IIAR

Cybersecurity is taking on greater importance in the refrigeration industry due to the increasing integration of smart technologies and the growing threat of cyberattacks. Cyberattacks can lead to operational disruptions, safety hazards and financial losses.

“Industrial refrigeration systems are becoming more and more automated. The internet is touching almost every part of the business now,” said Lowell Randel, senior vice president of government and legal affairs at the Global Cold Chain Alliance. “As such, if that is compromised, it can influence your refrigeration systems, production, all of your data, and all of your financials, so having an eye toward cyber defense is something everybody needs to do.”

Randel said several companies within the cold chain have been hit with cyberattacks, which disrupted operations. “The effects can be significant,” he said.

Any system that is tied into the internet is at risk, such as production systems, transportation management systems, warehouse management systems and industrial refrigeration system. Verizon’s latest Data Breach Investigations Report found that exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches. 

The segments of the refrigeration industry most vulnerable to attack are any locations where employees aren’t being vigilant. “Most of the vulnerability lies is inadvertent human error and the sophistication of the hackers is getting more and more hard to discern a legitimate message from hacker, spam or phishing,” Randel said.

Verizon reported that most breaches—68%—whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack. 

“The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatizes human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce,” said Chris Novak, senior director of cybersecurity consulting for Verizon Business.

To help stay current on risks, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency provides timely advisories, tips, and resources. They also have tools that can help identify system vulnerabilities.

According to CISA, best practices include:

Implementing Strong Authentication Protocols: Multi-factor authentication, which requires users to provide two or more verification factors to gain access to an account or application, reduces the risk of unauthorized access, even if a password is compromised.

Regular Software Updates and Patch Management: Keeping software up to date is critical in defending against cyberattacks. Cybercriminals often exploit known vulnerabilities in outdated software. CISA advises organizations to establish a systematic patch management process to ensure that all software, including operating systems and applications, are regularly updated with the latest security patches.

Employee Training and Awareness Programs: Human error is a significant factor in cyber incidents. Comprehensive cybersecurity training and awareness programs can educate staff about common threats such as phishing and ransomware and provide guidelines on how to recognize and respond to potential cyber threats.

Network Segmentation and Access Control: Network segmentation involves dividing a network into smaller, isolated segments to limit the spread of cyberattacks. The agency advises implementing strict access controls to ensure that only authorized personnel can access sensitive information, which reduces the potential impact of a cyber breach by containing it within a limited segment of the network.

Regular Backups: Data backups are essential for recovery in the event of a cyberattack. CISA recommends regular backups of critical data and ensuring that these backups are stored securely and tested regularly.

Incident Response Planning: A well-defined incident response plan should outline the steps to take if a cyber incident occurs, including communication protocols, how to mitigate risk, and recovery procedures.

Engage in Threat Intelligence Sharing: Collaborating with other organizations and sharing threat intelligence can improve a company’s ability to defend against cyberattacks. The Department of Homeland Security encourages groups to participate in information sharing and analysis centers (ISACs) and other cybersecurity communities to stay informed about the latest threats and best practices.

Conduct Regular Security Assessments and Penetration Testing: Regular security assessments and penetration testing help identify vulnerabilities. CISA has a team of professionals across the country who can provide specific guidance to companies and help assess their weaknesses. CISA has ten regional offices based on states. They are listed at https://www.cisa.gov/about/regions.