Agriculture · food processing
Case study · Purple team · ICS / OT

Securing the line without stopping it.

A meat producer’s ICS spanned slaughtering, processing and packaging, and none of it could go down. A purple team closed segmentation and patch gaps and built an ICS-specific incident plan — live, alongside operations.

26K
ICS vulnerabilities reported in 2023
Sector
Food processing
Environment
ICS / OT
Method
Purple team
Downtime tolerated
None

Securing the line — without stopping it

The meat-production industry depends heavily on Industrial Control Systems (ICS) to optimize operations, boost efficiency and guarantee product quality. As the threat landscape expands, safeguarding those systems has become an urgent priority. Our client — a leading player in the sector — ran complex machinery, automated systems and interconnected devices controlling every stage of production, from slaughtering to packaging, and recognized the need to bolster its ICS security. Used correctly, purple teaming lets an organization find where the gaps are in its controls and fix them, cost-effectively.

Five challenges unique to ICS

  1. 01
    Legacy systemsincompatible with modern security controls. 26,000 ICS vulnerabilities were reported in 2023, and older systems may no longer be supported by the manufacturer — so they never receive updates without costly extended-life agreements.
  2. 02
    Rising cyber threatsattacks on industrial environments lead to production disruption, financial loss and reputational damage. The best-known attack on a meat processor, on JBS, ended in an $11M ransom.
  3. 03
    Regulatory compliancethe Food Safety Modernization Act (FSMA) requires preventive controls against intentional adulteration, including cyber attacks that could compromise product safety; the Farm and Food Cybersecurity Act followed.
  4. 04
    Reliabilitydowntime is not acceptable in this environment — every implication carries a financial impact, so any testing has to be extremely cautious, a concern heightened by the legacy systems.
  5. 05
    Specialized equipmentproprietary protocols, engineering tools and operational technologies unique to ICS demand a specialist understanding of the risk they pose to the operating assets and the company as a whole.

Why purple team

A purple team runs red-team offensive testing live, alongside blue-team defensive assessment and remediation. It fit this environment for four reasons. It reduced risk — the operations team was fully aware of, and involved in, every aspect of testing. It increased ROI on the security tools the client already owned, which we found were not being used to their full potential. It improved defense, lowering the probability that an external attacker with a foothold could disrupt operations. And it was cost-effective — the benefits of a red team, with a real-time assessment of controls and fixes applied as problems were found.

Enterprise ITIndustrial DMZPlant floor · ICSlateral movement possible
Swipe to explore →
Segmentation should keep the plant floor unreachable. Gaps let threats move laterally.

What the purple team fixed

  1. 01
    Network segmentationsome segmentation had been implemented, but gaps allowed lateral movement of threats within the ICS network. These were remediated and the movement closed off.
  2. 02
    Security updates & patch managementmissing patches were identified and their exploitability determined. Where patching wasn’t possible, detective controls were reviewed and put in place instead.
  3. 03
    Incident responsean ICS incident-response plan is not the same as a typical infrastructure plan — a failure can carry real physical-safety impact. The gaps were remediated and the plan retested.

Securing Industrial Control Systems in meat production is a critical undertaking that takes a proactive, comprehensive strategy. As cyber threats continue to evolve, and budgets stay flat or shrink, the benefits of purple teaming only become clearer.

See how we’d test you