The recent ransomware attacks on U.S. Government agencies and hundreds of private U.S. companies is a reminder that cybersecurity remains one of the most significant challenges facing the food and agriculture (Ag) industries today. It was a concern that took center stage at a recent OSPA (Outstanding Security Performance Awards) webinar entitled “Food Protection: The Ultimate Security Challenge?”
Presenters Megan Francies, Food Protection Manager at LambWeston, Mark Wittrock, Assistant Director of Health, Food and Agriculture Resilience, Office of Health Security, U.S. Dept of Homeland Security, David Goldenberg, Chief of InfraGard National Sector Security and Resilience Program (NSSRP), Food and Agriculture Sector at UC Davis, Andy Griffiths, European Regional Security Director at Firmenich, Jason Bashura, MPH, RS, Sr. Manager of Global Food Defense at PepsiCo, and moderator Professor Martin Gill, Director of Perpetuity Research & Consultancy International (PRCI), addressed key questions, including:
- How well protected is our food supply?
- What are the risks and are we sure we are preparing and responding effectively?
- How can increased information sharing between and amongst the public and private sectors help to reduce these risks?
Growing Risk for Food and Ag
Griffiths noted that due to hostile actors and regional conflicts, supply chains are seeing increased vulnerability making the implementation of effective transportation security and cargo theft mitigation more important—and more challenging—than ever.
In the U.S. there is a national response framework, but as Wittrock highlighted both public and private entities need to think broadly and holistically to prepare for and coordinate a response to attacks when they occur.
The need for strategic alliances and information sharing and analysis centers (ISACs) that allow organizations to share adverse events and strategies are important, but when there are many stakeholders with different—and often competing—interests, it is difficult to communicate in a language and in a timeline that meets the ideal requirements, added Wittrock. When living in an increasingly global world, we also must remember that “your friends today are not necessarily your friends tomorrow,” he said.
The risk of copycat attacks when an event occurs is also a concern, said Goldenberg.
The Need for Communication and Information Sharing
Francies championed the benefits of transparent and effective communication between government and the private sector. Her view was echoed by several panelists who encouraged more opportunities for organizations to share security breaches in a non-attributable manner to help others prepare for and reduce commonly experienced risks.
When asked, what is the biggest barrier to communication and information-sharing, Wittrock pointed to siloed discussion among key stakeholder groups. “When looking across the entirety of the food and Ag enterprise, it includes many different parts, pieces and stakeholders,” he said. “The communication happens largely in the vacuum of one particular discipline or stakeholder group. What’s lacking first and foremost is that strategic dialogue across communities.”
Efforts to improve communication are often challenged by lack of clear channels through which stakeholders can share information, said Francies. “A lot of times the communication goes out in a way that is not accessible to everybody, and it’s often last minute so people aren’t prepared to provide the insights that we need,” she said. “We need a defined way or area to communicate that is well known and publicly accessible to industry.”
In addition to clear channels, trust needs to be established among organizations and government agencies as well. “Industry has to have trust that the information they are sharing is going to be handled appropriately and that they are getting information that’s trustworthy from other sources,” said Goldenberg. “Unless there is trust across all the sectors and agencies among food and Ag, there is never going to be good communication.”
The need to protect brand reputation is often at the heart of unreported security incidents, said Griffiths. “But I do think there is a willingness to share certainly within industry and there is a need within law enforcement to obtain that information to determine how big the problem or issue is,” he added. “The problem is, there is no mechanism by which this information can be exchanged in a safe and confidential way that maintains the integrity of both the source and also the information that’s being shared. Yet, unless everyone shares across the board through collaboration or cooperation, we’re forever on the run.”
In light of the significant challenges raised related to communication and information sharing, Bashura shared successes that are taking place, including the ASIAS Aero Portal, which was developed by the FFA and Mitre to ensure security of the aviation industry, Operation Opson, a joint operation between Europol and INTERPOL developed to target fake and substandard food and beverages, the Food Industry Intelligence Network, and resources available through the Food Defense Resource Center. In terms of the importance of building trust among industry, Bashura encouraged leaders to reach out to each other. “Pick up the phone. Make a call, send an email, or shoot a text,” he said.