ICS Hot Take - Coors and Verkada Events

In this ICS Hot Take video, the SANS ICS team discusses some of the important issues and topics to consider while waiting for more information about the 2021 security incident that has halted production and distribution at Molson Coors. The team also uses the recent security incident at Verkada to discuss the importance of security cameras within production environments and what organizations should be learning from this event.

Molson Coors Event

At the time of this video, information about the Molson Coors event was extremely limited. Therefore, the team uses this opportunity to provide some context to what happens within food / beverage plants when these situations occur. We focused the discussion on how critical the distribution process of a control network is to a process’ workflow. The team provides some insight into the key technologies that are involved in most distribution processes and their roles to a plant. We also outline how assets within the corporate IT network provide valuable and necessary data directly to the control network. We talk about how the loss of these systems could impact the control network when they become unavailable, or their integrity is compromised.

We wrap up the discussion by considering some of the mitigations that organizations can use to protect their environments. We review the importance of network enforcement boundaries, understanding the role of key systems, and moving some of IT systems that provide data to processes into the control network. The team concludes by recommending organizations use this event as a model for security event tabletop discussions to get an understanding how your teams would respond.

Verkada Event

News about the Verkada event also provided limited information about the impact of the event to specific clients of the service. The team used the known details about this event to outline issues with all cloud services and vendors. We talk about the role that cameras play to both physical security and within control processes for production data. Several examples of successful security assessments of control networks are used to demonstrate how on-premises camera implementations could lead to a compromise of the control network from the corporate IT network.

The team used these examples to discuss mitigations and considerations organizations can take from this event. We talk about the importance of reviewing the security of cloud services as a part of the vendor selection process and outlining specific service requirements before implementation. The team outlines the attack surface of systems that aren’t typically associated with the control network and provides recommendations of how to ensure they are considered during risk evaluations and assessments.

Summary

The SANS ICS team enjoys getting together and talking about events impacting industrial control system environments. Be sure to join the SANS ICS community and show your support for the ICS Hot Take videos and interact with the community.