Protecting the systems at Albertsons

NRF PROTECT: Observation, patience are key to maintaining supply chain cybersecurity
Peter Johnston

On Thursday morning at NRF PROTECT, two employees of Albertsons Companies — Jack Hamm, cybersecurity CTO, and Chad Walker, director, portfolio information security office — gave a presentation entitled “Purdues and Pur-Don’ts: A practical approach to supply chain cybersecurity at Albertsons.”

Albertsons provides food and drugs to customers in 2,200 stores, an effort supported by 20 distribution centers and 22 manufacturing plants. Hamm and Walker lead the teams that work to protect and maintain systems and networks that enable the organization to operate.

NRF PROTECT 2022

Did you miss NRF PROTECT 2022? Take a look at our event recap.

The two outlined the challenges many retailers face. Distribution centers and manufacturing plants operate through a multiplicity of systems, many supplied by third-party manufacturers. There are a lot of things that can go wrong with these systems, whether from malfeasance, accident or plain old wearing out.

Some of these systems, Hamm reminded his audience, are legacy systems. That can mean there probably isn’t a supply of extra parts just lying around; particular parts might not even be manufactured anymore.

The Albertsons team had some advice for people taking on a similar challenge. One step is to remain focused on protection; at every possible point, operating technology should be protected from information technology (and potentially warring bits of itself) by firewalls and other secure perimeter networks. Another is not to be in a hurry to master the operating technology.

Retail loss prevention

Browse resources and read the latest articles and press releases related to loss prevention.

Every task, Hamm noted, involves assets and workflows. Don’t try to understand all the behavior, he said — just what normal looks like. It’s also important to watch a system for a while. There are processes that get done once a month, once every six months, once a year. Don’t be in a hurry to do things. When you know what it’s like on a good day, and then you see something new, you’re better positioned to recognize and deal with it.

Hamm asked the audience to consider an image he shared from World War II: the outline of an airplane with bullet holes, the majority of which were clustered on the wings and tail. “You’re tasked with armoring the planes,” he said. “Based on this, where would you put the armor?”

One of the audience members got it right: “Not where the bullet holes are.”

And why not? “Because those are the planes that made it back,” he said.

Related content

Balancing the threats and opportunities of AI
 
Retail leaders speaking at NRF PROTECT.
How security leaders can effectively support the innovative use of artificial intelligence and protect against risks.
Read more
How to adopt a hacker’s mindset: A study in curiosity, creativity
 
Ted Harrington speaking at NRF PROTECT.
NRF PROTECT: Ethical hacker Ted Harrington on building more secure systems.
Read more
Playing to win takes trust, commitment
 
ESPN football analyst Herm Edwards at NRF PROTECT 2024.
Former NFL coach Herm Edwards on getting involved and making hard decisions.
Read more