Food Quality & Safety
  • Home
  • About
    Us
    • Food Quality & Safety‘s Mission
    • Contact Us
    • Authors
    • Manage Subscription
    • Advertise
    • Magazine Archive
    • Copyright
    • Privacy Policy
  • On the
    Farm
  • Safety & Sanitation
    • Environmental Monitoring
    • Hygiene
    • Pest Control
    • Clean In Place
    • Allergens
    • Sanitizing
    • Training
  • Quality
    • Authenticity
    • Textures & Flavors
    • Labeling
    • Shelf Life
    • Outsourcing
    • Auditing/Validation
    • Supplier Programs
  • Testing
    • Seafood
    • Dairy
    • Hormones/Antibiotics
    • Produce
    • Ingredients
    • Beverages
    • Meat & Poultry
    • Animal Food
  • In the
    Lab
    • Lab Software
    • Pathogen Control
    • Physical Properties
    • Contaminants
    • Measurement
    • Sampling
  • Manufacturing & Distribution
    • Information Technology
    • Plant Design
    • Foreign Object Control
    • Temperature/Humidity
    • Packaging
    • Transportation
    • Tracking & Traceability
  • Food Service & Retail
    • Cleaning & Sanitizing
    • Stock Management
    • Hygiene
    • Food Preparation
    • Allergens
    • Education
    • Temperature Monitoring
  • Regulatory
    • FSMA
    • Guidelines & Regulations
    • Recalls
  • Resources
    • Whitepaper
    • Webinars
    • Video
    • Events
    • Food Library
    • Jobs
  • FQ&S
    Award
  • Search

Cyberterrorism: How Food Companies Are Planning for Threat of Cybersecurity Risks

May 18, 2018 • By Nicole C.K. James

  • Tweet
Print-Friendly Version

There is no shortage of risks in the global environment these days. The Barcelona Centre for International Affairs (CIDOB), an independent think tank, has documented the top issues that it believes will shape the international agenda in 2018. One of these issues concerns connectivity and the world order. This connectivity includes control over the means of transporting goods and information, which is a strategic priority for many nations. However, the potential for crisis related to this control appears to be increasing. One of the contributing factors to this crisis, according to the CIDOB, is digital vulnerability. With the tensions mounting between many countries including the U.S., Russia, China, and the Korean Peninsula, this vulnerability could translate into real incidents of cyberterrorism.

You Might Also Like
  • How to Strengthen Cybersecurity in Smart Manufacturing
  • Money for the Food Safety Mission
  • Technological Changes Beneficial for Sanitation, Measurement
Explore This Issue
June/July 2018
ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

Perhaps it is beneficial to start with an understanding of cyberterrorism. As stated by the U.S. Federal Bureau of Investigation, cyberterrorism is any “premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against non-combatant targets by sub-national groups or clandestine agents.” Similarly, according to the Cambridge Dictionary, cyberterrorism constitutes “the use of the Internet to damage or destroy computer systems for political or other reasons.”

Of course, cyberterrorism can involve any information system in any industry and it might be argued that a greater crisis would result from sabotaging highly sensitive information systems, such as those used for air traffic control. So what would inspire cyberterrorists to focus on the systems that are part of the food chain?

As it turns out, these systems are actually very attractive targets for a cyberterrorist attack. An attack of this nature could certainly be far-reaching—the food chain is an entity that unites the world population and touches everyone in some way. The National Cybersecurity Institute at Excelsior College, a center dedicated to the challenges in cybersecurity policy, technology, and education, states that the “Department of Homeland Security [in the U.S.] has labeled the Food and Agriculture industry as one of the 16 national critical infrastructures.”

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

Potential Threats

According to the World Health Organization, 420,000 people die every year from food-related illnesses and the Food and Agriculture Organization of the United Nations says that more than 1.3 billion tons of food is wasted due to spoilage. An act of cyberterrorism in the food industry (also known as agroterrorism) could increase these numbers exponentially. There are a number of different avenues that agroterrorism could take:

  • Disruption of delivery;
  • Alteration of formulations;
  • Interception of confidential information; and
  • Threat of tampering.

How could these avenues unfold? Let’s discuss each one in some detail.

Disruption of delivery would affect the transportation system that moves goods from place to place, potentially cutting off vital supplies to vulnerable communities.

Alteration of formulations could occur at a food manufacturing facility through the takeover of important pieces of equipment. These days, nearly every step of the food supply chain involves a smart device or sensor that connects to a centralized control system. These devices are known as programmable logic controllers, or PLCs. The programming that makes up a PLC is only as “smart” as the individual who created it. PLCs can’t be relied on to make the distinction between a benevolent programmer and a malevolent individual with the goal of causing harm. PLCs could potentially be accessed remotely with any number of undesirable to disastrous results.

Researchers have already been successful in modeling the takeover of PLCs in a water plant. By using ransomware, they were able to change the monitoring systems, including altering chlorine levels. PLCs can control very significant parts of the manufacturing process. Taking control of PLCs involved in the manufacturing process of a product destined for a highly susceptible population, like infant formula, could result in major changes to the calibrated delivery of the various nutrients that are part of the formulation. The ultimate result is the sickening (or worse) of the youngest segment of the population.

Accessing confidential information is an ongoing favorite of cyberterrorists generally. Look no further than the recent Facebook scandal, where Cambridge Analytica was able to harvest over 50 million user profiles, simply by building a quiz app that collected data not only from the individuals taking the quiz, but also from the friends of these individuals—people who had no connection with the quiz. In another angle, a joint study released by the antivirus software specialist McAfee and the technology services provider Science Applications International Corp. showed that hackers are now looking to gather trade secrets and marketing plans and use that intellectual property to their own advantage.

The threat of tampering might be a method used by cyberterrorists. An example of this can be seen in the subset of cyberterrorists known as cyberactivists. Cyberactivists are those who may disagree with a company’s product or the method the company uses to produce the product. These individuals may threaten initially to use hacking to attack a company’s reputation, disrupt its operations, or maliciously modify its automated processes and then, depending on the response of the company, go on to launch the damage. Criminals may also use the threat of lost profits, caused by the disruption of equipment or transportation, to extort money.

Regardless of the motive, what is universally frightening is that any of these avenues could easily be initiated by cyberterrorists located anywhere in the world. There is certainly no requirement for the person perpetrating a cyberterrorist act to even set foot in the facility that is affected.

Limiting Exposure to Harm

With all of this in mind, it might be surmised that the food industry is arming itself heavily to prevent cyberterrorist acts. Unfortunately, that assumption might not be as accurate as would be desired. A number of factors are behind the fact that the food industry is not the most up to date in tightening its cybersecurity. One is a lack of awareness. Since breaching a company’s computerized systems is not as obvious as a piece of equipment that is not working, or a patch of flooring that requires repair, dedicating the resources to protecting those computerized systems is not the first priority. Those resources, of course, are tied into available money. Many food manufacturers look to their budgets first to improve food safety and quality, as well as productivity, before focusing on cybersecurity, especially if they never had an issue (at least not one that they are aware of). That lack of focus on cybersecurity can result in unnoticed system vulnerabilities. These vulnerable areas could include firewalls that go out of date, remote access portals that are insecure, operating systems that can be more easily corrupted, and staff that is poorly trained and/or unaware of the risks.

Even companies that have realized the importance of having a defense prepared against cyberterrorist attacks will often focus on the protection of their database systems. However, what is frequently overlooked is that professional hackers will use indirect and innovative methods to bypass the gates of even those systems that the companies believe to be secure. One example of a fairly simple way that a hacker can gain access is through the deployment of a large volume of phishing emails, all sent to personnel employed by the company that they are targeting. This technique is akin to the practice of ringing the doorbells of everyone that lives in the same apartment building. While most apartment dwellers won’t allow an individual who they don’t know into the building, the likelihood that one person will allow access increases the more doorbells are rung. And that is all that is needed—just one person—to let the hacker in.

Another method that cyberterrorists might employ is gaining access through a third-party contractor that a food manufacturer uses. As computer programming and software development requires a very specific technical skillset, many food manufacturing companies will not have this expertise in-house and will outsource to a contractor to help build their computer networking. However, this very act of bringing in outside expertise can expose the food manufacturing company to additional risks. Many of the high-profile cybersecurity incidents that have occurred were a result of hackers accessing the systems of the third-party contractors, which then allowed them a gateway to their true target—the food manufacturing company.

Ultimately, it is key that food manufacturing companies recognize the risks of cyberterrorism to their businesses and the greater food system that they are part of. From there, it is essential to implement a comprehensive cybersecurity program that is actively managed and maintained. Installing an antivirus software that is not updated regularly, with firewalls that are not closely watched, will not stop the highly skilled individuals that either are getting past those walls because they have their own agenda, or because they have been hired by others who are motivated to do harm. Companies must have a more far-reaching approach, where the antivirus software and firewalls are supported by policies, procedures, proper staff training, and regular updating.

Companies should approach cybersecurity in the way that they approach a food safety plan, with a comprehensive risk analysis using a team that is made up of individuals with the appropriate process and technical knowledge necessary in order to develop an effective cybersecurity plan. There must be a plan of defense documented and implemented to manage the risks identified in the analysis. Active management of the plan and regular reviews of the system ensure it remains up to date with the ever-changing landscape of information technology.

Organizations also need to consider innovative ways to stay one step ahead of a cyberterrorist attack. One approach to consider, which is gaining popularity, is the use of  “white hat” hackers, who are computer security specialists who break into protected systems and networks to test and assess their security by exposing vulnerabilities before malicious hackers can do so. One of the truly beneficial aspects of utilizing this type of approach is that it goes right to the heart of prevention, instead of reaction.

Food manufacturing organizations, like companies across a broad spectrum of industries, recognize the importance of looking at preventing disaster, as opposed to responding to a disaster that has already happened. As John Ridpath, head of product at the technology educator Decoded, suggests, “The best form of defense is to be proactive and try to breach your own systems.” In the end, food manufacturing facilities that take this suggestion to heart are those that can take control of their cybersecurity, and that can be a huge competitive advantage in a global environment where connectivity is king.


James is a technical scheme manager in supply chain food safety at NSF International. Reach her at nkeresztes@nsf.org.

Pages: 1 2 3 | Multi-Page

Filed Under: Home Slider, Information Technology, Manufacturing & Distribution, Safety & Sanitation Tagged With: cybersecurity, cyberterrorism, Food Quality, Food SafetyIssue: June/July 2018

You Might Also Like:
  • How to Strengthen Cybersecurity in Smart Manufacturing
  • Money for the Food Safety Mission
  • Technological Changes Beneficial for Sanitation, Measurement
  • HACCP’s Effect on Mickey Mouse

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Current Issue

October/November 2019

  • Issue Articles »
  • Current Issue PDF »
  • Subscribe »
  • Follow Us:

  • Facebook
  • Twitter
  • LinkedIn

Food Quality & Safety Blog  

Managing Change as a Food Safety Professional

… [Read More]

Previous posts »

Paid Partner Content

Avoiding Overwhelming Product Recall Costs

Innovative food safety inspection systems are being developed in Germany. Learn more about the latest technologies from Bizerba and benefit from our free guidelines ensuring consistent food production safety.

  • Recall News
  • Industry News
    • Cay Thi Queentrees Food USA Recalls Poultry Products
    • Padrino Foods, LLC Recalls Beef Tamales
    • Simmons Prepared Foods, Inc. Recalls Poultry Products
    • Rastelli Bros., Inc. Recalls Meat Products
    View more »
    • In Memoriam: Daniel Y. C. Fung, PhD
    • E. coli Illness Linked to Romaine Lettuce Expands
    • Salmonella Outbreak and Ground Beef Recall Stir Transparency Debate
    • FDA Extends Deadline for Supply-Chain Approval
    • ‘Creeping Silent Crisis’ Seen Menacing World’s Crops
    View more »

Polls

How interested is your company in cannabis testing for its food/beverage products?

View Results

Loading ... Loading ...
  • Polls Archive

Whitepapers

  • Food Authenticity Testing with Agilent 6546 LC/Q-TOF and MassHunter Classifier

View More Whitepapers »

On-Demand Webinars

  • Reduce Non-Recyclable Materials
  • Why a Food Safety Culture Is Critical to Your Business

View More Webinars »

Food Quality & Safety (formerly Food Quality) is the established authority in delivering strategic and tactical approaches necessary for quality assurance, safety, and security in the food and beverage industry.

Advertise / Targeted list rental/3rd Party emails / Subscribe / Contact Us / Privacy Policy / Terms of Use

ASBPE Award Winner

Copyright © 2000–2019 Wiley Periodicals, Inc., a Wiley Company. All rights reserved. ISSN 2399-1399

Wiley

This site uses cookies: Find out more.