The cyberattack that temporarily crippled JBS, the nation’s top beef processor, came a week and a half after University of Minnesota security analysts warned the U.S. Department of Agriculture that ransomware could hurt the country’s food supply chain more than the coronavirus pandemic has. Experts have been warning about the threat for years, but have gained little traction.
Agriculture Secretary Tom Vilsack said that cyberattacks were part of food producers’ “new reality,” but “federal oversight of the industry’s cybersecurity practices remains light, despite years of warnings that an attack could bring consequences ranging from higher grocery prices to contaminated food.” Ryan McCrimmon and Martin Matishak report for Politico. “Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy — just voluntary guidelines exist. The two federal agencies overseeing the sector include the USDA, which has faced criticism from Congress for how it secures its own data. And unlike other industries that have formed information-sharing collectives to coordinate their responses to potential cyber threats, the food industry disbanded its group in 2008.”
Farmers’ and processors’ increasing reliance on automation and other high-tech solutions makes them more vulnerable to hackers. “In November, the cybersecurity firm CrowdStrike said in a report that its threat-hunting service had witnessed a tenfold increase in interactive — or hands-on-keyboard — intrusions affecting the agriculture industry over the previous 10 months. Adam Meyers, the company’s senior vice president of intelligence, said that of the 160 hacking groups or gangs the company tracks, 13 have been identified in targeting agriculture,” McCrimmon and Matishak report. “A 2018 report from the Department of Homeland Security examined a range of cyber threats facing the industry as it adopts digitized ‘precision agriculture,’ while the Federal Bureau of Investigation said in April 2016 that agriculture is ‘increasingly vulnerable to cyberattacks as farmers become more reliant on digitized data.'”
Food supply chain cyberattacks could result in higher meat prices, financial consequences for producers, the injury or death of plant workers, and unsafe food being sold to the public, according to the Food Protection and Defense Institute. In public comments to the USDA, the group noted that “large parts of the industry rely on decades-old, custom-written software that is essentially impossible to update, along with outdated operating systems like Windows 98,” McCrimmon and Matishak report.