Calls to integrate the regulatory oversight of the U.S. food system have been echoed for decades through studies, reports, and policy forums—yet meaningful change has remained elusive. While the FDA’s recent creation of the Office of Inspections and Investigations marks an important step toward more coordinated oversight, the USDA’s FSIS still lacks a parallel structure, and significant gaps persist across the broader food protection landscape.
From food safety and quality to food defense, food integrity, and physical and digital security, the farm to fork system continues to operate in silos. This fragmentation not only creates regulatory confusion for industry stakeholders but also fuels inconsistent enforcement and mixed messages for consumers potentially leading to negative public health impacts and loss of consumer trust due to confusing recall messages—exemplified by the widely cited disparity in how cheese and pepperoni pizzas are regulated by different federal agencies.
This topic will be discussed at the Food Safety Consortium conference in Alexandria VA., October 19-21. Panelists include Benjamin Reading, Ph.D. Interim Assistant Director, NC Agricultural Research Service (NCARS) Associate Professor & University Faculty Scholar, North Carolina State University and Jason Bashura, M.P.H., RS, a 25+ yrs. public health and food protection professional. Ben and Jason discuss the need for truly unified, risk-based U.S. food protection system in this 26 minute recorded webinar. To watch the video, click on the image below or this link: Watch the Webinar.
Ben and Jason discuss the need for truly unified, risk-based U.S. food protection system in this 26 minute recorded webinar
After watching the video, we invite you to take a quick 5 question survey on this topic. You can win a chance to receive a complimentary registration to the Food Safety Consortium by correctly identifying the number of times Jason says the two words “Food Protection” in the webinar. Click here to take the Survey.
The session at the Food Safety Consortium will convene leaders from regulatory agencies, industry, academia, and NGOs to explore the structural and operational challenges that continue to hinder integration. Through their collective insights, attendees will gain a deeper understanding of what a truly unified, risk-based food protection system could look like, why such a system is needed now more than ever, and how emerging solutions—both policy-based and practical—can help close longstanding gaps.
By moving beyond agency silos and outdated jurisdictional lines, this session challenges participants to rethink what it means to protect the food supply and to consider how collaboration can turn complexity into clarity. This is the next step in seeing the forest through the trees—and laying the groundwork for a smarter, more resilient food protection system.
The Food Safety Consortium, presented by Food Safety Tech and the American Frozen Food Institute (AFFI) will take place October 19-21, 2025, at the Crystal Gateway Marriott, Arlington VA directly across the Potomac River from Washington, DC. The Program starts with several pre-conference workshops and training which leads into two full days of high-level panel discussions and educational presentations that will be sure to open your mind and expose you to a variety of topics, ideas and like-minded Food PROTECTION professionals who will be in attendance.
For a limited time, you can receive a 10% discount off registration by entering the discount code FoodProtection. Visit FoodSafetyConsortium.org
In a press release today, U.S. Secretary of Agriculture Brooke L. Rollins, U.S. Secretary of Defense Pete Hegseth, U.S. Attorney General Pam Bondi, and U.S. Secretary of Homeland Security Kristi Noem announced the next pillar of her Make Agriculture Great Again initiative: USDA’s National Farm Security Action Plan. This plan elevates American agriculture as a key element of the nation’s national security, addressing urgent threats from foreign adversaries and strengthening the resilience of the nation’s food and agricultural systems.
The National Farm Security Action Plan takes aggressive action across seven critical areas.
Secure and Protect American Farmland – Address U.S. foreign farmland ownership from adversaries head on. Total transparency. Tougher penalties.
Enhance Agricultural Supply Chain Resilience – Refocus domestic investment into key manufacturing sectors and identify non-adversarial partners to work with when domestic production is not available. Plan for contingencies.
Protect U.S. Nutrition Safety Net from Fraud and Foreign Exploitation – Billions have been stolen by foreign crime rings.
Defend Agricultural Research and Innovation – No more sweetheart deals or secret pacts with hostile nations. American ideas stay in America.
Put America First in Every USDA Program – From farm loans to food safety, every program will reflect the America First agenda.
Safeguard Plant and Animal Health – Crack down on bio-threats before they ever reach our soil.
Protect Critical Infrastructure – Farms, food, and supply chains are national security assets—and will be treated as such.
This National Farm Security Action Plan will serve as the launch point for USDA to work in further unison with governors, state legislators, and federal partners to further integrate agriculture into the broader national security efforts over the coming months and years reaffirming the critical nature of agriculture and the need for a cross governmental approach. Defending access to American abundance and preserving the American experiment is the essence of agriculture security – and it is why farm security is national security.
When you think about today’s cyber threats, ransomware and data breaches are among the first things that come to mind. However, there are also risks associated with our physical safety, including the integrity of global food supplies.
Cyberattacks, specifically those that target food supply chains, can pose a significant risk to our health and safety. Considering how dependent modern society has become on food production and distribution channels, major breaches in any of these areas can have critical long-term impacts on society as a whole.
Whether disrupting automated farming equipment or manipulating integrated industrial controls, it’s important to understand the ongoing risks to our food defense systems and how to better protect them going forward.
Understanding the Cyber Threat Landscape in Food Defense
Food supply chains are operated using a variety of interconnected systems and processes. While these create more opportunities for improvised agricultural development and larger distribution networks, they also create more entry points for cyber attackers.
Below are some of the areas where vulnerabilities that are currently present in food distribution sectors:
Farming and Food Production – Over the years, farming equipment and food production facilities have adopted a number of new technologies to make their processes more efficient. These include automated irrigation systems, livestock monitoring equipment, and other agricultural solutions. Due to their constant connectivity, they can become vulnerable to attacks that can not only manipulate data but could even damage crops or harm livestock.
Processing and Manufacturing – Most food processing plants leverage the use of industrial control systems and temperature monitoring devices to ensure quality control of stored products. The accuracy of these monitoring solutions is critical to minimize the development of harmful bacteria and to ensure the integrity of the products being sold. If these systems become compromised, it can lead to product contamination or major backlogs in production.
Packing and Distribution – Warehouse management systems are used to help food suppliers and distributors manage their logistics processes effectively to ensure timely deliveries to retail outlets. Logistics platforms and transportation networks rely on GPS solutions and temperature controls during transit to ensure transported goods maintain their quality. Hackers can compromise these systems in an effort to misroute products or cause delays in critical delivery networks.
What are the Impacts of Cyber Threats on Food Defense?
Cyber threats against global food production facilities and supporting supply chain networks are more than just inconvenient or financially draining; they can also pose a question of health and safety.
Food Safety Risks
Cyberattacks can directly impact the safety of the food distributed and consumed. For example, a breach in a manufacturing facility could change certain ingredient ratios or tamper with temperature controls that keep food from spoiling or having certain contaminants.
If a cyber attacker gains access to cold storage facilities or delivery systems, they could make changes in operating temperatures that can directly impact the shelf life of large volumes of food.
Economic Issues
The economic impacts of cyberattacks on the food industry can also be significant. Supply chain disruptions caused by attacks on logistics or transportation systems can create shortages, drive up prices, and impact end users.
When considering the extensive recovery costs associated with a cyberattack, including system restoration or legal fees due to breaching certain data security or compliance standards, the long-term damage could be substantial. The cumulative effect of these disruptions can also lead to significant increases in food prices and impact both businesses and consumers.
Public Health Concerns
One of the most concerning impacts of cyberattacks on food defense is the potential for widespread illness. Contaminated or spoiled food can lead to outbreaks of foodborne illnesses, affecting large numbers of people. In severe cases, these outbreaks can result in hospitalizations and even deaths.
The potential for large-scale food recalls triggered by cyberattacks is another issue that can have public health implications. These recalls not only disrupt the supply chain but also create significant costs for businesses and inconvenience for consumers.
Effective Strategies for Mitigating Cyber Threats in Food Defense
Protecting the food supply chain from cyberattacks requires a strategic approach involving a variety of preventative measures. This includes:
1. Implementing Strict Cybersecurity Measures
Having a strong cybersecurity foundation is critical for industries. This includes implementing network security measures like firewalls and intrusion detection systems to prevent unauthorized access. This includes:
Employing firewalls, intrusion detection/prevention systems, and virtual private networks (VPNs) to control network traffic and prevent unauthorized access.
Implementing data encryption at rest and in transit.
Regularly scanning for vulnerabilities and applying software patches and updates as quickly as possible.
Educating employees about cybersecurity best practices, practicing good password hygiene, and following established security protocols.
2. Strengthening Supply Chain Collaboration
Effective information sharing and threat intelligence with all supply chain stakeholders is essential. This includes establishing various cybersecurity standards and protocols across the supply chain to ensure that all partners work from the same baseline level of security preparedness.
Employing penetration testing services to simulate real-world attacks is another important way to ensure that newly adopted security policies and procedures can withstand the latest attack methods. Simulated attacks can also help organizations prioritize their initiatives and collaborate to close critical gaps across interconnected supply infrastructure.
3. Developing Incident Response Plans
Even with the best preventative measures in place, cyberattacks can still occur. This is why developing comprehensive incident response plans is so important for improving food defense. These plans should outline clear procedures for handling cyberattacks, including identifying the incident, containing the damage, and recovering any impacted systems and data.
Creating backup and recovery systems is critical for minimizing downtime in the event of an attack. These systems should be regularly tested to ensure that they can be quickly and effectively deployed.
Effective communication strategies during a crisis should also be defined ahead of time. This includes notifying customers, suppliers, and regulatory agencies about the incident and keeping them informed about the steps being taken to resolve it.
Protecting Our Critical Infrastructure
Cyberattacks targeting the food supply chain can pose a significant threat to agricultural businesses and consumers. By implementing effective cybersecurity measures and strengthening supply chain collaboration, companies can take the necessary steps to protect critical infrastructure while ensuring the continued safety of our food supply.
Food Defense is a new approach to protecting the food supply chain, and it uses advanced data analytics to better understand and respond to threats. It allows food producers to better understand risks, take the most effective steps to mitigate them, and enable operational and financial efficiencies within their businesses.
The poultry industry is under constant threat, from the emergence of new pathogens and shifting consumer preferences to heightened regulatory demands and intricate supply chain networks. As poultry producers spend millions to uphold safety, quality, and profitability, proposed regulations from the USDA and shifting political winds add yet another layer of uncertainty. Companies are drowning in information, but cannot act on them without intelligent, data-driven systems.
Creating an Integrated Approach
A new approach called Food Defense involves using data analytics to better understand and respond to costly diseases and pathogens. It seamlessly integrates advanced diagnostics, data analytics, and software solutions. This comprehensive digital command center for the food supply chain helps producers monitor productivity in near real-time.
Advanced diagnostics and software allow producers to identify and trace harmful microbes with a level of detail that goes beyond traditional methods, which can be costly and represent only a snapshot in time. Emergent tools add rich data to Food Defense systems and can provide insights into gut health, productivity, and microbial loads, which support informed decision-making at the operations level.
In tandem with these diagnostic tools, the integration of supply chain traceability and visibility technology has revolutionized how food products are monitored from farm to table. By combining mobile surveillance systems, CRISPR sequencing, and epidemiological models, companies have developed robust barriers against pathogens, which includes real-time tracking systems to ensure the rapid identification and containment of microbes – enabling efficiencies between live operations and the plant.
The inclusion of artificial intelligence (AI) and machine learning (ML) in these systems represents another significant leap forward. By processing vast amounts of unstructured data – from government reports and news articles to scientific research – AI-driven platforms can now conduct predictive analytics that identify potential risks before they become tangible threats.
To bring all these components together, software-driven intelligence plays a pivotal role in web interfacing (like SaaS) that supports dynamic data visualization, geospatial analytics, alerts and trend analyses.
This integrated approach – melding diagnostics, data analytics, AI, and software – is yielding a more responsive food system overall.
Realizing True Safety and Productivity
Food defense with a proactive approach not only protects consumer health but strengthens the overall integrity of the food supply chain. Real-time insights that these systems provide into items like flock health and production metrics allow for more efficient resource allocation and targeted intervention strategies, potentially saving producers millions in lost productivity.
For instance, in the poultry industry, companies spend millions of dollars at each plant on anti-microbials and sanitation, regardless of the actual microbial load. In one real-world application, a processor was able to use data-driven techniques to optimize their anti-microbial usage, saving an estimated $500,000 per year at the plant. Food Defense systems can monitor threats and respond with the appropriate interventions, both improving food safety and financial performance. Food defense technologies additionally position companies to meet current compliance requirements and stay ahead of evolving standards.
The Future of Food Defense is Innovation
Food systems are complex and interconnected, and the role of technology in maintaining food safety will continue to grow in importance. Yet, as with any technology-driven solution, certain challenges persist. Maintaining strong cybersecurity practices, effectively managing the vast amounts of data generated, and continually adapting to emerging threats will remain critical priorities.
By harnessing technology to build a more resilient, transparent and efficient food supply system, the industry is moving toward a future where safe, high-quality food becomes the standard, rather than the exception.
I watched a movie last year where a woman was being framed for murder using her facial features that were captured by a technology used in a bus that allowed passengers to get in based on facial recognition. In the movie, the woman, who was a cop, was investigating suspicious activity relating to the research of the facial recognition self-driven bus that a high-profile tech company was trying to approve for massive production and introduction into the market. The cop was getting too close to confirm her suspicions. So, the tech company got her face profile and embedded it in a video where another person was killing an executive of the company. This got me thinking about how we use face recognition nowadays and how technology is included in everything we do. So, I pose the question: are we at risk in the food industry in terms of Food Defense?
Recent cybersecurity attacks in the food industry have highlighted the urgency of this question. For instance, in 2021, the world’s largest meat processing company fell victim to a ransomware attack that disrupted its operations across North America and Australia. The company had to shut down several plants, leading to significant financial losses and potential supply chain disruptions.
Similarly, earlier that year, a cyberattack targeted a U.S. water treatment facility, where hackers attempted to alter the chemical levels in the water supply. Although this attack was prevented, it underscored the vulnerabilities within critical infrastructure systems, including those related to food production and safety.
Additionally, in 2022, a large fresh produce processing company experienced a cyber incident that disrupted its operations. The attack temporarily halted production and distribution of packaged salads and other products, causing delays and financial losses. The company paid $11M in ransom to the hackers to restitute order for their operations. This incident further underscores the importance of cybersecurity in the food industry and the potential risks posed by inadequate security measures.
These incidents illustrate the growing threat of cyberattacks in the food industry and the potential consequences of inadequate cybersecurity measures. As technology becomes more integrated into food production, processing, and distribution, the need for robust food defense strategies that encompass cybersecurity has never been more critical.
Understanding Food Defense
Food defense refers to the protection of food products from intentional contamination or adulteration by biological, chemical, physical, or radiological agents. Unlike food safety, which focuses on unintentional contamination, food defense addresses the deliberate actions of individuals or groups aiming to cause harm. In an era where technology permeates every aspect of food production, processing, and distribution, ensuring robust cybersecurity measures is crucial for effective food defense.
The Intentional Adulteration Rule, part of the FDA’s Food Safety Modernization Act (FSMA), mandates measures to safeguard the food supply from deliberate adulteration aimed at causing large-scale public health harm. Key requirements of this rule include conducting vulnerability assessments, implementing mitigation strategies, performing monitoring, verification, and corrective actions, as well as providing employee training and maintaining thorough records.
The Intersection of Technology and Food Defense
The integration of advanced technology into the food industry brings numerous benefits, such as increased efficiency, improved traceability, and enhanced quality control. However, it also introduces new vulnerabilities that can be exploited by cybercriminals. As technology becomes more sophisticated, so do the methods employed by those who seek to manipulate or sabotage our food supply.
AI and Technology: A Double-Edged Sword
Artificial intelligence (AI) and other advanced technologies are revolutionizing the food industry. Automated systems, IoT devices, and data analytics enhance productivity and provide real-time monitoring capabilities. However, these technologies also present new avenues for white-collar crime and cyberattacks. For instance, a cybercriminal could hack into a food processing plant’s control system, altering ingredient ratios or contaminating products, which could lead to widespread public health crises.
Pros and Cons of Using AI and Technology in Food Safety
The adoption of AI and technology in the food industry has both advantages and disadvantages: Pros:
1. Enhanced Efficiency: Automation and AI can streamline food production processes, reducing human error and increasing output. This leads to more consistent product quality and improved overall efficiency.
2. Improved Traceability: Advanced tracking systems allow for real-time monitoring of food products throughout the supply chain. This enhances the ability to trace the source of contamination quickly, thereby reducing the impact of foodborne illness outbreaks.
3. Predictive Analytics: AI can analyze vast amounts of data to predict potential risks and prevent contamination before it occurs. This proactive approach can significantly enhance food safety.
4. Real-Time Monitoring: IoT devices and sensors can provide continuous monitoring of environmental conditions, ensuring that food storage and transportation are maintained within safe parameters.
Cons:
1. Cybersecurity Risks: As seen in recent cyberattacks, the integration of technology introduces new vulnerabilities. Hackers can exploit these weaknesses to disrupt operations or intentionally contaminate food products.
2. High Implementation Costs: The initial investment in AI and advanced technologies can be substantial. Small and medium-sized enterprises may find it challenging to afford these technologies.
3. Dependence on Technology: Over-reliance on technology can be problematic if systems fail or are compromised. It is essential to have robust backup plans and manual processes in place.
4. Privacy Concerns: The use of AI and data analytics involves the collection and processing of large amounts of data, raising concerns about data privacy and the potential misuse of sensitive information.
The Role of Cybersecurity in Food Defense
To safeguard against such threats, the food industry must prioritize cybersecurity as an integral component of food defense strategies. Here are key strategies to consider:
1. Conduct Regular Risk Assessments: Identify potential vulnerabilities within your technological infrastructure. Regular risk assessments can help detect weaknesses and prioritize areas needing immediate attention.
2. Implement Robust Access Controls: Ensure that only authorized personnel have access to critical systems and data. Use multi-factor authentication and monitor access logs for suspicious activity.
3. Invest in Employee Training: Employees are often the first line of defense against cyber threats. Provide comprehensive training on cybersecurity best practices, including recognizing phishing attempts and other common attack vectors.
4. Update and Patch Systems Regularly: Ensure that all software and hardware are up-to-date with the latest security patches. Regular updates can mitigate the risk of exploitation through known vulnerabilities.
5. Develop Incident Response Plans: Prepare for potential cyber incidents by developing and regularly updating incident response plans. These plans should outline specific steps to take in the event of a security breach, including communication protocols and recovery procedures.
6. Utilize Advanced Threat Detection Systems: Employ AI-driven threat detection systems that can identify and respond to unusual activity in real-time. These systems can provide an added layer of security by continuously monitoring network traffic and system behavior.
7. Collaborate with Cybersecurity Experts: Partner with cybersecurity professionals who can provide insights into emerging threats and recommend best practices tailored to the food industry’s unique challenges.
Current Efforts to Standardize the Use of AI
Recognizing the critical role of AI and technology in modern industries, including food production, international efforts are underway to standardize their use and ensure safety, security, and reliability. Two notable standards introduced recently are ISO/IEC 23053:2022 and ISO/IEC 42001:2023.
• ISO/IEC 23053:2022: This standard focuses on the transparency and interpretability of AI systems. It aims to make AI-driven processes understandable and explainable to users, which is crucial for maintaining trust and accountability. In the context of food safety, this standard can help ensure that AI decisions, such as those related to quality control and contamination detection, are transparent and can be audited.
• ISO/IEC 42001:2023: This standard provides guidelines for the governance of artificial intelligence, ensuring that AI systems are developed and used responsibly. It addresses ethical considerations, risk management, and the continuous monitoring and improvement of AI systems. For the food industry, adhering to this standard can help ensure that AI technologies are implemented in a way that supports food safety and defense.
As the food industry continues to embrace technological advancements, the importance of integrating robust cybersecurity measures into food defense strategies cannot be overstated. By understanding the potential risks and implementing proactive measures, we can protect our food supply from malicious actors and ensure the safety and security of the public. The scenario depicted in the movie may seem far-fetched, but it serves as a stark reminder of the potential consequences of unchecked technological vulnerabilities. Let us learn from fiction to fortify our reality
The author will be presenting Food Defense in the Digital Era at the Food Safety Consortium Conference. More Info
In this archived recording, experts in food defense and security address a range of important issues in this area, including risk-based approaches to food defense, threat intelligence, cyber vulnerabilities and critical infrastructure protection.
The session, Food Defense: Yesterday, Today and Tomorrow, discusses pre-FSMA IA Rule voluntary food defense programs, compliance timelines, and regulatory compliance vs. enterprise risk based approaches to food defense. Presenters will address the status of Food Defense plan quick checks and share insights on Food Defense Plan reanalysis. Participants gain insights on threat intelligence sources and food defense-based research updates. Other topics to be covered include a brief overview of recently released insider risk mitigation reference material, cyber/IT “vulnerabilities”, critical infrastructure protection and how an all-hazards mindset to “all of the above” can help to contribute to a Food Protection Culture.
The following is the line up of speakers for this episode,
Jason Bashura, PepsiCo (moderator)
Food Defense Yesterday with Raquel Maymir, General Mills
FBI HQ Perspectives of Food Defense with Helen S. Lawrence and Scott Mahloch, FBI
Food Defense Tomorrow with Frank Pisciotta, ASIS Food Defense & Ag Security Community and Cathy Baillie, Mars, Inc.
Risk-based Food Defense with Jessica Cox, Department of Homeland Security, Chemical Security Analysis Center
Food Defense & Supply Chain Perspectives: Regional Resilience Action Plan with Jose Dossantos, Department of Homeland Security/CISA
Food Safety Tech is thrilled to announce that James (Jim) Jones, Deputy Commissioner for Human Foods at FDA, will be the keynote speaker for the 2024 Food Safety Consortium, which will be held October 20-22 at the Crystal Gateway Marriot in Arlington, Virginia. Jones joined the FDA in September 2023 as the agency’s first Deputy Commissioner for Human Foods.
Now in its 12th year, the Food Safety Consortium brings together food safety and quality assurance professionals for education, networking and discussion geared toward solving the key challenges facing the food safety industry. In addition to two days of educational presentations and panel discussions, the Consortium will offer full-day pre-conference workshops, focused on topics including auditor training and food safety culture design, on Sunday, October 20.
This year’s session highlights include:
Navigating Global Food Systems: Insights and Strategies for Compliance with FDA’s Food Traceability Rule
Presenters: John Crabill, Director of Food Safety & Quality, Chipotle; Adam Friedlander, Policy Analyst, Coordinated Outbreak Response and Evaluation (CORE) Network, FDA; Julie McGill, VP of Supply Chain Strategy & Insights, Trustwell; and Sara Bratager, Sr. Food Safety & Traceability Scientist, Global Food Traceability Center at IFT
Are you the weakest link in the supply chain? Steps for bulletproofing your facility to become a major supplier
Presenters: Jorge Hernandez, VP of Quality Assurance, The Wendy’s Company; Tyler Williams, President, ASI
Next Level Preventive Controls
Presenter: Cathy Crawford, President, HACCP Consulting Group
Understanding Corrective Actions, Nonconformities and Root Cause Analysis
The Food Safety Consortium is an educational and networking event for Food Protection that has food safety, food integrity and food defense as the foundation of its educational content. With a unique focus on science, technology and compliance, the “Consortium” enables attendees to engage in conversations that are critical for advancing careers and organizations alike. Delegates visit with exhibitors to learn about cutting-edge solutions, explore high-level educational tracks, and network with industry executives to find solutions to improve quality, efficiency and cost effectiveness in the evolving food industry.
Share your expertise, experience and/or research with fellow food safety and quality assurance professionals at the 2024 Food Safety Consortium, taking place on October 20-22, 2024, at the Crystal Gateway Marriott, near downtown Washington, DC.
We are seeking abstracts for educational presentations, panel discussions and Posters in the following categories:
Presented by Food Safety Tech, the Food Safety Consortium is a business-to-business conference that brings together food safety and quality assurance professionals for education, networking and discussion geared toward solving the key challenges facing the food safety industry today.
For sponsorship and exhibitor inquiries, contact RJ Palermo, Director of Sales. Stay tuned for registration and early bird specials.
If you missed this fall’s Food Safety Consortium, don’t miss the latest episode of the “Don’t Eat Poop” podcast featuring Food Safety Consortium founder and Food Safety Tech publisher, Rick Biros, as he discusses the conference’s history and role in improving food safety, with hosts Francine Shaw and Matt Regusci.
In fall 2021, G&J Pepsi-Cola Bottlers Inc, came face-to-face with a potential ransomware attack and was able to avert it. We spoke with G&J’s enterprise infrastructure director, Eric McKinney, and cybersecurity engineer, Rory Crabbe, to learn more about how they detected and responded to the attack, the steps they have taken to strengthen their cybersecurity, and what advice they have for other food companies in the wake of the near catastrophe.
What happened to G&J back in 2021, and when did you realize something was wrong?
McKinney: Around Labor Day of 2021, we received a really weird call. The callers were acting as if they were friends looking out for our best interest, and they alerted us to the fact that there may be compromises to our system. They showed us a spreadsheet of usernames in our active directory to verify that they were in our systems, and they said we could pay them to prevent an attack. We did not engage with them further—and we think they may have been part of it—but we believed that something was happening.
Eric McKinney
We went through all of our servers—we don’t have a large footprint, because we are a cloud first organization—but we did detect some software that should not have been installed on a couple of our servers. We removed that immediately, but we were unable to find the beacons that they leave behind that act as triggers to start encrypting your files.
We made the decisions that if anything happened, we were not going to negotiate, we were not going to try to get our systems back, we were going to shut everything down and roll back. I put myself on call and sure enough I got a call two days later at 3:00 a.m. from one of our people. He was logging in remotely to a server and he said, “Something don’t look right.” I go to his screen and I immediately see the locked files and realize this is really happening.
The thing that saved us ultimately is we use native platform backups. We use Microsoft Azure. So we immediately shut everything down and started rolling back our systems as far back as we could go. Those backup files were not compromised because we don’t leverage backups that tie to a file system within a server. The only way you can touch them is if you have our Cloud credentials, which are all multi-factored.
How did this affect operations?
McKinney: The net impact was our critical systems were down for about seven to eight hours, and we were recovering PCs for almost a week—there were 100 to 150 PCs that were impacted as it continued to move laterally through our organization, and we had to get them all flushed out. We had to roll the system back two weeks, so we lost two weeks of data. That impacted the accounting team the most.
We did experience an event—it was not an almost event. But we never lost a single case of sales and we never paid a single dollar. We took everyone’s computers and blew them away, handed them right back to them and said you’re starting fresh. Fortunately, this only affected employees’ files. They could still get their emails and the things that were in OneDrive.
The things that really worked in our favor were our Cloud-first strategy and getting away from a legacy client architecture. We were still able to communicate. We could send emails, we could set up Teams and we had all the tools to coordinate and get out of this and recover as quickly as we did. The second thing was having those native platform-based backups.
How did this change your digital and cybersecurity strategies?
McKinney: We were doing weekly backups, now we back up every day. And these are full system backups, which means that if you hit restore, the whole system lights back up not just the data but also your operating system that it runs on.
Crabbe: We also reached out to a lot of companies, including Arctic Wolf, who we ultimately began working with to help us figure out what we didn’t know. We worked with them to go through our environment and come up with ideas on how to improve. We are a big Microsoft shop, and we started utilizing a lot of the native tools that we already had such as Defender for Endpoint and the security portal. This addressed a lot of the low hanging fruit, such as automatic updates and not allowing outside vendors to contact us without going through a vetting process.
Rory Crabbe
Arctic Wolf went through our system and sent us a list of recommendations, and a lot of what we did involved utilizing the native tools that we already had, shoring up our defenses, making sure the backups work and creating a disaster recovery plan.
McKinney: We quickly went from being a business of convenience, where we said, “let’s allow USB drives,” to changing all of our technical policies by turning on all of our attack surface reduction rules. We blocked all logins from outside the U.S. and brought in new team members dedicated to cybersecurity.
I have some self-confidence issues due to this attack because your failures are put on display, and there is a feeling that if you were doing a better job this would have been prevented. But we were a very small team and we were responsible for cybersecurity, ERP (enterprise resource planning) initiatives, development initiatives, support and infrastructure initiatives and data initiatives. When you’re wearing all of these hats things do get missed, and in the end it ended up being one application update. One application patch was exposed, which set all of this off. in terms of where we’ve gotten better, we signed up with an MSP (managed service provider) to monitor our environment 24 hours a day seven days a week. In addition, these companies assist your team by keeping them up to date with the latest techniques and providing proactive communication on things that we should be doing to secure and protect our environment.
We’ve taken a lot of steps over the past two years and we still have a long way to go. We will never stop or become complacent.
There is a concern among some people that the Cloud is less secure, and it’s better to control your own servers. Is that a misconception?
Crabbe: When it’s on premise it is your responsibility. If something happens to your infrastructure, you’ve got to be on call and wake up to deal with that. So not only is the Cloud a reduction in personnel work; it’s also peace of mind. Microsoft has its own team of engineers, and they have physical security in place as well. The Azure building is protected by armed guards to protect the data from physical hackers. It’s a lot easier to apply security policies to something that’s in the Cloud because Microsoft can give you options for all kinds of things that you didn’t even know you needed. This makes it easier to visualize where you are and where you need to go.
McKinney: These are also publicly traded companies that have to follow all of the controls that come with being publicly traded. They’re going to do a better job than the one or two individuals that you have at your company who cannot work 24/7 365 days a year.
I appreciate you guys talking openly about this, because one of the issues that comes up in food defense and cybersecurity is people aren’t necessarily sharing information that could help others recognize vulnerabilities. Is it difficult to share this information?
McKinney: We didn’t want to talk about it for a long time. It’s hard to put your failures—or at least what is perceived as a failure—out there. But when you look around, you realize this can happen to anyone. It happened to MGM with all their resources. And one issue that isn’t discussed very often is, behind the business implications is an incredibly stressed out IT team that really is traumatized by an event like this.
In talking with others who have been through this, it’s often the most stressful thing that’s ever happened in their lives. It certainly is the most stressed out I’ve ever been. You’re thinking, I just cost my company millions of dollars. I shut down my business. We may not be able to get product to our people. So many things flash through your mind, and you really don’t want to talk about it or advertise it. Luckily for us, we had the right systems but most importantly we had really great executive support and great team members to help us recover.
When it comes to access management, companies have to balance convenience for their employees with the need for stringent security. Were employees understanding of the changes you had to make, and how did you communicate these changes in processes?
Crabbe: There was a lot of frustration with people saying this worked before, why can’t we do it now? One of the benefits of being a family-owned company is that we are a fairly small group, so we were able to deal with it on almost a case-by-case basis. We have an internal system that people can submit their issues or requests through, and we review them. For example, if somebody needs to move a device to a USB stick to take to an external vendor, we can look at that and say what alternatives do we have? Can we use OneDrive or another native tool to share that information? Does it have to be a USB stick? Or, if someone is going on vacation in Mexico, they can submit a ticket and we can allow them remote access from a specific country for a specific amount of time so they can log-in. We can tell them yes or no on a case-by-case basis and explain why we made the decision.
McKinney: This event also made us ask questions like, do we even need USB sticks? There are so many other tools we can use. A lot of the changes involved looking at more modern ways to collaborate. And a lot of that revolves around retraining and catching your workforce up with the new tools that we have available.
Based on your experience, what advice would you offer other companies?
McKinney: The IT spend in the food and beverage industry is typically small compared to industries like insurance or banking or health care. You need to capture all the signals from all your systems—emails being sent, open, received, etc.—and you must monitor those. Then you need the right algorithms and the right people to make sense of that data. If you are not able to maintain a large enough in-house team, investigate an MSP. They can ingest all the signals, funnel them and turn all that data into actionable items. Also, store your backups off site and limit access. Don’t store them with your production data.
Crabbe: Shore up your defenses using your native tools and create a disaster recovery plan. Those would be my two biggest recommendations for any company going forward. Dig deep and utilize what you’ve got. There’s probably a lot more available to you than you realize you have, and don’t be afraid to reach out to third-party vendors for help.
The U.S. Food and Agriculture (FA) sector is facing significant risks that require improved communication and collaboration between industry and government agencies. On July 13, the FDA, USDA and Department of Homeland Security (DHS) released the 120 Day Food and Agriculture Interim Risk Review, which provides a review of critical and emergent risks to the FA sector, as well initial mitigation strategies, factors contributing to risk and proposed actions to address risks.
Risks identified in the review include:
Chemical, Biological, Radiological, & Nuclear (CBRN) Threats. CBRN threats are defined as “hazardous contaminants such as poisonous agents including toxic industrial compounds and materials, toxins, and chemical agents and precursors; natural or genetically engineered pests and pathogens of livestock, poultry, fish, shellfish, wildlife, plants, and insects; and physical effects of nuclear detonations or dispersion of radioactive materials.”
Initial Mitigation Strategies: Prevention of CBRN incidents may be achieved through expanding and enhancing existing physical security and administrative controls, including many food defense mitigation strategies, such as control of entry systems at critical points in production, processing, storage, and transportation, surveillance of critical points, pre-employment screening, and clear marking of employees who are authorized to be at critical points.
Cyber Threats. While these are not new risks, the review notes that as the food industry increases its dependence upon technology, including the move toward automation, precision farming and digital agriculture, the likelihood and severity of a crippling cyberattack increases.
Initial Mitigation Strategies: Some FA sector entities have assessed and mitigated cybersecurity vulnerabilities through entity-specific action, using and applying the National Institute of Standards and Technology Cybersecurity Framework or other actions. Future activities should include the reviewing and securing of interconnectivities between systems. To do this, all FA sector entities, both public and private, must improve their understanding of cyber threats and vulnerabilities and reduce their gaps in protection. Future efforts in cybersecurity in the FA sector should prioritize the sharing of information about cyberattacks, research into cybertheft of food and agriculture intellectual property, FA sector dependency on the energy sector and interdependencies within the FA supply chain. The review also highlights the need for funding for a program to assist small and medium size facilities to increase implementation of effective cyber security mitigations.
Climate Change: Natural disasters and extreme weather events, limited water resources, loss of pollinators and pollinator services, and increased exposure potential to pests and pathogens are among the threats to future agricultural productivity which may be exacerbated by climate change.
Initial Mitigation Strategies: Research on environmental hazards and degradation within the FA sector should include water use, irrigation system improvements, dryland management practices, and crop system utilization. Similarly, research targeting pollinator habitat, how climate change affects pollinators, pollinator forage, and pollination rates as it pertains to crop yield, and current and emerging pests and pathogens that negatively impact the optimal health outcomes of people, animals, plants, and their shared environments to include the health of pollinators is vital to long-term crop sustainability and food security. The use of improved monitoring systems, predictive modeling to inform surveillance, early warning systems, and better control options can help reduce the risk of pest and disease agricultural damage due to climate change.
Potential Factors Contributing to Risk
A “potential factor contributing to risk” is defined in the review “as features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.” These include:
Food and Agriculture Industry Consolidation
Input Shortages, including labor, energy, IT/data, and consumables.
Aging and Insufficient Transportation Infrastructure
Trade Disruptions
Foreign Acquisition
Gaps in Preparedness
Proposed Actions
The FDA, USDA and DHS developed a timeline of proposed actions, which includes short-, mid- and long-terms strategies to enhance strategic planning, understanding of FA sector risks, and information sharing and engagement. Next steps include:
Threat Assessment: Identify potential actors and threats, delivery systems, and methods that could be directed against or affect the FA sector. (60 days and annually thereafter)
120-Day FA Risk Review: Identify risks to the FA sector from all hazards, identify activities to mitigate risks categorized as high-consequence and catastrophic, identify steps to improve coordination and integration across the FA sector, inform ongoing development of the Federal Risk Mitigation Strategy. (120 days)
Vulnerability Assessments: Identify vulnerabilities within the FA sector in consultation with state, local, tribal, and territorial (FSLTT) agencies and private sector partners. (180 days)
Risk Assessment: Prioritize by the highest risks for the FA sector, implement benchmarking off of results generated from the CBRN Strategic Risk Assessment Summary. The first draft would focus on CBRN and cyber threats with later iterations to include other threats (e.g., energy disruption, pandemics, catastrophic weather events, consequences of climate change). (365 days)
Risk Mitigation Analysis: This will include high-level actions for mitigating threats, a proposed timeline for their completion and a plan for sharing information. The analysis will identify strategies, capabilities, and areas of research and development that prioritize mitigation of the greatest risks as described in the risk assessment, and include approaches to determine the effectiveness of national risk reduction measures. (545 days)
A Unifying Food and Agriculture Community Architecture
Recognizing the need for improved coordination and communication, and an over-arching framework to direct and maintain a consistent
approach to preparedness and response to high-consequence and catastrophic incidents within the FA sector, the review also includes a proposed “Food and Agriculture Resilience Architecture.”
The proposed Architecture represents an “integrated, whole-of-community and whole-of-government system of stakeholders and capabilities” approach to strengthening the readiness and resilience of FA sector.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for these cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
We also use cookies to store your preferences regarding the setting of 3rd Party Cookies.
If you visit and/or use the FST Training Calendar, cookies are used to store your search terms, and keep track of which records you have seen already. Without these cookies, the Training Calendar would not work.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Cookie Policy
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we say “cookies” to discuss all of these technologies.
Our Privacy Policy explains how we collect and use information from and about you when you use This website and certain other Innovative Publishing Co LLC services. This policy explains more about how we use cookies and your related choices.
How We Use Cookies
Data generated from cookies and other behavioral tracking technology is not made available to any outside parties, and is only used in the aggregate to make editorial decisions for the websites. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent by visiting this Cookies Policy page. If your cookies are disabled in the browser, neither the tracking cookie nor the preference cookie is set, and you are in effect opted-out.
In other cases, our advertisers request to use third-party tracking to verify our ad delivery, or to remarket their products and/or services to you on other websites. You may opt-out of these tracking pixels by adjusting the Do Not Track settings in your browser, or by visiting the Network Advertising Initiative Opt Out page.
You have control over whether, how, and when cookies and other tracking technologies are installed on your devices. Although each browser is different, most browsers enable their users to access and edit their cookie preferences in their browser settings. The rejection or disabling of some cookies may impact certain features of the site or to cause some of the website’s services not to function properly.
Individuals may opt-out of 3rd Party Cookies used on IPC websites by adjusting your cookie preferences through this Cookie Preferences tool, or by setting web browser settings to refuse cookies and similar tracking mechanisms. Please note that web browsers operate using different identifiers. As such, you must adjust your settings in each web browser and for each computer or device on which you would like to opt-out on. Further, if you simply delete your cookies, you will need to remove cookies from your device after every visit to the websites. You may download a browser plugin that will help you maintain your opt-out choices by visiting www.aboutads.info/pmc. You may block cookies entirely by disabling cookie use in your browser or by setting your browser to ask for your permission before setting a cookie. Blocking cookies entirely may cause some websites to work incorrectly or less effectively.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block all cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.
