Even more recently was the highly sophisticated attack on Kaseya, one of the biggest attacks to date. Hackers supposedly gained access to a desktop management tool and then pushed an update that infected thousands of businesses, including Sweden’s Coop grocery chain, which had to close all 800 stores as it could not use its checkout terminals. Such was the impact of this attack and the issue of such a wide customer base that U.S. President Joe Biden got involved and directed U.S. intelligence agencies to find out who was behind the attack.
So, how does this affect the pulp and paper industry? If you are a commercial company with a profit flow, you can guarantee that you are interesting enough. It really is as simple as that. The chances are you might not even be singled out nor individually targeted.
One just needs to think back to the recent ransomware attack at the second-largest U.S. packaging company. Quick to admit that it was a victim, the company swiftly put systems in place to ensure business continuity and minimize customer impact. However, following a shutdown of certain critical systems in what it described as “an abundance of caution”, the company subsequently announced a drop in mill production that was 85,000 tons lower than plan.
The entire mill IT/automation infrastructure is only as strong as the weakest link. It could be through a USB key, an email link, or an unsecured hotspot, but once compromised only one mission system needs to be taken out to impact the entire enterprise. The Colonial Pipeline incursion was believed to be via a legacy VPN profile, which was not protected by two-factor authentication.
To put this issue in perspective, one must only look at the recent lumber supply issue in the US, which was driven by a perfect storm of Canadian tariffs, a sudden upsurge in demand for remodeling during the pandemic and issues with the supply chain. Although the market is recovering, it shows how susceptible it is to external stimuli and all it would need is for one or two major mills to be taken out of action due to malware and it starts all over again.
The pulp and paper sector traditionally holds a very low inventory, given there is no value in keeping a year’s worth of tissue/boxes. With paper being a critical infrastructure to the US economy, hacking just one tissue supplier could take out 22 percent of the capacity. Small failures could see huge effects on everything from facemasks, through to pizza and Amazon boxes, and onto building supplies.