Food Processing and Manufacturing Cybersecurity

With the rising complexity and frequency of cyberattacks today, an array of data security risks threatens the food processing and manufacturing sector, which could impact food security. The current world population is 7.8 billion, according to the recent United Nations estimates. The human population will increase to 8 billion in 2023 and 10 billion in 2057. This means that food processors will need to feed approximately two billion more people by 2050, without overwhelming the planet.

The sector is exploring technology-related activities such as the use of advanced sensors and industrial control systems (ICS) to ensure the effective use of limited resources. The adoption of high-tech tools and systems to optimize food production and reduce waste introduces growing cybersecurity concerns. As a result, people and organizations involved in food processing and manufacturing should prioritize cybersecurity to evade potential fallout and safety issues that could adversely affect livelihoods. 

Cyber Threats in the Food Industry

Today, hackers have recognized the power of taking over control of technology systems that support food processing and manufacturing. A 2019 research report from the Food Protection and Defense Institute (FPDI) at the University of Minnesota revealed security concerns that threaten this industry. Transnational criminal organizations commit large-scale food-related crimes, such as counterfeiting, smuggling, theft and resale, and economically motivated adulteration. In most cases, the illegal activities take on a cyber-nature because of numerous vulnerabilities introduced in the sector due to recent advances in technology. 

In one incident, a malicious actor turned the fan off to suffocate chickens on a farm on Brewer Road, South Carolina. On the same night, hackers sabotaged control systems for three other farms, resulting in the death of more than 300,000 birds, in what appears to be the largest crime against industrial poultry farms.

The food processing and manufacturing industry has become a target of cybercrime because of the sector’s undue reliance on outdated and unpatched industrial control systems at processing plants. In many food processing plants, the hardware and software deployed to run the equipment were developed and implemented in the 1990s and 2000s. Furthermore, many of the ICS components have hard-coded passwords, making them highly vulnerable to cybercriminals. The operations technology personnel are responsible for operating and maintaining ICSs in the food manufacturing industry. They are experts in trained food safety and production but not in cybersecurity. Overall, the industry lacks steadfast security maturity models as compared to other sectors, such as finance, retail, and healthcare.

Impact of Cybercrime in Food Processing and Manufacturing

Cyberattacks pose several consequences in the food processing and manufacturing industry. A cyber incidence in the sector can result in the loss of consumers’ trust in the brand, production capacity problems, high costs of replacing attacked systems and non-compliance fines. 

Successful cyber incidents result in financial costs from lost productivity and ransomware payouts. Some attacks can damage processing equipment or render food products unsafe for consumption, which can result in public health risks. Threat actors can contaminate food by gaining illegal control over automated systems and causing further damage like shutting down refrigeration plants, inserting poison, or disrupting facilities. Agroterrorism, an act of cyberterrorism in the food industry, could lead to the death of people and chaos by poisoning food. Additionally, phishing attacks aimed at stealing administrator account credentials would allow attackers to steal critical data and gain access to controls in the processing plant. 

Improving Cybersecurity in Food Processing and Manufacturing

Food processing and manufacturing stakeholders can put in place several measures to mitigate cyberattacks. Food processors should identify and implement controls that reduce the potential for contamination in operations and supply chain. Furthermore, stakeholders should prioritize addressing threats that could cause catastrophic damage to the economic and public health.

+   Get C-level buy-in and support for implementing cybersecurity strategies

+   Invest in cybersecurity awareness training for operations staff and ICS personnel. Operation employees should understand how social engineering and phishing attacks work, such as spotting, reporting, and discarding malicious links and attachments

+   Develop and update an incident response plan

+   Ensure remote access and monitoring uses secure HTTP (HTTPs)

+   Limit read and write access to prevent insiders from modifying device and system settings illegally

ISA offers services and solutions needed to ensure prevention, protection, mitigation, response, and recovery of the food processing and manufacturing systems from cyberattacks and acts of contamination. Furthermore, ISA partners with leading cybersecurity technology vendors to deliver state-of-the-art cybersecurity solutions tto protect your organization’s brand, product integrity and supply chain resilience.

Contact ISA today for more information today.