Food industry “not very” ready for cyberattacks
Is the produce/retail supply chain vulnerable to cyber-attacks? How can the industry take steps to reduce that risk?
When I posed that question to the LinkedIn Fresh Produce Industry Discussion Group on June 2, I received some thoughtful remarks.
Industry veteran Paul Manfre speculated that a singular cyberattack should not disrupt the produce supply chain, noting that the market share of any one produce marketer is relatively modest.
“I could be wrong, but I don’t think any one company controls 25% of produce. If you took out Walmart for example, in most areas there would be another option," Manfre said. "Come to think of it the hacker scenario may be a good reason not to have large retail buying platforms for buying and selling. If many retailers and suppliers were on the same platform and it was hacked, that would cause a MAJOR disruption.”
Produce buyer Salvador Craules Ruíz said, “I believe that in a global environment it may be susceptible to certain effects, but traditional production models operate in most producing countries and even in the USA, the levels of technical production would not greatly impact the availability of goods.”
Greg Gatzke of President ZAG Technical Services, Inc. said too many in the industry are unprepared.
“The industry as a whole is vulnerable," Gatzke said. Overall, there are various levels of preparedness. Too many are woefully unprepared.
"What is needed is for every organization to rise up to a minimal level of preparedness. There are basic standards that every company should implement to work to keep the criminals out and to recover quickly should they get in. Until we join together and come up with a minimum security baseline, the industry is at risk. Fresh produce is a highly automated 24x7 endeavor, and to not have sufficient protections and plans in place will only lead to disaster.”
In June 2 coverage, Farm Journal’s Greg Henderson reported meatpacker JBS USA was nearly fully operational after its network was attacked over the Memorial Day weekend.
News of the apparent ransomware attack dominated the Drudge Report on June 1-2 and greatly disrupted cattle markets, at least fleetingly, in early June.
This has happened before and will likely happen again.
From Henderson’s story:
Ransomware expert Allan Liska of the cybersecurity firm Recorded Future told the Associated Press the attack on JBS was the largest yet on a food manufacturer. But he said at least 40 food companies have been targeted by hackers over the last year, including brewer Molson Coors and E & J Gallo Winery.
Food companies, Liska said, are at “about the same level of security as manufacturing and shipping. Which is to say, not very.”
“Not very” is not very reassuring. The fresh produce industry is sprawling, and its many moving parts that would be hard to paralyze. Still, considering the growing toll of cyberattacks on the economy and the food industry, it seems that “rising up to a minimum security baseline” is good advice.