Food cybersecurity: Cybersecurity risks in the food supply chains
Food cybersecurity: Cybersecurity risks in the food supply chains
Food cybersecurity: Cybersecurity risks in the food supply chains
- Author:
- June 15, 2023
The food industry's IT infrastructure, which is outdated and not regularly updated, poses a significant risk to its cybersecurity. Legacy agricultural IT systems also make implementing the latest security measures and software updates difficult. The industry's operations are highly interconnected, with multiple vendors and suppliers involved in the supply chain, all of whom may be at risk of a systemic cybersecurity incident.
Food cybersecurity context
The food industry has digitized many processes, from monitoring livestock to checking temperature and incorporating additives. The 2020 COVID-19 pandemic accelerated the transformation, which led to the convergence of IT and operational technology (OT) networks. However, many systems are vulnerable to cybersecurity threats as they incorporate legacy infrastructure or do not proactively protect themselves against risks. A compromise at any stage of the operations can make an entire warehouse’s output unfit for consumption.
Additionally, the manufacturing and processing parts in the food industry are dominated by a few key players. Hence, disruption in one firm's processes impacts many consumers. For example, four leading companies produce 55 to 85 percent of US beef.
When one of these firms, JBS, was hacked in 2021, its meat plants worldwide faced disruption until it paid $11 million USD in ransom. The deployment of artificial intelligence (AI) has proven to be an efficient solution to respond rapidly to security incidents because it can process vast amounts of data and detect anomalies quickly. In contrast, legacy systems no longer receive software updates or security patches, making them vulnerable to known exploits.
Disruptive impact
The food industry has traditionally been less of a target for cyber-attacks than other industries, such as finance and healthcare. However, with the rise of digitalization, increasing amounts of data are being stored online, and supply chains are becoming more interconnected. As a result, if action is delayed, these risks will only increase, potentially causing disruptions like food shortages, higher prices, and unexpected product recalls.
To address these risks, research institutes and relevant authorities will likely push for greater focus on cybersecurity in the sector. Governments may introduce new regulations and guidelines to ensure that companies take the necessary steps to protect themselves and their customers from cyber threats. These steps could involve mandatory cybersecurity training for employees, regular vulnerability assessments, and implementing encryption and multi-factor authentication.
As companies take cybersecurity more seriously, they are likely to replace legacy IT systems with more modern and secure solutions. Cybersecurity providers will be incentivized to develop new technologies, especially in the essential services sector. Small and medium-sized firms will also be encouraged by governments to invest in cybersecurity through various measures. These efforts can include providing financial assistance or offering incentives such as tax breaks or reduced insurance premiums for companies that demonstrate a commitment to cybersecurity.
Implications of food cybersecurity
Wider implications of increased investments in food cybersecurity may include:
- More IT professionals being hired by food manufacturing and processing firms. Likewise, businesses servicing food cybersecurity and smart automation solutions may experience increased revenues.
- Greater investments in food industry cybersecurity leading to improved public trust in the food supply.
- The prevention of costly food recalls and reduced liability risks for agriculture and food processing companies.
- Governments mandating minimum cybersecurity standards for food companies, which could lead to increased regulatory compliance costs for these businesses.
- Food companies investing in more robust cybersecurity measures to protect customer data as more consumers shift to online shopping.
- Greater collaboration and information sharing among food companies as they work together to identify and mitigate cyber threats.
- Accelerated near-term cyber-attacks on still-vulnerable food production and distribution systems resulting in serious environmental consequences, such as contamination of soil and water sources.
Questions to consider
Do you think governments and companies are doing enough to protect against cyber threats in the food industry?
- What steps can small and medium-sized firms take to protect themselves and their customers from cyber risks?
Insight references
The following popular and institutional links were referenced for this insight: