The food sector may not be at the front of most people's minds when they imagine the impacts of a cyberattack, but it’s a very real concern for everyone involved in the industry.
A recent BSI poll surprisingly showed that a massive 78% of respondents in the food sector did not believe their organization was prepared for a cyberattack, with productivity, efficiency and profits topping priority lists instead. Yet, such an assault has the potential to be devastating for many reasons, especially with production and distribution processes becoming more heavily automated.
The challenges to food safety
The major challenges that face the food industry are all interconnected with digital technology and emerging processes, such as: the Internet of Things (IoT), operational technology (OT) or the use of internet-connected devices.
Such challenges can include:
• Food fraud – intentionally deceiving consumers about the nature of their food, such as what ingredients are included, at what levels, and where they come from.
• Food safety – contaminated or spoiled food can often lead to illness, injury, or even death. There are many ways food can become contaminated, including deliberate exposure to harmful bacteria, toxins, chemicals, or viruses, or tampering with food safety and monitoring equipment.
• Food quality – poor-quality food can also harm consumers, in turn impacting brand reputation and sales.
• Food defence – ill-protected production lines and production line technology increase the risk of ‘bad actors’ (a neutral term that refers to a person or organization that intentionally causes harm in the digital sphere) successfully contaminating or tampering with the produce.
A reliance on IoT devices can create weak links in an organization's network that are easily exploited.
While they often simplify and expedite essential processes, many of these processes rely on legacy systems that in turn could rely on outdated operating systems. Even if they operate well, these components could be more vulnerable to attack, so monitoring them, keeping them secure, and updating them can help avoid a cyberattack and protect the food system.
The effects of a cyberattack
Regardless of whether a cyberattack is aimed at disrupting a country's produce, as seen in recent attacks in the United States, or has the goal of extorting money with ransomware, the consequences can be severe.
Theft, public exposure, data corruption or loss, and data manipulation or falsification are all potential impacts, but the side effects can be unexpected.
Many organizations have to fall back on manual operations, reducing output considerably. This can be seen in the ransomware strike on Hood Dairy in New Hampshire in the US, which left schools across the country going without milk for several days.
Compromised food quality
As well as stock shortages, there are other potential outcomes of a cyberattack to keep in mind. Compromised food quality could be one of the biggest concerns.
There have been many examples of bad actors targeting an organization's industrial control system (ICS) and contaminating food with chemical agents in order to spoil and cause illness or worse, harming reputations and causing financial damage as a result.
The World Health Organization estimates that around one in ten of us (600 million people across the world) will fall victim to food contaminated by chemical agents, bacteria, or viruses. They also estimate that 420,000 people, who are otherwise healthy, will die each year as a result.
Investing in cyber security is about more than protecting personal data and securing revenue, it is also about the health and safety of consumers around the world.