Unfortunately, quite often we are reminded of the vulnerabilities throughout the food supply chain. The latest E. coli outbreak linked to Chipotle restaurants in Oregon and Washington once again has consumers and the food safety industry on edge about traceability and a company’s ability to quickly identify the source of a serious outbreak. According to the CDC’s most recent update, laboratory testing is ongoing to find the DNA fingerprint of the bacteria. Concerning as this may be, no deaths have been reported thus far, but 42 people have been reported ill and 14 have been hospitalized in Washington and Oregon. In the most recent statement released on Chipotle’s website, the company said it is “aggressively” taking steps to address the problem, including by conducting deep cleaning and sanitization of its restaurants as well as environmental testing in its restaurants, and replacing all food items in the establishments that it closed “out of an abundance of caution”.

What if this were a situation of intentional contamination? Would Chipotle or any other company in this type of scenario really be prepared? These questions were posed by Rod Wheeler, CEO of The Global Food Defense Institute during a recent conversation with Food Safety Tech about food defense, and food tampering and intentional adulteration. Wheeler and Bruce Lesniak, president of Lesniak & Associates, shared their views on the threats that the food industry is facing and why companies need to have a strong plan in place to prepare for an attack on the food supply.

During next week’s Food Safety Consortium conference, Rod Wheeler will moderate the Ask the Experts session, “Engaging Food Tampering Discussion Surrounding Food Defense” on Wednesday, November 18.  LEARN MOREFood Safety Tech: What challenges do you see companies facing in the area of food tampering and adulteration?

Rod Wheeler: Our food supply is wide open. It accounts for 13% of the overall U.S. GDP. One thing we know about terrorists is that they want to affect our financial markets. What’s the best way to do that? You attack the 13% GDP – and what infrastructure is that? It’s our wireless systems, airline systems, transportation systems, medical supply, or our food and agricultural supply. Those are the top areas in which we need to focus, and we have to make sure the food & agriculture supply remains safe and secure in the United States.

On 9/11 the world changed, and the challenge for us becomes, within all of our 18 infrastructures, but how have we changed? Do we continue to do business the same way we always have, even prior to 9/11? Over the past few years, we’ve seen a significant increase in terroristic activity around the world—from France to Syria to Yemen to Pakistan. Here in the United States, we have to be mindful of what is happening.

We’ve always had food safety programs: HACCP, HARPC, GFSI, SQF, etc.—those are good for unintentional contamination. But what happens if someone wants to intentionally place a deadly contaminant into a product?

In this country, on a daily basis we see contaminations occurring.  We were recently notified of a massive outbreak of E. coli that has occurred throughout the Chipotle system: 47 Chipotle stores have been closed. What does that mean? Is that just a food safety issue? What if that E. coli could have been intentionally grown in a test tube and placed into the food supply? Going forward, we have a duty and an obligation to look at these things, not just at face value but think about whether they are intentional events.  

FST: Where are the biggest holes within food defense plans?

Wheeler: With more than 15 years of visiting food processing facilities, agricultural farms, dairy farms, and dairy processing facilities, the biggest concern that resonates with me is the fact that the culture of security is not there. The culture of security is simply security awareness—not planning. People in food plants are being taught to be mindful not vigilant. The largest of food companies have well thought out and active safety and defense plans, and their employees are educated, trained and empowered. We find that this falls off sharply with the mid-sized and small manufacturers and suppliers.  All food providers must have a comprehensive and strategic security plan that is active and measureable.

For example, let’s say a contractor is walking though a food plant. You have worked in that plant for five years but have never seen this person before. Would you question that person about their credentials? Are people thinking about the things they can personally do to reduce or mitigate the risk… are they empowered?

So, the question is “what do you do when/if”: This is one of the topics we will be discussing at the [Food Safety Consortium] conference. It’s interesting that when we present this scenario to the management of a food company, many answer back with a blank stare. We ask, do you shut down your facility? Do you notify your customers? Do you notify the national media? This question goes to the root of the company’s security culture and the strength of its strategic planning. Until we develop the necessary plans, processes and protocols to respond proactively, we will continue to remain vulnerable.  

FST: Do you think many food companies assume something catastrophic won’t happen to them?

Wheeler: I always ask why it is that we don’t anticipate these things in advance. People are complacent. “It’s not going to have happen here,” they say. “What terrorist would come to our small town and do this? We’re just a small mom and pop [business].”

Recently, I received a call from a 17-employee company in Tennessee. This particular company processes honey for 100 large box retail stores. I received a call from the CEO who said, “My client wants us to have one of those vulnerability things.” He was referencing the vulnerability assessment. He said, “I don’t know why they’d want us to have one of those. We’re a small company down here in Tennessee, why does my client think some terrorist would come here?” The fact is, attackers will find the weakest link to attack: The small honey company is not the target; they are the vessel by which the attackers get to the primary target, and in this case, the big box retailer. The big box retailer/supplier is the target and the simplest, most effective way to get to them is through the hundreds of small, low to no protection suppliers.

These are the issues we need to enlighten and educate companies about; we need to get them thinking differently, because this way of thinking is completely different. If you ask someone who’s been in this industry for years, they’ll say, we never had to worry about locking our doors, or use biometrics to gain access to certain areas. We never had to think about these things in the Food & Ag supply before.

During our front line training course, we place a significant amount of focus on the food plant blending areas and why it is the number one threat area for intentional/unintentional contamination of our food supply in the United States. The blending area is exposed to a number of vulnerabilities and once attacked, the tainted ingredients are spread among numerous products that once distributed, are not necessarily quickly traced once they are blended into the final product.

Bruce Lesniak: The consequences of such an emergency are multifaceted; they affect the consumer and their product confidence, the manufacturer through recall and the retailer through recall, brand damage and loss of consumer loyalty. Often, this ripple effect begins with the small supplier and works its way upstream to affect the entire process.

We are seeing this scenario unfold in real time with Chipotle—this is huge in the food industry. FDA has not been able to determine exactly where that genetic fingerprint has originated resulting in location closures, shaken consumer confidence and brand damage. –Rod Wheeler

FST: What will it take the industry to wake up to what could become a serious reality?

Wheeler: Unfortunately it’s probably going to take a major incident for people to wake up and smell the coffee. With that said, we firmly believe that it is critical to awaken the sleeping giants before something happens. We must increase the awareness and provide education to heighten the reality of what can potentially happen and promote proactive engagement of risk mitigation.

FST: In the context of FSMA, are companies prepared for the compliance stage?

Wheeler: Over the years, I’ve seen a number of companies begin to ramp up security at their facilities. But a number of them are doing it because they realize they need to comply with the food defense elements of FSMA; the larger companies are driving compliance and are requiring that their suppliers comply. But I think convincing companies about “Why” this is important, is the challenge. Often times companies will say, “we’re doing this training”, or “we’re doing this vulnerability assessment because it’s a requirement of FSMA.”

We feel that if being compliant is your “Why “reason, then you are spending time and money for the entirely wrong reason. You don’t do vulnerability assessment or training in food defense because you want to comply with the law. You do it because you want to protect your company and the consumer from the reality of what can happen and proactively work to avoid a threat.

Lesniak: We see the adoption trend take hold as it has traditionally, in three phases. First are the early adopters—they understand the importance of compliance for the right reasons and the need for food defense, Second are those who feel the urgency to comply due to a compelling issues (an incident or have been instructed to do so by larger suppliers in order to retain contracts), and third are those who will come kicking and screaming.

Wheeler: A lot of the requirements of FSMA were generated as a result of the PCA event in 2009. The prosecution and subsequent conviction of the Parnell brothers isn’t the last prosecution we’re going to see for someone violating a food safety protocol. This is the first, and it’s a wake up call.