Source: Security Week
18 May 2020

When Smithfield Foods closed its Sioux Falls pork processing plant – joining other meat and poultry closures from Tyson Foods, Cargill and JBS USA – headlines suggested that the country was ‘perilously close to the edge’ of food shortages. So, just how safe is the food supply?

The recent closures have been forced by the COVID-19 pandemic. This is likely to be a transient risk, but all modern plants face an ever-present consistent risk from cyber-attack. COVID-19 has merely focused minds on an under-considered risk: how safe is the food supply chain?

It’s a question that needs to be asked. Food supply is a fundamental pillar of ordered societies, and a catastrophic lack of food would rapidly lead to social disorder. This would likely be more rapid and severe in the western democracies that have not experienced serious food shortages for more than 70 years since the end of World War II.

Cyber risk and threat

There is no risk if there is no threat. The first question, then, is whether there is a cyber threat to food supply. Are cyber criminals likely to attack the food industry?

The answer is clearly ‘yes’; and there are at least three obvious channels: hacktivists, cyber-criminal gangs, and nation states. And a fourth, that needs to be mentioned: competitors. “Increased levels of espionage and sabotage from competitors will also heighten as organizations do battle for technological supremacy in this space,” warns Daniel Norman, research analyst with the Information Security Forum (ISF).

Hacktivists

There is a growing social movement to use the re-emergence from the COVID lockdown as an opportunity to ‘reboot’ the way society operates. Environmental pollution has dropped rapidly, and nature has recovered from its effects quickly. Environmental activists are calling for governments to invest in green technology as a post-pandemic economic stimulus.

Where this does not happen, and where the old polluting industries revert to their traditional practices, activists are likely to ‘punish’ the worst offenders. This is likely to be two-pronged: environmentalists concerned about increasing pollution, and animal rights activists objecting to the return to mass animal slaughter.

This punishment may come in the form of large-scale DDoS attacks, or even direct attacks against individual plants.

Cyber-criminal gangs

Criminal gangs are driven by two related issues – opportunity and money. The pandemic will have focused attention on the food supply chain, and both issues are apparent. The pandemic will be followed by recession, which could potentially be followed by a deeper depression. Even in the best scenario, there will be many areas of society operating on drastically reduced incomes in the foreseeable future.

The threat is not new. Theft of food has always existed: those who have none are forced to steal from those who have plenty. In the distant past, this was small-scale – effectively petty theft. In the more recent past, criminal gangs have become involved in more large-scale theft from distribution (cargo theft) and warehouses.

This is continuing: recent data from Transported Asset Protection Association (TAPA) suggests that cargo theft has increased by 114% over the last 12 months. On May 3, 2020, FreightWaves reported, “Trucks carrying food and other essentials have been popular with thieves along Mexico’s highways in recent weeks. Cargo theft of trucks has increased 25% during the coronavirus pandemic period, according to a survey conducted by LoJack Mexico.”

Cybercrime, however, could take this to a new level. Entire shipments of food could be redirected and stolen. Entire food companies can be extorted for large sums of money. IT and OT networks can be compromised by ransomware, and the rapid spoilage of food in production would be an incentive to pay the ransom. With much of the food industry comprising small local businesses, it will often become a question of paying up or going under – and this equation will attract additional attackers.

Nation states

The importance of the food supply chain is not lost on the military. In 1812, when Napoleon invaded Russia, the Russian army withdrew but operated a scorched earth policy to deny food supplies to Napoleon’s army. Without supplies, Napoleon was forced to retreat from Moscow, which arguably and ultimately led to his downfall.

“It is a well-known fact,” comments the ISF’s Norman, “that during times of conflict, the party that can destroy the food supply chain will inevitably win. It is therefore conceivable that cyber-attacks from nation state-backed actors and terrorist groups will begin targeting organizations dependent on new technologies, disrupting global supply chains.”

Read Full Article