Cybersecurity in the Food Sector: How Cyberattacks Can Disrupt the Supply Chain

Cybersecurity in the food supply chain has become a major concern amid increasing attacks on companies like Dole, Mondelez, and Sysco. The food industry is one of the most important in the world, with any supply chain disruptions causing widespread harm, panic, and concerns about public safety. This risk has only increased with more technology being introduced to the food manufacturing and agriculture industry.

In 2021, threat actors tried to poison a whole city’s water supply. Moreover, a 2023 cyberattack on Dole shut down production in North America, highlighting the risk of potential food shortages and increased food prices if attackers are ever successful. But these are only two examples; there are risks far more concerning than these.

With IoT technology and many kinds of software used by food companies to manage every step of the supply chain, stakeholders are more at risk of cyberattacks than ever before. A vulnerability in a single link of the supply chain can expose the whole chain to attacks and outside interference, leading to:

• tampering with food safety and testing data
• the introduction of counterfeit products into the supply chain
• production delays, and
• financial crises.

This article will discuss the many cyber tech vulnerabilities in the food industry and how attacks like the one on Dole can jeopardize public health, food safety, and financial stability in the food sector.

Overview of the Food Supply Chain

The food supply chain faces unique vulnerabilities at every step of the way, from farm to table. Let’s take a closer look at these steps:

• Raw Materials Sourced: Almost all kinds of food go through some sort of processing before it is ready to be distributed to retailers, even if it is just packaging raw produce. Farms nowadays are equipped with IoT technology, sensors, and advanced irrigation systems to automate most of the farming and harvesting process. Attackers can access all this technology and commandeer it for malicious reasons.
• Manufacturing or Processing: Artificial snacks and raw produce are processed at this stage of the food supply chain. Most manufacturing units are tech-heavy, with automated assembly lines. Any cyberattack or disruption at this stage of the process can harm the integrity of the food, place doubts on the validity of food quality testing, and render huge batches of products unsafe for human consumption.
• Distribution: At this stage, food is sent to be stored in warehouses or sold at retail outlets so consumers can purchase them. The transport and distribution of food is also a tech-heavy process, relying heavily on the use of refrigerated vehicles. Sometimes, warehouses that limit the amount of light and humidity the food is exposed to are needed. The environment in these vehicles and warehouses is usually controlled by centralized systems that can be hacked. Once an attacker gains access, they can render warehouses and trucks full of food useless, hold the food hostage or tamper with it, and even introduce counterfeit products into the mix.
• Retail: In this stage, food is sold to the end consumer. Data breaches and hacks at this stage are likely to compromise customer payment data like credit card info, putting them at risk of identity fraud and other scams or attacks.

How Cyberattacks Can Disrupt the Food Supply Chain

A world where grocery store shelves are bare because of food shortages is a chilling thought, but one that is increasingly possible because of the rising threat of cyberattacks on the food industry. While we often think of cyberattacks targeting financial institutions or tech giants, the food industry is a prime target.

Let’s take a look at all the ways cyberattacks can damage the food supply chain:

Transport and Logistics Issues

Breached logistics programs and transportation systems can completely pause operations, leaving entire regions with empty shelves and limited access to essential food and beverages. Ransomware attacks through various ways can leave companies unable to function, particularly when there’s a ticking clock, such as during the transport of perishable goods and produce.

PLC Tampering

Food manufacturing relies on Programmable Logic Controllers (PLCs) – automation technology that meticulously regulates ingredients, additives, and preservatives to be added to the food. If a hacker gains access to this technology within a manufacturing facility, the consequences can be catastrophic. Malicious tampering with PLCs could lead to widespread contamination, with products laced with incorrect ingredients or dangerous substances.

Attacks Through Third-Party Vendors

Third-party vendors might seem like a secure link in the chain, but they can be a hacker’s backdoor. Research from Verizon gives us some depressing insights –  15% of cyberattacks involve a third-party vendor, using compromised access from one victim to launch attacks on others. Information gained from one cyberattack can be a source of valuable information for malicious actors, allowing them to target specific vulnerabilities and disrupt operations with laser focus. One wrong click on a document sent by a trusted (but compromised) third-party vendor, for example, can give cybercriminals access to your company’s data and code. It’s not just code that’s at risk – exposed documents like HACCP plans (Hazard Analysis and Critical Control Points) can be a roadmap for attackers, revealing weak points in physical security or production processes.

Shadow IT

Many companies struggle with regulating shadow IT. These are unauthorized cloud applications or physical assets that employees use outside of official IT channels. Think of a rogue employee using a personal NAS drive to store sensitive data – a prime target for attackers. Research suggests that almost 80% of workers use SaaS applications without getting approval from their IT department, only heightening the risk. This technology can be used as an access point for attacks.

Disrupted Refrigeration Systems

Cyberattacks could disrupt refrigeration systems crucial for maintaining safe food temperatures. This could lead to spoilage and the spread of foodborne illnesses. Think of the damage that can be done by even slightly tampering with a refrigerated warehouse full of meat, or how much product would be lost if someone disrupts the temperature and humidity settings where wine is stored.

Data Theft and Blackmail

Data stolen from a cyberattack is often held hostage through DoS or DDoS attacks or other forms of ransomware. This data can also be used to blackmail you into paying a heavy amount of money. There have been instances of companies losing millions of dollars to these kinds of attacks, and even more instances of data leaked through these attacks being sold on the dark web.

Impact of Cyberattacks on Food Logistics

• Operational Disruptions: Ransomware attacks can lock organizations out of their operating systems and make it impossible for them to access important data. This and other similar attacks can partially or completely halt operations, leading to losses and supply shortages. For example, Dole was forced to shut down many of its milk processing plants in North America due to a cyberattack.
• Financial Consequences:  If organizations don’t pay the ransom, they can still suffer losses due to operational disruptions, securing their systems, and recovering their damaged reputation.
• Reputation Damage: Data breaches and cyberattacks can harm a company’s reputation and consumer trust. News of a breach travels fast and causes a lot of panic among stakeholders, causing many to question how safe their information is with a brand, with many opting to take their business elsewhere.

Major Cyberattacks That Harmed Food Companies

• Ransomware Attack on JBS: JBS, the meat-packing giant, was attacked by ransomware in June 2021. According to experts, the attack happened because of poor cybersecurity practices at JBS – an employee used their work log-in credentials as credentials for another site. The company has since taken steps to improve its cybersecurity practices and better train employees on the right security protocols. JBS ended up paying $11 million due to the attack, which is one of the biggest ransomware payments ever made. This attack reportedly caused JBS to shut down multiple plants in the USA and caused significant panic about rising food costs.

• Schreiber Foods: Schreiber Foods, a Wisconsin dairy giant famous for its cream cheese, fell victim to a cyberattack in October 2021. The attack severely affected their plants and distribution centers, forcing them to temporarily shut down milk processing for several days. Attackers demanded a $2.5 million ransom, and the attack caused cream cheese shortages right in the middle of the holiday baking season.

How to Ensure Cybersecurity in Food Supply Chain

More technology is being used in almost every stage of the food supply chain than ever before, giving cybercriminals a large attack surface to work with. Investing time and resources into your company’s cybersecurity is the only way to prevent attackers from gaining access to your systems.

• Identifying Gaps in Your System: You need to periodically evaluate the state of your cybersecurity to ensure it is protecting the systems and operational technology. Companies tend to remain clueless about the many vulnerabilities in their systems that cybercriminals can exploit in the absence of proper diagnostic tests and evaluations.
• Building a Culture of Cybersecurity Awareness: Building a strong culture of cybersecurity awareness is equally important. This means educating all employees – from frontline workers to executives – about the importance of robust security practices. Regular training sessions should equip them with the knowledge to identify suspicious activity, understand strong authentication protocols, and handle data securely.
• Investing in Robust Security Systems: To effectively safeguard your food supply chain, you should employ a comprehensive approach based on the OT zero trust security model. The principle behind this is “Never Trust, Always Verify,” which emphasizes implicit distrust and continuous verification of asset integrity and behavior. This strategy is specifically designed to address the unique challenges and vulnerabilities of operational technology (OT) environments. For example, by integrating advanced security measures, TXOne Networks helps food industry stakeholders mitigate risks, ensure operational continuity, and protect public health and safety from the growing threat of cyberattacks. Let’s look at some specific use case examples:
  • To maintain supply chain security, TXOne Networks provides a Portable Inspector, a device that performs scans of incoming and outgoing devices without requiring installation, ensuring they are free from malware. This inspection is crucial for preventing the introduction of malicious elements into the supply chain.
  • TXOne Networks’ CPS Protection Platform secures your mission-critical Cyber-Physical Systems (CPS) by leveraging industrial protocols, network behavior, and asset characteristics. This platform helps you identify and categorize assets, visualize network structures, and manage threat intelligence to deal with risks. For example, in the Food and Beverage industry, this technology can ensure the safe operation of automated bottling lines by detecting and responding to threats in real-time. Throughout the ‘asset lifecycle’, it ensures new assets are malware-free, hardens configurations, segments networks for protection, and performs regular scans and updates for ongoing compliance.
  • TXOne Networks’ Intrusion Prevention Systems (IPS) effectively defend against cyber threats. Our EdgeIPS product offers comprehensive network defense through ‘segmentation’ and ‘virtual patching’. By dividing the network into smaller, isolated segments, Food and Beverage companies can prevent potential breaches and lateral movement of attackers. For example, you can use this technology to segment your refrigeration systems. This will allow you to prevent malware from spreading and ensure that the products remain safe and uncontaminated during a cyberattack. Virtual patching provides immediate protection for vulnerable systems by shielding them from known exploits, ensuring continuous operation to maintain productivity.

• Collaborate with Law Enforcement and Cybersecurity Experts: In the unfortunate event of a cyberattack or malicious intrusion, it’s vital to take swift action. Contact your local law enforcement authorities immediately. They have the expertise and resources to investigate the crime and hold attackers accountable. Collaboration with relevant cybersecurity experts is also crucial.
• Work with Cybersecurity Agencies to Minimize Risk: Working with cybersecurity agencies like TXOne can help your company prevent major attacks on your company and offer continued support and protection against cyberattacks.

Conclusion

While the introduction of advanced technology in the food supply chain is a step in the right direction, it leaves organizations more vulnerable than ever to cyberattacks. There is a strong need for organizations at every level of the food supply chain to invest in cybersecurity measures and regular infrastructure updates to stay safe from cyberattacks. it is equally important to work more closely with the government and cybersecurity firms that are equipped with the knowledge and resources to aid in prevention and cybersecurity measures.

Protect your food supply chain from cyber threats with TXOne’s tailored solutions for ICS environments. Get in touch with us to ensure that your operations stay secure and uninterrupted.