Now, there is no doubt: the next target of cyberattacks is the food industry.
What does it mean? How will it affect us? What can we do?
When we think about food, often, we don’t see it as something bad or evil. We can’t imagine how someone can look at food (and the system that sustains it) as an enemy that you need to attack or inflict damage to. We feel this way because we know that everyone depends on food. The food that we eat may vary, but we all agree that food is important for survival, and we appreciate food for keeping us fed and nourished.
That is why when we think about the threat to food, we usually think about pests that destroy crops or bad weather that ruins the harvest. In recent years, activism directed on food, on certain eating lifestyles, and the food industry has caused problems for food businesses. But these are minor inconveniences with no lasting, large-scale impact on food production and consumer access to food.
JBS is the largest meat processing company in the world. In June, JBS’ computer systems were attacked by hackers using ransomware, causing significant operational disruption in JBS offices in Australia, Canada, and the US, where cattle slaughter was halted for one day. Nine beef plants in the US were shut down. One plant is located in Texas. Others were in Nebraska, Utah, and Wisconsin. After failing to resolve the problem, JBS reportedly paid $11m (£7.8m) in ransom using Bitcoin. According to the FBI, this is the work of a Russia-based cybercriminal group called REvil.
When we talk about cyberattacks, we usually associate them with computers, the tech industry, military and defense, intelligence hubs, and other high-value targets. When we read the word “cyberattack”, we think about hackers stealing digital data, or using digital tools to infiltrate bank accounts and steal money.
But a cyberattack on a meat processing plant? What gives? It feels like it is hard to wrap your head around the idea. It sounds complicated, but in truth, it is very easy to understand looking at the bigger picture.
Hackers, Ransomware, and Cyberattacks
We’ve seen hacking and cyberattacks before. Usually, it is one of two things. First, it is using the resulting disruption or inconvenience as a statement; an act of vengeance, an insult, or a show of impunity. The other reason is exploiting a vulnerability of digital infrastructure, to steal or acquire something valuable, like money or identity.
Now, there is extortion, too.
We are living in an era of connectivity of devices via networks powered by computer systems. Businesses like food processing plants are among those who have embraced the digital world because it promises convenience, flexibility, and performance improvement. Digital technology helps improve production processes. Food is produced and delivered to the consumer faster and safer.
Though, there are multiple chinks in the armor.
Unlike other industries heavily invested in cybersecurity, many businesses in the food industry have obsolete technology with very few security measures. The need to update is seldom relevant because there is no one in the company with extensive experience in cyberinfrastructure to advise top-brass what upgrades need to be made. And more importantly, food businesses just simply do not feel threatened.
Because of that, the system is weak, obsolete, exposed, and unprotected. And those who own these businesses – profitable businesses – have money to pay for ransom should they choose to. All of these things coming together made extortion a very enticing, lucrative, and rewarding criminal enterprise for cybercriminals.
This is why JBS was attacked.
According to the US government’s Cybersecurity and Infrastructure Agency (CISA), food and agriculture are among the 16 different industries listed as critical infrastructure sectors prone to cyberattacks and extortion via ransomware.
What does this mean for ordinary people?
This feels like an issue for big businesses and tech security firms. But when it comes to food, everyone is a stakeholder. Everyone must be aware of this problem – how things work, how an attack on the computer system of a food processing company affects us, and what we can do.
After a series of cyberattacks in recent months on government agencies, a major gas pipeline, Florida city’s water supply, and now JBS, this means a real threat has emerged, hitting targets where it really hurts. This means the hackers behind these are determined and relentless and they will not stop unless they are deterred. This means the threat to food production has elevated from inconvenient but harmless to potentially catastrophic. This means food production is vulnerable and a successful attack can stall food supply lines.
This means the public should be alert and ready.
How will it affect us?
Production, distribution, transport, and logistics, etc. are all part of the food supply chain that moves the food from the source to the consumers located all over the state, all over the country, and all over the world. Mass production, worldwide sales, distribution, importation, and exportation of food and food products – these are all made possible and convenient by computer systems.
Computer systems involved in the different stages of food production and distribution make it easy to manage large-scale, nationwide, or even global operations that we cannot do manually or without computers.
When these systems are attacked and shut down, the operation comes to a grinding halt. This automatically results in financial losses, and it worsens with every day that the computer system remains shut down.
Computer systems shut down by hackers have a rippling effect felt immediately. With computer systems shut down, factories are forced to stop operation. There is no traffic of goods moving in or out. Workers are not paid. Businesses reliant on the operation of the food industry (i.e. trucking and transport, packaging, supplies, tech, etc.) also incur losses. Deliveries for the day meant to supply stores are not delivered, which means supply may temporarily run out and restocking will take longer than usual, and this means lost revenue for stores.
Impact on the consumer
Interruption on food production for a day or two is usually not enough to result in a shortage, but if long-term production is hampered by a computer system held hostage by hackers, then the worst-case scenario for consumers may be having no food in stores.
Impact on businesses
Being unable to operate may result in financial losses for the company but nothing too big to sink a stable company overnight. However, a lot will depend on how fast they can resolve the technical problem.
Impact on workers
Without work, many workers will come home knowing the day is wasted. If work stoppage lasts for more than a day, this could potentially affect the financial stability of the employee.
The cyberattack was meant to cause disruption and loss, and it managed to accomplish that. How bad the disruption is and how much money was lost by companies depend on how long the problem remains a problem. If the problem persists, the initial losses will be made worse by other problems like public hysteria, breakdown of law and order, etc.
Texas’ presence in the US and world food industry
Texas was affected by the cyberattack since one of the plants that were shut down is located in Texas. If hackers continue to attack the food industry, this is a problem for Texas. Many big businesses in the food industry are stationed here.
According to Dallas Regional Chamber (DRC), “For more than a century, the Dallas Region has served as a hub for the Food and Beverage industry sector. From corporate headquarters to production and distribution, to retail businesses, more than 15,000 establishments account for nearly 370,000 jobs locally.”
What CAN we do?
This wisdom still holds up even today. Find a way to have food stored at home. You don’t have to fill a big cabinet or have an overflowing pantry, just have enough for unexpected emergencies and sudden, temporary food shortage.
Stay vigilant and monitor the news
There is nothing wrong with not knowing everything, but it is important to know the things that matter, and the things you do not know anything about, you can learn from it by reading or listening to the news. For many people, this is the first time they are hearing about cyberattacks and ransomware. Use the internet to stay informed.
Strengthen your community
Find the opportunities where you can raise this topic for conversation and encourage everyone to be interested to listen, to ask questions, and to be engaged. See what you and the community can do to protect local food businesses from threats to food production and food supply lines.
Support small, local businesses so that they don’t go out of business. Cyber attacks won’t target farmers markets, and local, traditional point-of-sales like storefronts, stalls, and farmstands are less vulnerable. The presence of local businesses providing the community with essential goods is an important safety net just in case another cyberattack cripples food distribution on a national or state-wide scale.
Put pressure on leaders to give attention to food security
It is pointless now to know whether or not the government has given food security enough attention to make sure there is an adequate level of protection to shield the industry from cyberattack. What’s important is that the threat, without a shadow of a doubt, is real. What needs to be done moving forward is to build our defenses and make food security a top priority. Citizens can take an active role in demanding action from the government. They can use different platforms and opportunities available to them to speak out regarding this issue and start a dialogue with lawmakers, business, and community leaders. Demand for policies that protect not just the big businesses, but small farms and small food businesses as well, and not just from threats of cyberattack, but protection as well from other causes of instability, to allow small, local businesses to thrive, grow, and compete. Everyone involved in producing food and feeding the people – big and small businesses alike – requires protection and security because they are essential to our survival.
We are all inextricably linked to one another. What happens to supply lines and industries affects us, and none greater than those affecting the food industry and food supply lines. As a citizen, it is important to be informed. Understanding what is happening around us is the first step in being prepared to take action. And of course, having a strong, resilient, and LOCAL food economy will be our biggest defense against cyberterrorism and cyberattacks targetting our nation’s food supply.