Cybernetics offer the potential for large-scale hostile interference in the food supply.
When Smithfield Foods closed a pork farm in Sioux Falls, and joined other meat and poultry processing companies that had closed with Tyson Foods, Cargill and JBC in the United States, headlines suggested the country was dangerously close to the brink of food shortages. So how safe is the food supply?
The recent closure was caused by the COWID 19 pandemic. This is probably a temporary risk, but all modern factories are constantly exposed to the constant threat of cyber attacks. Kovid-19 only drew attention to a risk that was insufficiently taken into account: How safe is the food supply chain?
That’s a question to ask. The food supply is one of the pillars of an orderly society and catastrophic food shortages will quickly lead to social unrest. In Western democracies, which have not had serious food shortages for more than 70 years since the end of the Second World War, this should happen faster and more seriously.
Cyber risk and threat
There’s no risk if there’s no threat. Then the first question is whether there is a cyber threat to the food supply. Is it likely that cybercriminals are attacking the food industry?
The answer is obvious: Yeah; and there are at least three obvious channels: Hacktivists, cyber gangs and nation states. And the fourth is the competition. The extent of espionage and sabotage by competitors will also increase as organizations compete for technological superiority in this area, warns Daniel Norman, research analyst at the Information Security Forum (ISF).
There is a growing social movement that is using the rebirth after the KOVID blockade as an opportunity to redefine the way society functions. Pollution decreased rapidly and nature recovered quickly. Environmentalists are calling on governments to invest in green technologies to revitalise the post-pandemic economy.
If this does not happen and former polluters return to their traditional practices, activists are likely to punish the worst offenders. He’ll probably have a double center of gravity: Environmentalists concerned about the increasing pollution of the environment and animal rights activists protesting against a return to mass slaughter.
This can take the form of large-scale DDoS attacks or even direct attacks on individual installations.
Criminal groups are driven by two interrelated themes: opportunities and money. The pandemic will focus on the food supply chain and both problems are clear. The pandemic will be followed by a recession, possibly followed by a deeper depression. Even in the best-case scenario, a large number of sectors of society will in the near future be committed to sharply reduced incomes.
The threat is not new. Theft of food has always been a common phenomenon: Those who have none are forced to steal from those who have many. In the distant past, these were petty thefts – actually, petty thefts. In the recent past, criminal gangs have been more involved in theft at distribution points (theft of goods) and in warehouses.
It’s on: Recent data from the Vehicle Protection Association (TAPA) show that cargo theft has increased by 114% in the last 12 months. 3. May 2020 FreightWaves made a report: Trucks with food and other supplies have been very popular with thieves on the highways of Mexico in recent weeks. According to a study by LoJack Mexico, the number of truck thefts during the coronavirus pandemic increased by 25%.
But cybercrime can take it to the next level. Whole batches of food can be diverted and stolen. Whole food companies can be extorted for a lot of money. Information and communication technology networks could be jeopardised by ransom payments, and the rapid decline in food production would encourage ransom payments. Since most of the food industry is made up of small, local businesses, it is often a question of whether to pay or economise – and this comparison will attract other intruders.
The importance of the food supply chain has not escaped the military’s attention. In 1812, when Napoleon invaded Russia, the Russian army withdrew, but pursued a scorched earth policy to rob Napoleon’s army of its supplies. Without supplies Napoleon was forced to withdraw from Moscow, which eventually probably led to his downfall.
It is a well-known fact, says Norman EWB, that in times of conflict a party capable of disrupting the food supply chain will inevitably win. It can thus be assumed that cyber attacks by domestic actors and state-sponsored terrorist groups will target organisations dependent on new technologies and disrupt global supply chains.
Cyberspace offers the possibility of large-scale hostile disruption of the food supply. From a military point of view, this may be a harbinger of kinetic warfare, but the cyber age has introduced a new style of cyber warfare. The United States experienced this in 2016, when Russia interfered in the presidential elections. Perhaps the aim was not to directly influence the outcome of the elections, but to demoralize the American people. With a demoralized people, the effectiveness of the nation on the world stage is inevitably weakened.
One way to weaken the enemy is to create an internal conflict, Shihi of IOActive added. You can survive about three minutes without air, three days without water and about three weeks without food. People revolt very quickly when they can’t get food. Even with this relatively civilized blockade of COVID, the tension on the food chain has led to very high tensions between people.
Continued disruption of the food supply chain will inevitably lead to the demoralisation of the population. In extreme cases this would lead to disturbances on the street and looting of food. The possibility of such a threat from a hostile nation cannot be ignored.
Safety of the food supply chain
The food industry is no different from other industries – it has rapidly developed into a fourth industrial revolution. Computing and EO converge, and EO uses the same ICS devices with the same vulnerabilities as in other industries. The same continuous production priority for system updates applies, and Windows 98 is still in use. But as old and fragile systems are still used, new technologies that have not yet been tested in combat, such as advanced sensors, robotics, unmanned aerial vehicles and autonomous vehicles, are being introduced into the industry.
Learn more about vulnerabilities in industrial systems at the ICS Cybersecurity Conference, SecurityWeek 2020, and the virtual events series SecurityWeek Security Summits.
One of the trends we see in the entire food industry, according to Shihi, is the trend towards automation. This is partly a response to the pandemic – the robots are not sent home in a similar or repeated scenario. Work is a greater risk for companies than robots. However, the move to more automation will change the risk profile in a way that many organisations have never had to manage before – operational technology was not considered a risky priority.
This reinforces Matt Rahman (Managing Director of IOActive), an industrial structure. Approximately 74% of food producers have fewer than 20 employees. About 97% of them have less than 500 employees. They do not have the staff or specialists to manage their cybersecurity properly.
It should also be mentioned that the food supply chain is more complex than the supply chain of most industries. Elsewhere in the supply chain, third party suppliers, the supply of products or spare parts and the manufacturer are mainly involved. In the case of food, it concerns third party suppliers (usually farmers), food supply, food processing (producer) and then complex further distribution to the grocery/supermarket and/or the consumer. Every step in this chain can be endangered.
The use of technology has grown rapidly in virtually every segment of our agricultural sector, including food production, processing and distribution, says Parham Eftekari, founder and president of the Institute for Critical Infrastructure Technologies (ICIT), and experts predict that this trend will continue as robotics and self-propelled trucks pave the way for a self-sustaining future. This creates significant opportunities to disrupt our supply chain and address food safety issues.
He moved on: We are already hearing about the closure of processing plants and the risk of food shortages. What would happen if refrigeration systems were hacked during the production and storage of perishable foodstuffs during national food shortages? It only takes a few high-profile attacks to sow panic among civilians, which could lead to a rush to the grocery stores and endanger the already precarious food supply.
The food industry supply chain is vulnerable at every stage. Farmers use GPS technology and robotics to apply fertilizers and grow crops to optimize yields, Eftecari said. What if these systems – unknown to them – are hacked, resulting in a harvest that does not meet national expectations.
Norman added: 5G environments will allow precision agriculture and arable farming at the level of individual crops or livestock, but will use IoT devices and poorly protected drones to monitor soil fertilisation, nitrogen content, pest control and water and sunlight requirements. Combine harvesting robots will work in private 5G networks, and machine learning systems will calculate and monitor optimal conditions in larger, more interconnected ecosystems. The risk that the integrity of the information is violated can significantly change the production process.
At local level, it may be a criminal attack by a group of hacktivists who oppose the use of certain pesticides or genetically modified crops in general. Agriculture is one of the largest sources of greenhouse gas emissions in the world, Norman said. Extreme levels of methane and nitrous oxide emissions and water consumption make it a constant target for activism. As dependence on technology increases, hacktivists will disrupt the technologies at the root of the supply chain.
At the national level, in the context of modern geopolitical disorganization, the goal may be to reduce the yield of whole crops – a shortage of wheat, maize and soya beans will cause both economic and social damage.
The spread from farmer to processor and from processor to distributor has long been subject to theft by criminals – and the cyber element is increasing. Criminals are hacking into distribution companies, comments Rahman IOActive, to get shipment information, create fake invoices, bills of lading, and manifests to falsify delivery/receipt times when they can just pick up the stolen cargo.
The food processing plant is clearly an important target for cybercriminals, especially for extortion. Ransomware is already focusing on production. Today we hear stories about the closure of processing plants and the risk of food shortages, according to Eftecari. What happens if refrigeration systems are hacked during the production and storage of perishable food during national food shortages? It only takes a few high-profile attacks to sow panic among civilians, which could lead to a rush to the grocery stores and endanger the already precarious food supply.
Here, the worst-case scenario could be that of terrorist groups, not nation states or criminal gangs. The motive will be to do harm, not to sow discord or buy money. These groups are not afraid of embezzlement or retaliation, but may try to enter processing plants to damage equipment or toxic supplies.
Outside the processing plant, the food supply chain continues to the point of sale. So far, the threat has been physical distraction or old-fashioned cargo theft. The situation will change in the coming years as more and more deliveries are made by individual trucks. Autonomous vehicles have proven their hacking capabilities. Experts expect the trend of the food industry’s transition to new technologies to continue, warns Eftekhari, with robotics and self-propelled cargo ships paving the way for a self-sustaining future. This creates significant opportunities to disrupt our supply chain and address food safety issues.
But the threat already exists in the trucks that are currently connected. The cabins of heavy trucks are vulnerable to possible cyber-attacks, warn the sheiks, just like their refrigerated trucks. Modern refrigerated trucks often have their own monitoring system that is remotely accessible via mobile phone networks. Often they are also connected to the vehicle’s control network (CAN bus) and represent a potential point of attack to compromise the overall security of the vehicle.
The COWID 19 pandemic demonstrated the vulnerability of the global food chain. This vulnerability will not be lost to cybercriminals. As the world evolves from a pandemic to an economic recession, criminals will almost certainly keep a close eye on the food supply chain to make money. The risk does not apply to a particular part of the chain or to a particular type of criminal – it is the entire chain that is at risk.
If an offender wants to disrupt the food supply in any way, one area may be transportation, the second may be food processing, but the third may be food safety, Shihi said. If the cold room is not kept at the right temperature, the food will spoil. Even if the various parts of the supply chain have been able to carry out production, transportation and processing in a secure environment, you may still find yourself in a situation where supply is limited due to a compromise on the integrity of security processes.
That’s what it looks like: Researchers analyse entry points, attack vectors on production systems
That’s what it looks like: Huawei and supply chain security – Major geopolitical debate
That’s what it looks like: The company analyses the risks in the supply chain of electronic voting machines in China and Russia.
That’s what it looks like: Intel Computing Lifecycle Guarantee to protect the platform’s energy chain
That’s what it looks like: Supply chain attacks almost doubled in 2018: Symantec
Kevin Townsend is a prominent member of SecurityWeek. He wrote about high-tech problems even before Microsoft was born. Over the past 15 years, he has specialized in information security and has published several thousand articles in dozens of different magazines, from The Times and Financial Times to modern and old computer magazines.
Kevin Townsend’s previous columns: