Tag Archives: intentional contamination

Scott Mahloch, FBI, Food Safety Consortium

FBI Says Terrorists May Target Food Sector

By Maria Fontanazza
2 Comments
Scott Mahloch, FBI, Food Safety Consortium

Many people associate terrorism with spectacular attacks such as those that occurred on September 11. However, lone wolf attacks are far more likely to happen in what has unfortunately become the new normal. “The last thing on your mind is a terrorist being interested in food. It does exist, and bad guys do have an interest in this area,” said Special Agent Scott Mahloch, weapons of mass destruction coordinator for the Chicago division of the FBI during the Food Safety Consortium last week. What does this mean for the food industry?

SA Scott Mahloch will present FBI’s Role in Food Defense on November 29 at the 2017 Food Safety Consortium | Learn moreAccording to the Department of Homeland Security, with 2.2 million farms and 900,000 restaurants in the United States, the food and agricultural sector accounts for 1/5 of the national economic activity. There are several industry targets for terrorism: Food processing facilities; food storage and distribution; restaurants, grocery stores and markets; commercial facilities; and cruise lines.

While Mahloch emphasized that there is no imminent threat to the food sector, one of the biggest areas of concern for this particular industry is the insider threat. “The insider threat is that person [who] knows the facilities, processes, distribution network and can cause the greatest impact,” said Mahloch. This can be in the form of a disgruntled employee who has or can gain access to equipment or other areas of a facility that would otherwise be secure and then introduce contaminants into food products. Mahloch stressed the important role that a food company plays in monitoring employees and reporting any deviation from normal behavior. This is not an easy task—in fact, it is the most difficult threat to detect, and the most difficult threat to protect against, Mahloch pointed out.

Insider Threat: The threat posed by an individual who exploits his/her position, credentials or employment to achieve trusted access to the means, processes, equipment, material, location, facility and/or target necessary to carry out a terrorist action.

The likelihood of an employee becoming an insider threat increases with a variety of personal factors, including financial need, feelings of anger or revenge, being a sympathizer with terrorist ideology, having problems at work, compulsive and destructive behavior, ego and family issues. Food organizations also open themselves up to vulnerabilities via the following:

  • Allowing easy access to restricted or sensitive areas within a facility (i.e., not limiting personnel access to certain areas or clearly labeling access controls)
  • Failure to have physical security controls over personal items that are either brought into or taken from the workplace
  • Vague security policies/Lax security perception
  • High employee turnover
  • Lack of proper employee vetting
  • Failure to train employees in proper security protocols
  • Failure to have consequences for violating security policy

Surveillance

When assessing the insider threat, what should food companies look for in an effort to protect their facility and products? “You’re the first line of defense,” said Mahloch. “We get a lot of phone calls where people run things by us. If something doesn’t seem right, say something.” He provided several key behaviors that may be characterized as suspicious in some instances:

  • Someone taking a photograph or video, or notes/sketches, of food processing operations or sensitive areas
  • Someone attempting to gain information about company operations, especially related to security and personnel, in person, or by phone or email
  • Someone conducting surveillance of self services areas such as salad bars, condiment stands or open bulk containers
  • Shipping area: Unscheduled deliveries, driver who is unfamiliar with facility delivery protocols, items left on dock at unusual hours, illegally parked or unattended vehicles, or shipping documents that don’t match

Be Proactive

Companies can take several preventive steps to protect their facilities, products and personnel. Proactive measures include:

  • Monitoring products for evidence of tampering, resealing or damage
  • Securing open containers of food or ingredients in storage areas
  • Controlling access to specific areas of facility by delivery personnel, employees, vendors and contractors, and general visitors
  • Securing loading dock area, and standardize delivery and pickup protocol
  • Developing a written food defense plan
  • Training employees, contractors and vendors to recognize suspicious activity and report it accordingly

Take Action

It’s important to stay alert and be aware—employee observations are critical, said Mahloch. Once suspicious activity is observed, the facility security officer or manager should be notified, and from there a decision can be made on whether external parties need to be involved. In general, state and local partners investigate an incident before the FBI gets involved.

“When it comes to intentional contamination [or a] terrorist incident—that’s an area that we investigate and ultimately prosecute,” said Mahloch. He emphasized the FBI is not a regulatory agency, so it would not show up at a facility due to a company’s lack of compliance to FSMA, for example. The agency is interested in food defense and intentional contamination that has the purpose of causing harm.

For more information about the FBI’s role in food defense, the agency has a document on its website that summarizes food defense for the industry, including some of the above-mentioned factors to look for when trying to identifying suspicious behavior. If a company wants to report suspicious activity that is not an emergency, it can call 1-855-TELL-FBI (1-855-835-5324).

Rod Wheeler, The Global Food Defense Institute

Are Food Companies Prepared for Intentional Contamination?

By Maria Fontanazza
1 Comment
Rod Wheeler, The Global Food Defense Institute

Unfortunately, quite often we are reminded of the vulnerabilities throughout the food supply chain. The latest E. coli outbreak linked to Chipotle restaurants in Oregon and Washington once again has consumers and the food safety industry on edge about traceability and a company’s ability to quickly identify the source of a serious outbreak. According to the CDC’s most recent update, laboratory testing is ongoing to find the DNA fingerprint of the bacteria. Concerning as this may be, no deaths have been reported thus far, but 42 people have been reported ill and 14 have been hospitalized in Washington and Oregon. In the most recent statement released on Chipotle’s website, the company said it is “aggressively” taking steps to address the problem, including by conducting deep cleaning and sanitization of its restaurants as well as environmental testing in its restaurants, and replacing all food items in the establishments that it closed “out of an abundance of caution”.

What if this were a situation of intentional contamination? Would Chipotle or any other company in this type of scenario really be prepared? These questions were posed by Rod Wheeler, CEO of The Global Food Defense Institute during a recent conversation with Food Safety Tech about food defense, and food tampering and intentional adulteration. Wheeler and Bruce Lesniak, president of Lesniak & Associates, shared their views on the threats that the food industry is facing and why companies need to have a strong plan in place to prepare for an attack on the food supply.

During next week’s Food Safety Consortium conference, Rod Wheeler will moderate the Ask the Experts session, “Engaging Food Tampering Discussion Surrounding Food Defense” on Wednesday, November 18.  LEARN MOREFood Safety Tech: What challenges do you see companies facing in the area of food tampering and adulteration?

Rod Wheeler: Our food supply is wide open. It accounts for 13% of the overall U.S. GDP. One thing we know about terrorists is that they want to affect our financial markets. What’s the best way to do that? You attack the 13% GDP – and what infrastructure is that? It’s our wireless systems, airline systems, transportation systems, medical supply, or our food and agricultural supply. Those are the top areas in which we need to focus, and we have to make sure the food & agriculture supply remains safe and secure in the United States.

On 9/11 the world changed, and the challenge for us becomes, within all of our 18 infrastructures, but how have we changed? Do we continue to do business the same way we always have, even prior to 9/11? Over the past few years, we’ve seen a significant increase in terroristic activity around the world—from France to Syria to Yemen to Pakistan. Here in the United States, we have to be mindful of what is happening.

Rod Wheeler, The Global Food Defense Institute
Rod Wheeler, CEO of The Global Food Defense Institute

We’ve always had food safety programs: HACCP, HARPC, GFSI, SQF, etc.—those are good for unintentional contamination. But what happens if someone wants to intentionally place a deadly contaminant into a product?

In this country, on a daily basis we see contaminations occurring.  We were recently notified of a massive outbreak of E. coli that has occurred throughout the Chipotle system: 47 Chipotle stores have been closed. What does that mean? Is that just a food safety issue? What if that E. coli could have been intentionally grown in a test tube and placed into the food supply? Going forward, we have a duty and an obligation to look at these things, not just at face value but think about whether they are intentional events.  

FST: Where are the biggest holes within food defense plans?

Wheeler: With more than 15 years of visiting food processing facilities, agricultural farms, dairy farms, and dairy processing facilities, the biggest concern that resonates with me is the fact that the culture of security is not there. The culture of security is simply security awareness—not planning. People in food plants are being taught to be mindful not vigilant. The largest of food companies have well thought out and active safety and defense plans, and their employees are educated, trained and empowered. We find that this falls off sharply with the mid-sized and small manufacturers and suppliers.  All food providers must have a comprehensive and strategic security plan that is active and measureable.

For example, let’s say a contractor is walking though a food plant. You have worked in that plant for five years but have never seen this person before. Would you question that person about their credentials? Are people thinking about the things they can personally do to reduce or mitigate the risk… are they empowered?

Darin Detwiler of STOP Foodborne Ilness, PCA sentencing
“When Someone Dies, It’s Not Business as Usual”: Darin Detwiler of STOP Foodborne Illness discusses the impact of the PCA sentencing on the food industry. Watch the video

So, the question is “what do you do when/if”: This is one of the topics we will be discussing at the [Food Safety Consortium] conference. It’s interesting that when we present this scenario to the management of a food company, many answer back with a blank stare. We ask, do you shut down your facility? Do you notify your customers? Do you notify the national media? This question goes to the root of the company’s security culture and the strength of its strategic planning. Until we develop the necessary plans, processes and protocols to respond proactively, we will continue to remain vulnerable.  

FST: Do you think many food companies assume something catastrophic won’t happen to them?

Wheeler: I always ask why it is that we don’t anticipate these things in advance. People are complacent. “It’s not going to have happen here,” they say. “What terrorist would come to our small town and do this? We’re just a small mom and pop [business].”

Recently, I received a call from a 17-employee company in Tennessee. This particular company processes honey for 100 large box retail stores. I received a call from the CEO who said, “My client wants us to have one of those vulnerability things.” He was referencing the vulnerability assessment. He said, “I don’t know why they’d want us to have one of those. We’re a small company down here in Tennessee, why does my client think some terrorist would come here?” The fact is, attackers will find the weakest link to attack: The small honey company is not the target; they are the vessel by which the attackers get to the primary target, and in this case, the big box retailer. The big box retailer/supplier is the target and the simplest, most effective way to get to them is through the hundreds of small, low to no protection suppliers.

These are the issues we need to enlighten and educate companies about; we need to get them thinking differently, because this way of thinking is completely different. If you ask someone who’s been in this industry for years, they’ll say, we never had to worry about locking our doors, or use biometrics to gain access to certain areas. We never had to think about these things in the Food & Ag supply before.

During our front line training course, we place a significant amount of focus on the food plant blending areas and why it is the number one threat area for intentional/unintentional contamination of our food supply in the United States. The blending area is exposed to a number of vulnerabilities and once attacked, the tainted ingredients are spread among numerous products that once distributed, are not necessarily quickly traced once they are blended into the final product.

Bruce Lesniak: The consequences of such an emergency are multifaceted; they affect the consumer and their product confidence, the manufacturer through recall and the retailer through recall, brand damage and loss of consumer loyalty. Often, this ripple effect begins with the small supplier and works its way upstream to affect the entire process.

We are seeing this scenario unfold in real time with Chipotle—this is huge in the food industry. FDA has not been able to determine exactly where that genetic fingerprint has originated resulting in location closures, shaken consumer confidence and brand damage. –Rod Wheeler

FST: What will it take the industry to wake up to what could become a serious reality?

Wheeler: Unfortunately it’s probably going to take a major incident for people to wake up and smell the coffee. With that said, we firmly believe that it is critical to awaken the sleeping giants before something happens. We must increase the awareness and provide education to heighten the reality of what can potentially happen and promote proactive engagement of risk mitigation.

FST: In the context of FSMA, are companies prepared for the compliance stage?

Wheeler: Over the years, I’ve seen a number of companies begin to ramp up security at their facilities. But a number of them are doing it because they realize they need to comply with the food defense elements of FSMA; the larger companies are driving compliance and are requiring that their suppliers comply. But I think convincing companies about “Why” this is important, is the challenge. Often times companies will say, “we’re doing this training”, or “we’re doing this vulnerability assessment because it’s a requirement of FSMA.”

We feel that if being compliant is your “Why “reason, then you are spending time and money for the entirely wrong reason. You don’t do vulnerability assessment or training in food defense because you want to comply with the law. You do it because you want to protect your company and the consumer from the reality of what can happen and proactively work to avoid a threat.

Lesniak: We see the adoption trend take hold as it has traditionally, in three phases. First are the early adopters—they understand the importance of compliance for the right reasons and the need for food defense, Second are those who feel the urgency to comply due to a compelling issues (an incident or have been instructed to do so by larger suppliers in order to retain contracts), and third are those who will come kicking and screaming.

Wheeler: A lot of the requirements of FSMA were generated as a result of the PCA event in 2009. The prosecution and subsequent conviction of the Parnell brothers isn’t the last prosecution we’re going to see for someone violating a food safety protocol. This is the first, and it’s a wake up call.