Protecting the systems at Albertsons

NRF PROTECT: Observation, patience are key to maintaining supply chain cybersecurity

On Thursday morning at NRF PROTECT, two employees of Albertsons Companies — Jack Hamm, cybersecurity CTO, and Chad Walker, director, portfolio information security office — gave a presentation entitled “Purdues and Pur-Don’ts: A practical approach to supply chain cybersecurity at Albertsons.”

Albertsons provides food and drugs to customers in 2,200 stores, an effort supported by 20 distribution centers and 22 manufacturing plants. Hamm and Walker lead the teams that work to protect and maintain systems and networks that enable the organization to operate.

NRF PROTECT 2022

Did you miss NRF PROTECT 2022? Take a look at our event recap.

The two outlined the challenges many retailers face. Distribution centers and manufacturing plants operate through a multiplicity of systems, many supplied by third-party manufacturers. There are a lot of things that can go wrong with these systems, whether from malfeasance, accident or plain old wearing out.

Some of these systems, Hamm reminded his audience, are legacy systems. That can mean there probably isn’t a supply of extra parts just lying around; particular parts might not even be manufactured anymore.

The Albertsons team had some advice for people taking on a similar challenge. One step is to remain focused on protection; at every possible point, operating technology should be protected from information technology (and potentially warring bits of itself) by firewalls and other secure perimeter networks. Another is not to be in a hurry to master the operating technology.

Retail loss prevention

Browse resources and read the latest articles and press releases related to loss prevention.

Every task, Hamm noted, involves assets and workflows. Don’t try to understand all the behavior, he said — just what normal looks like. It’s also important to watch a system for a while. There are processes that get done once a month, once every six months, once a year. Don’t be in a hurry to do things. When you know what it’s like on a good day, and then you see something new, you’re better positioned to recognize and deal with it.

Hamm asked the audience to consider an image he shared from World War II: the outline of an airplane with bullet holes, the majority of which were clustered on the wings and tail. “You’re tasked with armoring the planes,” he said. “Based on this, where would you put the armor?”

One of the audience members got it right: “Not where the bullet holes are.”

And why not? “Because those are the planes that made it back,” he said.

Related content

NRF Hires Loss Prevention Expert
 
default image
The National Retail Federation today announced that it has hired veteran loss prevention expert David Johnston.
Read more
Why retailers need an enterprise-wide framework to manage threats
 
PROTECT session
NRF PROTECT: Practical advice on risk intelligence for those on the front lines.
Read more
3 leadership lessons from a Top Gun pilot
 
Art delaCruz
NRF PROTECT: Leading with passion, empathy and resilience.
Read more