Monday, June 07, 2021

Cyberattacks like one at JBS are a rising threat to America's food supply chain, but federal oversight remains sparse

The cyberattack that temporarily crippled JBS, the nation's top beef processor, came a week and a half after University of Minnesota security analysts warned the Agriculture Department that ransomware could hurt the U.S. food supply more than the coronavirus pandemic has. Experts have been warning about the threat for years, but they have gained little traction.

Agriculture Secretary Tom Vilsack said cyberattacks were part of food producers' "new reality," but "federal oversight of the industry’s cybersecurity practices remains light, despite years of warnings that an attack could bring consequences ranging from higher grocery prices to contaminated food," Politico's Ryan McCrimmon and Martin Matishak report. "Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy; just voluntary guidelines exist. The two federal agencies overseeing the sector include the USDA, which has faced criticism from Congress for how it secures its own data. And unlike other industries that have formed information-sharing collectives to coordinate their responses to potential cyber threats, the food industry disbanded its group in 2008."

Farmers' and processors' increasing reliance on automation and other high technology makes them more vulnerable to hackers. "In November, the cybersecurity firm CrowdStrike said in a report that its threat-hunting service had witnessed a ten-fold increase in interactive — or 'hands-on-keyboard' — intrusions affecting the agriculture industry over the previous 10 months. Adam Meyers, the company’s senior vice president of intelligence, said that of the 160 hacking groups or gangs the company tracks, 13 have been identified in targeting agriculture," Politico reports. "A 2018 report from the Department of Homeland Security examined a range of cyber threats facing the industry as it adopts digitized 'precision agriculture,' while the Federal Bureau of Investigation said in April 2016 that agriculture is 'increasingly vulnerable to cyberattacks as farmers become more reliant on digitized data.'"

Food supply chain cyberattacks could result in higher meat prices, financial consequences for producers, injury or death of plant workers, and unsafe food being sold to the public, according to the Food Protection and Defense Institute. In public comments to USDA, the group noted that "large parts of the industry rely on decades-old, custom-written software that is essentially impossible to update, along with outdated operating systems like Windows 98," McCrimmon and Matishak report.

No comments: