Is the impending cyberstorm here and now?
Regarding cybersecurity, the experts paint a very dire picture, but is the food business preparing for a crisis that it is already deeply mired in?
If you talk to enough specialists in the food sector, you will eventually find someone who is genuinely afraid of the cybersecurity danger. For many years, there has been a growing discourse (and anxiety) around the potential damage that malicious individuals could cause to our food chain via the internet.
During the Food Safety Summit 2022, a number of experts made some sobering suggestions, arguing that the long-feared storm may not be approaching as much as previously thought. It’s available now.
Enhanced interconnectedness or increased susceptibility?
There is no denying that the food business has accomplished some amazing things thanks to the internet. In addition to the extensive online resource library that keeps our food safer by the minute, there are apps that let you access food that stores are about to discard.
Industry has also been able to grow more efficient thanks to technology. We can use a tonne of “smart” technology (more on that later) to calculate intricate supply chains or measure temperature while things are being transported in order to make sure they reach the shelves at the appropriate moment.
However, as stated by Joshua Corman, the founder of I am the Cavalry and a former Chief Strategist at the Cybersecurity and Infrastructure Security Agency (CISA), we become increasingly vulnerable with each new device we connect to because we rely too much on unreliable technology. He questioned if we should put so much trust in our smart devices, which, as he pointed out, frequently lose their usefulness.
Marcus Sachs, the Deputy Director for Research at the McCrary Institute for Cyber and Critical Infrastructure Security, pointed out that the internet was created in the late 20th century by a group of very dependable individuals, most of whom came from academics. Its basic foundations were built on the belief that although the infrastructure should not be trusted, users should. That was mostly accurate when scholars used rudimentary frameworks that were prone to breaking.
However, both the world and the internet have transformed. The interactions of those early pioneers and the way we use the internet could not be more dissimilar. Like many other industries, the food business has embraced the potential of the internet. Consider not only the plethora of food service providers that are currently exclusively available online, but also the Internet of Things (IoT) – all those gadgets that silently interact with one another to keep our food fresh and in motion. The panel of experts’ message was very clear: the more connections we have, the more opportunities we give bad actors to harm us.
What danger is there?
Although cybercrime is not a new phenomena, its diversity has increased recently, particularly with the emergence of the so-called “ransomware revolution.” Ransomware attacks used to work like this: criminal hackers would steal into your device, encrypt your contents, and then demand a payment to unlock them. One time, the introduction of cloud computing was believed to be the solution to problem. When everything is backed up, a ransomware attack turns from a serious threat to a bothersome one. Because criminals are known for their quick adaptation, methods evolved, and in an attempt to increase the likelihood that the ransom would be paid, emphasis shifted to data exfiltration and backup deletion.
Ransomware assaults, while undoubtedly annoying, frequently lead to the leakage of critical data, including client financial accounts and private information about your food safety system. Perhaps more concerning for the food business, though, are denial of service (DoS) assaults, which frequently entail demands for a ransom. Corman, whose research has focused on the medical sector for the last two years, provided some glaring illustrations and cautions about what may go wrong.
He described the story of the WannaCry virus, which preyed on Windows versions prior to 2010. Despite the short duration of the 2017 attack, an estimated 70,000 pieces of NHS equipment—from computers to MRI scanners to blood storage refrigerators—were impacted. When it peaked on May 12, 2017, some ambulances from UK hospitals were actually diverted. According to Corman, stroke victims were disproportionately harmed by the attack, despite the fact that they frequently have a very little window of time to seek specialist medical care if they are to make a full recovery. Since then, there have been attacks on US hospitals, and as Corman reminded the audience, our over-reliance on technology has resulted in a significant increase in the staff-to-patient ratio. Thus, when that supportive hand is
Corman then turned his attention to the food sector. Consider the possibility that a hacker may remove or modify the sensor entirely from a refrigerator while it is in transit. Suddenly, potentially dangerous food is being transported in lorry loads to retailers. At most, a costly mass recall will be carried out when the alarm is sounded. Worst case, those goods reach the market and cause illnesses in individuals.
Cyberattacks have long been a source of concern because we believe they could be embarrassing and expensive. Poor cybersecurity is starting to have real-world repercussions that can literally mean the difference between life and death.
There is, of course, the shadowy spectre of state-sponsored cybersecurity attacks too. Sachs warned that both Russia and China have the capability to launch damaging cyberattacks on the US (he was also keen to remind the audience of the US’ power in this regard too), and Corman also expressed great fear that conflict in Ukraine will bring with it cyberattacks on the 16 so-called critical infrastructures, of which the food supply is one. If you could significantly disrupt a nation’s food supply, its ability to either impose sanctions or fight back militarily would be vastly reduced. Corman’s worries are not difficult to understand.
Food safety is cybersecurity.
By now, it should be very obvious that the cybersecurity threat is real, present, and only going to get bigger in the years to come. Is the food sector ready, then? Corman and Sachs conveyed a strong negative message.
Corman disclosed that, once again using the medical sector as a standard, 85% of US medical facilities do not employ a cybersecurity specialist. You would be courageous to disagree with him when he bet that the food sector will tell a similar story.
Should producers now be spending money on pricey cybersecurity departments in addition to maintaining the safety of their food? They are the same thing, according to John Spink, director of Michigan State University’s Food Fraud Academy. As he disclosed, while cybersecurity is only referenced in passing in ISO 22000, virtually all food regulations mandate that those under their supervision evaluate the risk. Food merchants are required by the Food Safety Modernization Act to conduct hazard analyses. It is also quite tough to argue that cyberattacks are not a risk after listening to the professionals discuss cybersecurity for more than an hour.
In this way, having strong cybersecurity is essential for company as well as a nutritional