Supply Chain Cyber Attacks: What Eastman and Tri-Cities Manufacturers Need to Know

In December 2020, the world learned about the SolarWinds attack — a sophisticated supply chain compromise that gave Russian-linked hackers access to thousands of organizations, including U.S. federal agencies and Fortune 500 companies. Since then, supply chain cyber attacks have surged, with the MOVEit file transfer breach in 2023 impacting over 2,600 organizations and the Kaseya VSA attack in 2021 crippling managed service providers worldwide.

For the Tri-Cities manufacturing corridor — anchored by Eastman Chemical Company in Kingsport and supported by hundreds of suppliers, contractors, and logistics firms — these aren't distant headlines. They're a blueprint for exactly how an attacker could disrupt our regional economy.

What Is a Supply Chain Cyber Attack?

A supply chain attack doesn't target your organization directly. Instead, attackers compromise a trusted vendor, software provider, or partner that already has access to your systems. Because the malicious activity comes through a legitimate, trusted connection, traditional perimeter defenses never see it coming.

The mechanics are straightforward and devastating:

• SolarWinds (2020): Attackers inserted malicious code into a routine software update. When organizations installed the update — trusting the source — the backdoor activated, giving hackers silent access to internal networks for months.
• Kaseya (2021): The REvil ransomware group exploited vulnerabilities in Kaseya's remote management platform, simultaneously encrypting data at more than 1,500 businesses that relied on MSPs using the tool.
• MOVEit (2023): The Cl0p ransomware gang exploited a zero-day vulnerability in the widely-used MOVEit file transfer application, stealing sensitive data from organizations that used it to exchange files with partners.

In each case, the victim didn't make a mistake — they trusted a vendor that had been compromised.

Why the Tri-Cities Manufacturing Corridor Is a Prime Target

Kingsport's economy has been built around manufacturing for over a century, with Eastman Chemical Company serving as the anchor employer and economic engine for the entire region. Eastman alone employs approximately 7,000 workers at its Kingsport campus and generates billions in annual revenue. Surrounding the main campus is an intricate web of hundreds of smaller companies: chemical suppliers, logistics providers, specialty packaging firms, maintenance contractors, and engineering consultancies.

This interconnected ecosystem is precisely what makes supply chain attacks so dangerous here:

• Dense vendor networks: A single large manufacturer may have active network connections or data-sharing agreements with 200+ vendors. Each connection is a potential entry point.
• Smaller vendors as weak links: While a company like Eastman invests millions in cybersecurity, a 50-person specialty chemical supplier in Church Hill or a trucking company in Gray may have no dedicated IT security staff at all. Attackers know this and deliberately target smaller vendors as stepping stones to larger prizes.
• High-value intellectual property: Chemical formulations, manufacturing processes, and proprietary research represent years of R&D investment. State-sponsored attackers and industrial espionage groups actively target this data.
• Critical infrastructure implications: A disruption at a major chemical plant doesn't just affect one company — it can halt production across an entire supply chain, impact national chemical supplies, and even create environmental safety concerns.

The OT/IT Convergence Problem

Modern chemical manufacturing relies on an increasingly connected environment where Information Technology (IT) systems and Operational Technology (OT) systems overlap. IT handles email, ERP platforms, and business data. OT controls the physical processes — programmable logic controllers (PLCs), distributed control systems (DCS), SCADA interfaces, and industrial sensors that manage chemical reactions, temperature, pressure, and flow rates.

Historically, these systems were air-gapped — completely separated from each other and from the internet. But the push for efficiency, real-time monitoring, and data-driven manufacturing has connected what was once isolated. Today, a vendor with remote access to update a PLC firmware might be traversing the same network that carries corporate email.

The risks of this convergence are severe:

• Ransomware crossing the IT/OT boundary can shut down production lines, not just office computers.
• Compromised vendor credentials used for remote OT maintenance can give attackers direct access to industrial control systems.
• Legacy OT protocols like Modbus and DNP3 were designed decades before cybersecurity was a concern and offer no built-in authentication or encryption.

Practical Steps for Tri-Cities Manufacturers

Protecting against supply chain attacks requires a combination of vendor management discipline, network architecture, and continuous monitoring. Here's what every manufacturer in the region should implement:

1. Implement Vendor Security Questionnaires

Before granting any vendor access to your network or data, require them to complete a standardized security questionnaire covering their patching practices, access controls, incident response capabilities, and insurance coverage. Vendors that can't meet basic security thresholds should not have network access — period.

2. Segment Vendor Access from Production Networks

Never allow vendor VPN connections to land directly on production or OT networks. Create dedicated vendor access zones with strict firewall rules that limit what each vendor can reach. Use jump servers and session recording for all vendor remote access so you have a complete audit trail.

3. Monitor All Third-Party Connections in Real Time

Deploy network detection and response (NDR) tools that baseline normal vendor traffic patterns and alert on anomalies. If a vendor that normally connects for 30 minutes on Tuesday mornings suddenly initiates a connection at 2 AM on Saturday and begins scanning your network, you need to know immediately.

4. Enforce the Principle of Least Privilege

Every vendor account should have access to only the specific systems and data required for their contracted work — nothing more. Use time-limited credentials that automatically expire when a maintenance window closes. Conduct quarterly access reviews to revoke credentials that are no longer needed.

5. Build and Test Your Incident Response Plan

When a supply chain compromise is detected, speed of response determines the extent of damage. Develop a specific incident response playbook for vendor-originated compromises that includes: immediate isolation procedures, vendor notification protocols, forensic investigation steps, and communication plans for customers and regulators.

6. Require Cyber Insurance and Contractual Protections

Include cybersecurity requirements in all vendor contracts. Specify minimum security standards, breach notification timelines (ideally 24–48 hours), and liability allocations. Require proof of cyber insurance that covers third-party breach scenarios.

The Bottom Line

The Tri-Cities manufacturing ecosystem thrives on interconnection and collaboration. But every connection is a potential vulnerability. The next SolarWinds-scale attack won't necessarily target a software giant — it could start at a small supplier in Sullivan County and cascade through vendor relationships until it reaches the production floor of one of the region's largest employers.

At Blue Ridge Security, we help manufacturers across the Tri-Cities build supply chain security programs that match the sophistication of modern threats. Our network security solutions provide the segmentation and monitoring that manufacturing environments demand, and our vendor risk assessments give you visibility into your third-party exposure.

Don't let your weakest vendor become your biggest vulnerability. Contact Blue Ridge Security today for a supply chain risk assessment.