On Thursday morning at NRF PROTECT, two employees of Albertsons Companies — Jack Hamm, cybersecurity CTO, and Chad Walker, director, portfolio information security office — gave a presentation entitled “Purdues and Pur-Don’ts: A practical approach to supply chain cybersecurity at Albertsons.”
Albertsons provides food and drugs to customers in 2,200 stores, an effort supported by 20 distribution centers and 22 manufacturing plants. Hamm and Walker lead the teams that work to protect and maintain systems and networks that enable the organization to operate.
NRF PROTECT 2022
Did you miss NRF PROTECT 2022? Take a look at our event recap.
The two outlined the challenges many retailers face. Distribution centers and manufacturing plants operate through a multiplicity of systems, many supplied by third-party manufacturers. There are a lot of things that can go wrong with these systems, whether from malfeasance, accident or plain old wearing out.
Some of these systems, Hamm reminded his audience, are legacy systems. That can mean there probably isn’t a supply of extra parts just lying around; particular parts might not even be manufactured anymore.
The Albertsons team had some advice for people taking on a similar challenge. One step is to remain focused on protection; at every possible point, operating technology should be protected from information technology (and potentially warring bits of itself) by firewalls and other secure perimeter networks. Another is not to be in a hurry to master the operating technology.
Retail loss prevention
Browse resources and read the latest articles and press releases related to loss prevention.
Every task, Hamm noted, involves assets and workflows. Don’t try to understand all the behavior, he said — just what normal looks like. It’s also important to watch a system for a while. There are processes that get done once a month, once every six months, once a year. Don’t be in a hurry to do things. When you know what it’s like on a good day, and then you see something new, you’re better positioned to recognize and deal with it.
Hamm asked the audience to consider an image he shared from World War II: the outline of an airplane with bullet holes, the majority of which were clustered on the wings and tail. “You’re tasked with armoring the planes,” he said. “Based on this, where would you put the armor?”
One of the audience members got it right: “Not where the bullet holes are.”
And why not? “Because those are the planes that made it back,” he said.