Revised date: 3/25/25
The rise in connectivity and subsequent reliance on digital systems has contributed to manufacturing industries becoming more desirable targets for cyber threat actors. Specifically, such actors have been increasingly exploiting the interconnected nature of modern manufacturing ecosystems by carrying out cyber attacks against the supply chain.
Manufacturers rely heavily on a complex network of suppliers, vendors, partners, and services providers to obtain the resources needed for their operations. If this interconnected supply chain is targeted by cyber attacks, it can lead — and, in recent years, already has led — to a wide range of negative consequences.
What Are Supply Chain Cyber Attacks?
Supply chain cyber attacks refer to the compromise of cybersecurity vulnerabilities within an organization’s supply chain network to steal sensitive data, gain unauthorized access, or worse, disrupt operations. Supply chain cyber attacks can have rippling effects on the interconnected web of suppliers, vendors, contractors, and partners that an organization relies on to deliver goods and services.
Consequences of such attacks include delays in production processes, which can impact an organization's ability to meet customer demands and fulfill orders. This form of cyber attack can also cause manufacturers to face financial losses, reputational damage, or legal and regulatory consequences regarding data protection, cybersecurity, and privacy. In the worst case scenario, a cyber attack on the supply chain can lead to safety issues including tampering with product design or functionality, contaminated or substandard components, disruption to essential services such as power, water, transportation, and communication, or public safety threats in sectors such as defense or emergency services.
Cybersecurity threats to the supply chain should not be taken lightly, and unfortunately have wreaked havoc globally in recent years. Below, we will discuss some of the major examples of supply chain disruptions and how they have impacted society.
Examples of Cyber Attacks on Supply Chains
According to Claroty’s recent Global State of CPS Security Report, 82% of respondents said at least one cyber attack – and nearly half (45%) said five or more attacks – in the past 12 months originated from third-party supplier access to the cyber-physical systems (CPS) environment. And yet, almost two-thirds (63%) admit to having only partial or no understanding of third-party connectivity to the CPS environment.
These are crucial numbers when it comes to the integrity of the supply chain and remote connectivity from third parties.The rise in third-party supplier access, along with the prevalence of legacy devices and systems, and the escalating availability of ransomware-as-a-service offerings among cyber threat actors, have led to some of the most detrimental manufacturing cyber attacks including:
JBS Foods Cyber Attack
The world's largest meat distributor, JBS Foods, was compromised by an "organized cybersecurity attack" which — via ransomware — affected their U.S. and Australian supply chain operations. The incident rippled through the meat industry, causing some plants to shut down, workers to be sent home, and livestock to be sent back to farmers after being transported for slaughter.
The JBS Foods ransomware attack highlighted how cyber threat actors are gaining access to the supply chain and emphasized the need for solutions, prevention strategies, and cyber awareness in this domain. Without the proper OT cybersecurity strategy in place, manufacturers will be more likely to suffer from supply chain attacks much like the high-profile incidents we have seen recently.
NotPetya Ransomware Attack
The NotPetya ransomware attack took place in 2017, and is still widely regarded as the most damaging cyber attack in history. Although this supply chain attack was intended to target Ukrainian organizations in an effort by Russian military intelligence to cripple Ukrainian critical infrastructure, the self-propagating nature of the ransomware it employed caused it to rapidly spread far beyond such targets.
Indeed, the large multinational firms impacted were numerous, including the shipping company Maersk, which had its entire operations come to a halt and created chaos at ports around the globe. Additionally, the pharmaceutical giant Merck was hit hard by the attack, halting manufacturing, research, and sales — leaving them unable to supply vaccines to the Center for Disease Control and Prevention (CDC). There were also several other large corporations who had their servers down and therefore were left unable to carry out essential services. The downstream disruptions to customers following the attack were also severe, and a conservative estimate implied a $7.3 billion total loss. The incident brought the magnitude of supply chain vulnerabilities to the forefront and highlighted the dire need for critical infrastructure cybersecurity sector-wide.
What is Being Done to Prevent Supply Chain Attacks?
Recent events have fueled a greater focus on software bills of materials (SBOMs) and their role in assessing risks posed by software vulnerabilities embedded in manufacturers’ supply chains. At its core, an SBOM is a comprehensive inventory of the components and dependencies comprising a software application or system. Since this list of ingredients includes any open-source, third-party, and other components in which the presence of software vulnerabilities would otherwise be exceedingly tough to identify, SBOMs can provide invaluable visibility into supply chain risks. In fact, as a result of many of the supply chain attacks listed above, amongst others, SBOMs are also becoming an increasingly prominent focal point of the cybersecurity regulatory and policy landscapes including the following:
US Executive Order 14028
In the U.S., President Biden issued a Cybersecurity Executive Order on improving the Nation’s cybersecurity. Among the recommendations outlined was a requirement for SBOMs, which is intended to ensure the safety and integrity of software applications used by the federal government. By providing full transparency, SBOMs give organizations better control of their internal systems — allowing you to proactively reduce supply chain risks and mitigate attacks. In addition to US Executive Order 14028, the US Department of Energy (DOE) has also outlined key principles to help organizations establish effective supply chain cybersecurity.
DOE Supply Chain Principles
The DOE’s Supply Chain Principles were established to deliver stronger cybersecurity throughout the vast global supply chains that build energy automation and industrial control systems(ICS). These principles were developed by leading ICS manufacturers and asset owners who participate in the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Designed to address both the supplier and end-user, these principles condense the universe of guidance into concise, highlevel objectives to prevent OT systems in the US energy sector from nation-states and criminal actors. In addition to the cybersecurity standards and principles set-forth is the US, the European Union (EU) also aims to protect manufacturing supply chains with the following act:
EU’s Cyber Resilience Act (CRA)
The EU’s Cyber Resilience Act (CRA) sets security standards for connected hardware and software products sold in the EU market, regardless of where they are. Ultimately, the act aims to close the gaps in existing directives like GDPR and NIS2, which lacked product-specific mandates, by mandating cybersecurity standards for manufacturers, and promoting transparency and user awareness. These new rules can be viewed as a necessary boost to connected-device security, which have proven to be vectors for significant data breaches and disruptions in availability throughout supply chains. In addition to abiding by the standards and regulations we discussed today, organizations can further boost their supply chain resilience by implementing the following principles for securing CPS.
How My Organization Can Mitigate Supply Chain Attacks
Mitigating cyber attacks to the supply chain requires a proactive and comprehensive approach that involves collaboration between manufacturers, their suppliers and distributors, and all other upstream and downstream partner organizations. It also requires the help of a leading cyber-physical systems (CPS) protection platform, who can implement the right security measures to protect their critical assets. Organizations can get started on their journey to achieving cyber and operational resilience of their supply chains by adhering to the following key principles:
1. Gain visibility into all CPS in your manufacturing environment
A comprehensive inventory of all OT, IoT, IIoT, and BMS assets — and all other CPS — that underpin your manufacturing environment is the foundation of effective supply chain cybersecurity. However, gaining this visibility is one of the most fundamentally important yet challenging tasks facing security and risk leaders today. This is largely because CPS assets in manufacturing environments typically use proprietary protocols that are incompatible with, and therefore invisible to, generalized security tools.
These environments also typically encompass a diverse mix of new and legacy devices that communicate and operate in different ways, making it even more difficult to answer the question of what devices are in the environment. Further complicating matters is the fact that there is no one-size-fits all path to asset discovery. Every manufacturing environment is unique, and most contain complexities that render certain asset discovery methods ineffective. This is why Claroty offers multiple, highly flexible dynamic discovery methods that can be mixed and matched to deliver full visibility in the manner best suited to your organization's distinct needs.
2. Integrate your existing tech stack and workflows from IT to OT
Like we mentioned, most CPS use proprietary protocols and legacy systems that are simply incompatible with traditional IT solutions — but that doesn’t mean they have no place in OT. Rather than expanding your already-extensive tech stack, Claroty integrates with them. By integrating your tech stack with a purpose-built OT security solution, manufacturing organizations can safely uncover risk blindspots without endangering operations. This strategy will help manufacturers take control of their risk environment and create further visibility across traditionally siloed teams and help protect the supply chain.
Similarly, Claroty’s exposure management capabilities allow organizations to upload their existing SBOMs, view relevant SBOMs from their peers, and be a basis for future SBOM workflow capabilities. As recent regulatory developments have made it clear that transparency into SBOMs is key to understanding potential risks due to embedded vulnerabilities from vendors’ supply chains, Claroty understands the need for organizations to integrate their existing workflows and further contextualize their risk posture.
3. Extend your security governance from IT to OT
Unlike their IT counterparts, most OT environments in the manufacturing sector lack essential cybersecurity controls and consistent governance. That’s because the legacy systems in many manufacturing environments were built with a focus on functionality and operational reliability, rather than security, as these systems were not initially intended to be connected to the internet. Claroty eliminates this gap by extending your IT controls to OT — unifying your security governance to protect the supply chain and driving all use cases on your journey to cyber and operational resilience.
As we’ve seen, there is a crucial need for manufacturing organizations to mitigate supply chain risks as operations become more interconnected and threat actors become more brazen in their attacks. With the potential to ripple far beyond the immediate target — and affect organizations, economies, and even public safety — the impact of supply chain disruptions can be profound. In addition to implementing the above three principles for securing OT, organizations can also add a Zero Trust framework to their repertoire of cybersecurity practices to help prevent the most damaging supply chain attacks.
Zero Trust in Supply Chain Security
The implementation of a Zero Trust framework can greatly enhance supply chain cybersecurity by providing secure remote access only to the devices and services a user has been explicitly granted. With the use of continuous validation, Zero Trust prevents attackers from infiltrating the system and offers a means of increasing third-party risk resilience, without sacrificing vendor relationships. At Claroty, we offer the capabilities needed to implement Zero Trust controls and least-privilege principles through our solution xDome Secure Access. xDome Secure Access empowers organizations to identify connected devices, enforce granular user access controls, and be alerted to non-trusted communications and behavior across the network — all of which are essential to ensuring effective supply chain cybersecurity.
Overall, manufacturing organizations understand that their cybersecurity posture is only as strong as the weakest link in their supply chain. By adhering to the above three principles for securing OT, implementing a Zero Trust framework, and by partnering with a purpose-built CPS security solution, like Claroty, manufacturing organizations can navigate the evolving threat landscape and protect themselves against the potentially devastating consequences of supply chain cyber attacks.
