Tag Archives: IT

Craig Reeds
FST Soapbox

Cybersecurity for Food and Beverage Operational Technology (OT) Environments

By Craig Reeds
No Comments
Craig Reeds

Much of the attention that cybersecurity gets is on the IT or office network side of things, but recently people have begun paying more attention to operational technology (OT) systems that make up the country’s critical infrastructure. When people think of critical infrastructure, they automatically think of oil and gas, power generation, and water. Many people don’t realize that there are actually 16 critical infrastructure industries:

  • Energy
  • Financial
  • Dams
  • Defense
  • Critical Manufacturing
  • Water and Wastewater
  • Food and Agriculture
  • Healthcare
  • Government Facilities
  • Commercial Facilities
  • Transportation
  • Emergency Services
  • Chemical
  • Communications
  • Nuclear
  • Information Technology

One of the easily forgotten, but perhaps most important, is food and beverage manufacturing. A cyber attack on a food and beverage company might not result in the lights going out or clouds of toxic gas, but they could result in explosions, or tainted food. We need to start paying more attention to cybersecurity in the food and beverage industry. What would happen if a hacker got into the control system at a frozen foods distribution facility? They could raise the temperature in the freezers, thaw the food and then refreeze it. This could result in food poisoning for hundreds or thousands of people. Bad actors can do a lot of harm by targeting this sector.

Many companies are pushing to combine their IT and OT departments, something they call IT/OT convergence. This can be done, but you need to first understand that IT and OT have differing goals.

It is important to review the organizational structure. You will typically find that both IT and OT report organizationally to the CEO level. We also find senior management believes IT owns the industrial control system (ICS) networks and security—mainly because IT owns support, maintenance & operational budget for network and security (basically letting OT off the hook).

IT’s primary goals are confidentiality, integrity and availability, the CIA triad. While working toward these objectives IT also tries to make it possible for users to access the network from any location from which they are working, using whatever computing device they have with them. The goal is to make it as easy to work from an airport, hotel room or coffee shop as it is to work in the office itself. Technology is updated and replaced often. Service packs are loaded, new software releases are loaded, and bugs are fixed.

OT’s primary goals are availability, integrity and confidentiality—a complete reversal of the CIA triad. They strive to keep production running, be it an electric utility, an oil rig or a pop-tart factory 24/7/365. OT is all about what works, a “We’ve always done it that way” mentality. OT will always be reluctant to make any change that might bring down the production line. Remember, they are graded on widgets per minute. There must be trust and open communication between IT and OT if things are going to work properly.

When we are talking about OT cybersecurity, we usually use terms like secure or prevent, when we really should be thinking about words like containment. Securing the network and preventing attacks is important, but at some point, an attack will get past your defenses. Then it is a matter of containment: How do we keep the problem from spreading to other networks?

One thing to definitely avoid is the desire by IT to have bi-directional communications between the IT and OT networks—this should never happen. Also, avoid the desire to connect the ICS to the Internet so that you can control the process remotely. There is no reason for the plant manager to be able to go home, have a couple beers and then log on to see if he can make things run better. If the control system is going to be connected to the corporate IT or the Internet, it should only have out-going uni-directional data transmission to allow monitoring of the system.

Building a good OT cybersecurity program, you need to do three things:

  • Get C-Level support and buy-in for the changes to be made.
  • Communicate with stakeholders and vendors.
  • Make decisions as a team, make sure all the stakeholders, IT, OT, engineering are all involved.

After you have set up the structure and started communicating, you need to begin cybersecurity awareness training for the OT staff. This training should be focused on educating plant personnel on what cybersecurity is, both at work and at home, and how to respond or escalate something that seems wrong. They need to be trained what needs to be dealt with immediately and what can wait. Consider doing tabletop exercises where you practice what to do when certain things occur. This can act as a stress test for your incident response plan and help find the holes in your plan and procedures. These tabletop exercises should involve C-suite individuals as well as people from the plant floor, so everyone understand their part in a cyber-attack response.

If these concepts are followed, you will be well on your way to creating a much more cyber-secure production environment.

Lab grown meat

How Plant-Based Foods Are Changing the Supply Chain

By Maria Fontanazza
No Comments
Lab grown meat

The plant-based meat market is anticipated to be worth more than $320 million in the next five years, according to a report released last summer by Global Market Insights. As the popularity of meat-alternative products continues to rise, new challenges are being introduced to supply chain management. Joe Scioscia, vice president of sales at VAI explains some of these hurdles and proposes how technology can help.

Food Safety Tech: Is the growing popularity of plant-based foods introducing hazards or challenges to the supply chain?

Joe Scioscia, VAI
“The growing popularity of plant-based foods has presented a new set of challenges for the supply chain,” says Joe Scioscia of VAI.

Joe Scioscia: The growing popularity of plant-based foods has presented a new set of challenges for the supply chain, especially considering many of these organic items are being introduced by traditionally non-organic retailers. Impossible Foods received FDA approval for its plant-based burger in 2019, showing just how new the plant-based movement is to the industry.

Obviously, the organic supply chain and produce suppliers have long followed regulations for handling produce, such as temperature controls, cargo tracking, and supply and demand planning software, so the produce could be tracked from farm to table and in the case of a recall, be traced back to the source. But for meat alternatives that are combining multiple plant-based ingredients, organizations in the supply chain who are handling these products
have new food safety concerns. Considerations on how to store and process meat alternatives, how to treat each ingredient in the product and, most importantly, how to determine temperature controls or the source of contamination are all discussions the food industry is currently having.

FST: How are plant-based foods changing the dynamic of the supply chain from a food safety perspective?

Scioscia: The food supply chain has changed dramatically in recent years to become more complex, with food items traveling farther than ever before, containing more ingredients and required to follow stricter regulations. Many of the changes to the supply chain are for the better—organic and plant-based alternatives offer health benefits for consumers and are a move towards a more sustainable future. But the reality is that the supply chain isn’t quite there yet. Suppliers, retailers and producers at every part of the supply chain need to work together to ensure transparency and food safety compliance—including for plant-based products. Foodborne illnesses are still a real threat to the safety of consumers, and these same consumers are demanding transparency into the source of their food and sustainable practices from brands. All of these considerations are what’s making this next era of the food industry more complicated than ever before.

Because food safety compliance is always top of mind in the food industry to keep consumers safe, this new and complex supply chain has required companies to rely heavily on technology solutions to ensure plant-based products are equally as safe to consume as non-organic alternatives. These same solutions are also helping supply chains become more transparent for customers and streamline food processes to build a more sustainable future.

FST: What technologies can food companies and retailers use to better manage the supply chain risk while supporting the increased consumer demand for meat alternatives?

Scioscia: Utilizing a centralized software system is one tool many food suppliers and distributors can use to better visualize, trace and process products in the supply chain—including for plant-based alternatives. Having access to a central platform for business data to track assets and ensure food safety regulations are being met allows for companies to optimize processes and cut unnecessary costs along the way.

Heading into 2020, many organizations in the food supply chain are also looking at new applications like IoT, automation, and blockchain as ways to curb food safety issues. The FDA has taken steps to pilot blockchain and AI programs to better track drugs and food products, in conjunction with major food brands and technology companies. Other organizations are following suit with their own programs and many are looking at these solutions to improve their food tracking efforts. It’s clear technology has the most potential to make it easier on the industry to comply with food safety regulations while meeting customer demands for plant-based alternatives and organic options—all the while building a sustainable supply chain for the future.

Rajan Gupta, Enexas
FST Soapbox

My IT Department Doesn’t Understand Me or My Business

By Rajan Gupta
No Comments
Rajan Gupta, Enexas

Despite much progress in technology, information technology departments (IT) continue to lack credibility with business leaders and despite spending significant costs, many “IT” projects continue to “fail” in the eyes of the very users that IT tries to support. In this article, I will share the common challenges that contribute towards perceived and actual misalignment between IT and business.

We know that technology is at the core of every business process and is the primary driver of competitive advantage. However, studies suggest that most business leaders do not feel comfortable with the direction for their IT and digital transformation. As business leaders focus more on IT costs and not how IT can transform the business, IT is pushed more towards daily operations versus long-term strategy. Dave Aron of Gartner Research, says that “Buying a piece of technology does nothing by itself. It’s how you use the technology that matters the most. But we must make sure that what we buy satisfies the business needs.”

During my many interactions with business and IT leaders, I normally ask questions like:

  1. Explain the core business of the organization?
  2. Have IT resources spent anytime working in the day of life of an average business user doing daily tasks as if they were in that role?
  3. Do business and IT teams communicate in the same language (i.e., Does IT communicate in a manner that a business user will understand technology), or does IT use technical jargon that goes over the heads of most people?
  4. Are you comfortable that your IT and business strategies are aligned?
  5. Do IT leaders actively participate in senior leadership meetings and define business strategy?

Not surprisingly, the answers to these questions are on opposite ends of the spectrum between the business and IT leaders. In spending more than two decades of providing technical solutions to business problems, I have found that such divide is only expanding as technology becomes increasingly complex each day. A global economy puts increasing pressure on business to stay competitive and drive growth at a rapid pace, especially as it relates to food safety, regulatory and quality. Food is now globally sourced and the processes require innovative technical solutions in assisting food safety and regulatory compliance of foreign suppliers. Many IT organizations do not have a deep understanding of the business of food safety, leaving a gaping hole in deploying solutions that keep our food chain supply safe.

Defining a Bridge

So how do we effectively tackle this divide between IT and business leaders? I often call myself the “bridge” between business and IT. For those that understand technology, it is your role to ensure that what we do with technology satisfies the business need! Ultimately, it is the business that will succeed with our support, because technology by itself is not successful. But wait, not every IT staff member can be expected to understand the business and technology. What I often observe is that most IT organizations lack a leader who has the business, technical, interpersonal, innovative and customer-centric skills. Such people are certainly not growing on trees. Business and IT leaders must establish a group of resources that act as the “bridge” for their organization. By identifying these resources, you can focus on providing them with the appropriate skills and training to work jointly with business and IT to deliver solutions that drive the overall business strategy. Finally, I must point out that this group is normally led by the chief information officer (CIO), who is more importantly a business leader with technical acumen and not a hardcore technologist.

CIO as a Business Leader First

The role of a CIO is perhaps the most complex of all C-Level executives. CIO is expected to manage daily IT operations, contain costs, increase efficiencies, provide valuable insights through factual data, partake actively in business strategy, align the IT strategy with the business, and innovate at the speed of business. Not to mention, do all this while increasing overall customer experience. CIOs must tighten the connection of their IT teams to the business!

IT Drives Project Prioritization Aligned to Business Strategy

How can CIOs, IT, and business leaders close this fundamental gap between their IT and business organizations? Let’s first start with prioritization. How often do you find yourself saying that I must have something completed by IT yesterday? If you are like most people, you would probably challenge yourself in whether you demand IT to be reactionary to your needs. Most IT organizations fail to understand the true impact of user requests to the business. Usually, project prioritization comes down to cost, who will pay for it, and what may be defined as the “cool” factor.

IT has the broadest view of all technology projects across the organization and must lead in communicating with all business leaders. A CIO needs to effectively communicate the impact of various projects on each of the business divisions, the impact of the project, the cost/ROI, and help define the prioritization for business projects. IT must play the role of a negotiator and help business leaders in making decisions that provide the greatest impact. Martha Heller in the CIO Paradox says that there are “no IT projects, only business projects!”

As mentioned earlier, IT departments usually lack understanding of the food safety and quality processes. CIOs need to conscientiously understand the business of food safety, as it is not only important to keep our food chain safe but also to protect the organizational brand and ensure that food safety and regulatory groups are able to monitor, assess, and proactively ensure that no harm is introduced to the public through their products. Many organizations rely on recall processes to help contain food safety issues, but that is a reactive approach, which in many cases, tarnishes the brand image and costs the organization more than what was ever expected.

Keeping It Simple

How often do we see technology being deployed because the previous tools were too old or have simply lost their luster? With a constant bombardment of new gadgets and apps, we increasingly find ourselves overwhelmed with the variety of options available for almost any task. But that does not mean that the most advertised, or the one with highest reviews is going to fit your specific business needs. Cookie-cutter approaches do not work in all business environments. IT must assess the business need, challenge the business users on their processes, propose and analyze options, and then actively work with business and software vendors to find the right fit. Sometimes, that means not changing anything at all.

I often see businesses put together selection committees comprised of business and IT teammates. The business leaders each focus on their own silos, and IT focuses on such things as security, infrastructure, demand on their time and support. But no one in the group is looking at the impact across the organization. An IT strategy aligned with business will ensure that IT leadership is able to guide each business user towards the pros/cons of any project impacting their specific business area. IT must be in front of the business and lead business users through all technology choices. CIOs and their IT teams need to learn to convey the messages through examples and language that a business user understands. Help businesses find software vendors that are at the forefront of innovation and have not fallen in the trap of legacy enterprise software companies that are resistant to change.

Another common mistake by IT is asking the business users what they want. IT needs to take the ownership of understanding the business and then innovate in a manner that makes that task/process easy, efficient, accurate, sexy and simple! Be truly disruptive by providing a product that your business users automatically gravitate to that solution. It is the role of the IT departments to understand the business. I am convinced that certain business jargon, like FSMA, FSVP, social responsibility, and sustainability are terms not well understood by most IT organizations. Many food compliance staff members are buried in mountains of paper, PDF and email documentation, leading to selective review and processing of information. Such an approach of sampling only a part of relevant information is a major risk to our food supply chain. In recent years, tools have emerged that allow food safety and regulatory staff to electronically monitor the relevant information and focus their attention on information that really matters. By streamlining the processes through creativity and technology, we can empower the food safety staff to be vigilant and ensuring that only safe, reliable, and high-quality food enters our food chain.

Getting Business to be Comfortable with IT

In an organization, it is easy to find executives and managers who have worked across several departments. A customer service representative may transition to sales, or a vice president of sales becomes a CEO of the company. But not many people crosspollinate with IT. Most people outside of IT do not understand technology at a level to contribute effectively on a technical team. So, you may be saying why can’t the business understand technology? Well that’s because technology is in a supporting role for the business. It’s like a supporting actor helps the lead actor succeed at their role in a movie. It is the job of the IT group to support the business and get them to be comfortable with you. In every project, ensure that there is a business leader who owns the project. Remember that it is a business project, and not an IT project.

The CIO Magazine and other such periodicals are frequently publishing articles on speaking the language of the business. This suggests that IT still does not understand how to communicate with the business. Simplify your communication by removing technical jargon from your communications. Actively participate in business meetings to understand the needs of the business user. Be curious and be a trusted advisor for the business. Remember that you are the bridge and you do not need to explain the underlying infrastructure to you your business peers; you just need to help them do their job effectively, and efficiently. Discuss with them how you can help them win!

IT is about serving the business, being adaptable, innovative, and having its success be defined as only being the success of its business partners. Martha Heller in CIO Paradox states that “[IT] needs to have egos that are big enough to initiate transformative projects but small enough to let someone else take credit.”

Randy Fields, Repositrak
FST Soapbox

Food Safety Technology Disrupters

By Randy Fields
1 Comment
Randy Fields, Repositrak

We’ve all heard about the latest disrupters in the retail supply chain, like the Internet of Things, wearable computers, cognitive analytics, machine learning and even the new value chain in which these technologies intercede to provide a better and more accurate shopping experience for consumers. There are also developments like digital fabrication that interacts with both the consumer and appliances to improve the way product gets to the consumer from the point of production.

Technology disrupters can fundamentally change supply chains, destroying existing ones and creating new ones. Other disruptions can be caused by not a single technology but by several new and existing technologies that come together in innovative ways. Smart retailers and their trading partners are working to judge the impact of these technology disrupters before or at least as they occur. They need to be more proactive by investing in key areas of strategy, culture and partnership.

A company’s supply chain can be the weakest link in its food safety program. Learn how to mitigate these risks at the Food Safety Supply Chain conference | June 5-6, 2017

Many of the technology disrupters in food safety are based on the growing ability to apply analytics, including machine learning, to drive a better understanding of and increase the personalized relationships with the consumer, and to glean insight from all the data being collected. Knowing exactly what information shoppers require to feel safe with the products they are buying from you can only help build and maintain a great reputation. Further, analytics help companies predict and address the weakest links on the production floor and in their own extended supply chain to keep those customers free from potentially deadly pathogens.

Cloud computing for the delivery of IT and business processes as digital services is transforming the food safety world through the unprecedented speed and agility it enables for mobile and social engagement. Telling your customers that a recalled product could cause an illness used to require lots of phone calls or even snail mail, but now technologies in the cloud facilitate almost instantaneous messaging of the warning to whole or subsets of a population. This is just one of the ways that everyone from shoppers to business people are changing the way they interact with each other and the way we all do business due to the cloud.

Security in general and cybersecurity specifically are disrupters for companies concerned with food safety, because they can fall prey to sophisticated hackers and other crooks that try to ransom a business’ reputation in the digital world. Think how important it is to protect your own information as well as that of your consumers and customers for payment details and personal data. Now add health data to the mix and you’ll recognize the critical nature of the issue.

All of these technology disrupters have the potential to seriously impair your food safety plans and procedures, but they can also help you better deploy resources to address individual food safety emergencies and ongoing issues. Knowing the impact of the disruption is the first step in addressing it; then you need to develop a plan that helps you take advantage of the positive sides of the disruption and eliminate the negative ones.