to dig in to its crunchy goodness. The problem is that it happens to be topped with slowly melting butter, when I actually prefer cream cheese. 

Like I said, this isn’t an Earth-shattering crisis. I just happen to have a really keen love of cream cheese. Back when one of my all-time favorite television shows was on the air, a cop drama set in the 1950s called Crime Story, the father of one of the main characters was killed because of a lack of cream cheese. I can relate to his dilemma. So in my house, we always comically yell, “You got no cream cheese!” whenever we run out of it, just like The Dancer (his nickname because he used to beat any legal charges brought against him) did on Crime Story in his last scene.

Over the past couple weeks, we have been saying that quite a lot. Cream cheese is also not sitting on any store shelves near our home. I know that the holidays sometimes spikes demand for it, because it’s a critical ingredient in desserts and holiday baking recipes like cheese cakes. But it turns out, that is only part of the problem. The other is that a main factory that produces cream cheese for the East Coast was hit with a ransomware attack. The attack apparently put the factory out of commission for a few days, which doesn’t seem like much, but that is more than enough time to disrupt the already shaky supply chain, especially at this time of year.

Hackers attacking a cream cheese factory would seem almost ludicrous a few years ago, but these days it’s clear that nobody is safe. And in fact, businesses like those which are manufacturing goods, running utilities or processing food products may be especially vulnerable to attacks because of their reliance on OT. Most OT began life as manual devices like valves or sensors, and only recently got ported over and integrated into IT networks. Protection for most of those devices has not yet caught up with the fact that they are now essentially part of IT networks, which are subject to many more attacks.

Hacks against OT were at least partially responsible for the Colonial Pipeline attack that stopped gasoline from flowing to much of the country, and the one against beef supplier JBS, which made certain kinds of meat a little bit scarce for a time. And an OT attack made against Schreiber Foods in Wisconsin is at least partially to blame for the cream cheese shortage too.

The federal government is by no means asleep at the wheel when it comes to cyberattacks this year. CISA and the FBI have both warned agencies and private firms to be wary of ransomware attacks this holiday season, as they are expected to ramp up to an all-time high. They are even keeping on top of individual vulnerabilities, even going so far as to warn the public of a critical one that absolutely must be patched by Christmas Eve. And let’s not forget that the Biden Administration’s Executive Order on cybersecurity calls for improved threat information, sharing of data between the government and industry, and increased efforts to move agencies toward advanced defenses like zero trust.

All of those efforts are good places to start, and all are critical to protecting the computer networks of this country. But so far, most of the emphasis seems to be on IT, with OT becoming a bit of an afterthought. Yes, we have seen CISA warnings about really dangerous OT attacks that could hurt the public, such as those made against a water treatment plant in Florida where attackers tried to poison the drinking water. Those individual warnings are good at raising awareness about the problem, but what is really needed is a concentrated effort to improve OT cybersecurity across the board to bring it up to speed with efforts on the IT side. Perhaps an OT Executive Order is needed?

Security firm Gartner is also warning people about the problem. They predict that if something is not done, that there will be deaths as a direct result of OT attacks by 2025, if not sooner. I hope we won’t wait until that happens to start to get a handle on OT security.

My own personal crisis was solved when I was able to find a huge tub of cream cheese at a store well outside the area where I normally shop. I quickly grabbed it and froze it, just in case the shortage gets any worse. The nationwide OT security problem, sadly, won’t be fixed quite so easily, but it’s something that we need to start working on right now before things get any worse.

John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology. He is the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys

NEXT STORY: Modernizing FISMA. Again.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.