Although agriculture may not be the first industry that comes to mind when thinking about cyberattacks, the growing digitization of its practices - combined with its status as part of Critical Infrastructure - has made it increasingly vulnerable to cyberthreats.
With ransomware attacks as the leading threat, the Agriculture and Food Sector is the seventh most targeted industry in the U.S., trailing only sectors like manufacturing and financial services.
Cyberattacks in Agriculture: Risks and Real Costs
Rapid technological advancements in agriculture have expanded the potential attack surface, exposing the industry to risks like malware targeting both OT and IT systems. The threats, including ransomware, phishing, and data manipulation, can disrupt production during critical periods. The growing, harvesting, and production seasons in agriculture are crucial, as any disruption during this time can lead to devastating losses. This was evident in February 2023, when a ransomware attack on Dole Foods cost the fresh produce giant $10.5 million in direct costs.
Lack of Visibility and Control from IT to OT
Our client, an agriculture products processor, was keenly aware of these dangers, which is why they had previously air-gapped OT and IT. This means they completely separated OT from IT, so, if an attack did happen, threat actors couldn’t access OT systems and cause further damage to the customer.
However, the air-gapped setup created a significant issue: the business team, which relied on IT systems, had no visibility into critical production data from the OT network. With OT operating in isolation from the business systems, planning and monitoring became challenging, as the teams were effectively working in the dark.
Additionally, the customer had to comply with strict regulations like FDA cGMP (which ensures food production meets safety and quality standards) and FSMA (which focuses on preventing food contamination). These regulations require data accuracy and confidentiality, as well as guidance on who can access and tamper with the data.
The customer needed a way to allow secure communication between OT and IT, comply with regulations, and avoid the risk of a cyberattack. At the same time, they were hesitant to move away from the air-gapped architecture due to the short harvesting window, fearing a breach could lead to total crop loss.
Clear OT-IT Communication, Full Network Confidentiality
The solution they chose was OPSWAT’s MetaDefender Optical Diode, part of the MetaDefender NetWall Suite, which securely enabled direct communication between their OT and IT systems.
MetaDefender Optical Diode
MetaDefender Optical Diode is a hardware device that ensures unidirectional data flow—meaning data can only travel in one direction, from one network to another, without allowing reverse communication. It essentially acts as a "data gatekeeper" between two systems, separating the networks without exposing the more vulnerable OT systems to external threats.
MetaDefender NetWall
This is a solution designed to supply real-time OT data access and enable secure data transfer between networks of different security classifications, while defending critical environments from network-borne threats.
With MetaDefender Optical Diode, the customer can now:
Get Full Visibility into OT Systems
MetaDefender Optical Diode ensures that the business team has real-time access to critical OT data. They can now securely transfer operational data from their OT systems to the cloud using MQTT, a widely used messaging protocol for IoT devices. With this newly gained visibility, the customer can monitor performance and plan maintenance activities based on real-time information, improving operational efficiency and decision-making.
Protect Critical Systems from Cyberthreats
True to OPSWAT’s commitment to protecting the world’s Critical Infrastructure, MetaDefender Optical Diode prevents back-and-forth communication between OT and IT, safeguarding the OT network from the high likelihood and severe consequences of cyberattacks. With agriculture being the seventh most targeted industry in the US, a breach could result in millions of dollars in damages—a risk no one is willing to take on as a gamble.
Benefit from Proven Security Standards
MetaDefender Optical Diode is Common Criteria EAL4+ certified, an internationally recognized security standard. This certification proves its effectiveness in securing data transfers between networks with different security levels and protecting OT systems from evolving cyberthreats.
With the MetaDefender Optical Diode, our client’s OT network is fully protected from cyberattacks. It ensures one-way data transfer, so potential attackers can’t reach your critical systems. Plus, it keeps your OT and IT networks completely confidential, meeting all compliance standards for data accuracy, integrity, and security.
Strengthening OT Network Integrity with MetaDefender Optical Diode
MetaDefender Optical Diode protects your OT environment through secure, one-way data flow between OT and IT networks, safeguarding critical infrastructure from cyber threats.
Scalable Protection for Critical Systems
MetaDefender Optical Diode defends against sophisticated industrial cyberattack methods, including those outlined by MITRE ATT&CK for ICS, fortifying OT networks against evolving threats and vulnerabilities.
Seamless and Efficient Deployment
Preconfigured and ready to go, MetaDefender Optical Diode can be quickly deployed with minimal disruption, allowing for a fast and smooth integration with existing network infrastructure.
Effortless for End Users
The solution enables high-fidelity data replication without interrupting daily operations, allowing users to continue working without the need to modify their workflows, ensuring smooth productivity and enhanced security.
Future-Proof Scalability
MetaDefender Optical Diode offers flexible options for scaling, with throughput ranging from 100Mbit to 10Gbit to accommodate varying network demands, ensuring it can evolve with your organization's needs.
Comprehensive Protocol Support
Supporting a wide array of industrial protocols such as MQTT, Modbus, and DNP3, MetaDefender Optical Diode ensures smooth data transfers across a range of OT systems while maintaining the highest level of security.
Supports Industry Compliance Standards
MetaDefender Optical Diode helps your organization meet regulatory requirements for industrial cybersecurity, including standards like NERC CIP, NIST CSF, and IEC 62443, reducing risks of non-compliance.
Securing the Future of OT/IT Communications
The food and agriculture industry has benefited from digital transformation just like many other industries; however, many of the technologies used in this sector weren’t designed to address the serious challenges of cybersecurity, leaving companies vulnerable to critical risks.
MetaDefender Optical Diode addressed the customer’s security concerns by enabling secure communication between their OT and IT networks. It provided business teams with secure access to OT system monitoring, operational data for business intelligence, and maintenance planning, all while reinforcing compliance obligations.
If your business operates within the Food and Agriculture sector and you're concerned about the security of your OT-IT network connections, now is the time to take action. Don’t let vulnerabilities compromise your operations or compliance.
Learn how OPSWAT can secure your environment—talk to an expert today to get started.
