Sector News

The food industry isn’t prepared for cyberattacks, new report says

September 12, 2019
Food & Drink

The food industry is both at high risk of and unprepared for a cybersecurity incident, according to a new report from the Food Protection and Defense Institute (FPDI) at the University of Minnesota.

The report suggests that food companies that haven’t taken the steps to protect themselves should do so now, as the industry could be a new and relatively easy target for hackers. “The food industry has not been a target of costly cyberattacks like financial, energy, and health care companies have,” lead author Stephen Streng said in a press release. “However, as companies in those sectors learn to harden their defenses, the attackers will begin looking for easier victims.”

The report identifies several reasons the food industry is behind when it comes to addressing cyber risk. The most significant factor is the legacy technologies, particularly the older industrial control systems (ICSs), commonly used in food processing and manufacturing.

In many food plants, the hardware and software used to run the machinery was developed and implemented in the 1990s and 2000s. The problem with these older systems is that they aren’t compatible with current cybersecurity best practices, making them highly vulnerable to attack. The report cites the examples of hard-coded passwords, which represent a major security risk for ICS components, as well as custom-written code that only runs on outdated, insecure operating systems.

Other factors contributing to the high level of risk include:

  • A lack of knowledge about cybersecurity among food industry operations technology (OT) personnel
  • A false belief among small and medium-sized companies that they’re too small for hackers to target
  • A high level of outsourcing information technology (IT) system and ICS management
  • A lack of awareness about cybersecurity among leadership and an unwillingness to put resources toward upgrading legacy systems

While the food industry hasn’t yet had any major cybersecurity incidents, the report suggests that they’re likely coming. As Streng mentioned above, the industries that have been the most frequent victims — financial, energy, and healthcare — have learned to better protect themselves. Hackers may see the food industry as low-hanging fruit.

In addition, the authors note that “transnational criminal organizations (TCOs) are heavily involved in large-scale food-related crimes such as counterfeiting, economically motivated adulteration, theft and resale, and smuggling,” and that “food and beverage routinely ranks as the first- or second-most stolen product category via cargo theft.” Cyberattacks could be used to steal information to facilitate all of these crimes.

FPDI recommends food companies take these five steps to identify and mitigate their risk:

  • Foster more communication between OT and IT staff
  • Conduct cybersecurity risk assessments that include inventorying ICSs and IT systems
  • Involve staff with cybersecurity expertise in the procurement and deployment process for ICS devices
  • Extend food safety and food defense culture to cybersecurity
  • Get involved in cybersecurity organization and industry-government partnerships

For more information and resources, read the full report.

By Krista Garver

Source: Food Industry Executive

comments closed

Related News

September 25, 2022

Coca-Cola names new president of global ventures

Food & Drink

The Coca-Cola Co. has promoted Evguenia (Jeny) Stoichkova to president of global ventures, effective Jan. 1, 2023. Ms. Stoichkova joined Coca-Cola Bulgaria in 2004 and was most recently the president of the company’s Eurasia & Middle East division, a role she has held since 2021.

September 25, 2022

Perfect Day allies with Onego Bio to speed-up launch of animal-free eggs

Food & Drink

US-based Perfect Day, is partnering with Onego Bio, which specializes in creating animal-free eggs, aiming to accelerate the timeline to bring the eggs to the market. The business, with the use of its technology, plans to commercialize animal-free ovalbumin, the most abundant egg white protein extracted through precision fermentation.

September 25, 2022

EU fails on food waste: Report reveals bloc discards more than it imports

Food & Drink

Food waste costs the EU €143 billion per year (US$141.7 billion), with a report by Feedback EU raising the alarm of how it’s vital to reduce waste from farm to fork 50% by 2030 and the only way this will be achieved is by enforcing a mandatory directive forcing the food industry to do better and retailers to pay a tax of food waste.