Food Safety
search
cart
facebook twitter linkedin
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Safety
  • NEWS
    • Latest News
    • White Papers
  • PRODUCTS
  • TOPICS
    • Contamination Control
    • Food Types
    • Management
    • Process Control
    • Regulatory
    • Sanitation
    • Supply Chain
    • Testing and Analysis
  • PODCAST
  • EXCLUSIVES
    • Food Safety Five Newsreel
    • eBooks
    • FSM Distinguished Service Award
    • Interactive Product Spotlights
    • Videos
  • BUYER'S GUIDE
  • MORE
    • ENEWSLETTER >
      • Archive Issues
      • Subscribe to eNews
    • Store
    • Sponsor Insights
  • WEBINARS
  • FOOD SAFETY SUMMIT
  • EMAG
    • eMagazine
    • Archive Issues
    • Editorial Advisory Board
    • Contact
    • Advertise
  • SIGN UP!
ManagementFood Defense

Food and Agriculture Are Domains of War: Part 2

June 4, 2019

The first article in this series suggested that food and agriculture would be domains of war, should global war break out. The speculative attack begins with a cyber-event, first affecting the power grid and cascading into food and agriculture, water, transportation, and banking. The effects would include disruption of the food supply (days to potentially weeks to months) and cataclysmic damage to the economy. Government obviously plays a big role in such an emergency, but it will be the responsibility of food industries and agriculture to repair logistics and replenish the U.S. food supply.  

There is no question; the hypothetical scenario was dire. It was a “what if” question exercise, designed to encourage discussion, not cause panic. To further ease anxieties, assume that this event does not become a nuclear war. Keep saying to yourself, “This is only a game…”

In military jargon, the idea promoted here is that food and agriculture corporations should engage in “war games.” Trying to develop a response strategy in the midst of an actual emergency is always the worst possible choice and may actually increase corporate and brand risk. Ignoring threats does not make them go away.   

So…what should a food corporation expect? Cyber is the most likely first portal of entry for any coordinated attack. Chinese or Russian soldiers are not going to show up at your company headquarters like some 21st century version of “Red Dawn.” Frankly, they do not need to, since they may already be “inside your wire”; whether you realize it or not, your company is not an isolated system.

You and your corporation have been and currently are targeted by adversarial nations. If you are a decision maker, they likely know who you are, where you live, possibly even some of your work habits, as well as personal details about you and your family. It is important that you and your company start practicing “Operational Security.” More about that later.
Your cyber system is probably not a self-contained, isolated “intranet.” Most likely, it is attached somewhere, somehow to the intranet. The attachment could be email, portals for updating software, communications, your security system, etc. If hackers can successfully use the control for an aquarium heater to hack into a Las Vegas casino (yes, that actually happened), then a nation state could gain access to your system in an unexpected way.

Although you may have rigid protocols, firewalls, and other hardware limiting web access, adversaries will try and often succeed in somehow tunneling into to your system. And the weakest link is always the human element. You can train people to be vigilant, but one incident of intentional or inadvertent misbehavior can undo all that is good about your cyber security. So what are some possible solutions?     

Defensive Strategies
Start with your people to increase the robustness of system: Our nation’s adversaries have been quietly penetrating cyber systems for a variety of reasons, including the possibility of war. So how do you respond to threats you may not perceive? Start with recognizing that these threats actually exist, and then move forward incrementally, but as rapidly as possible. Your company’s survival is not the responsibility of the government—it is yours!

You will need to hire serious cyber experts. If you are a small company, your brother-in-law will not be able to help you. This means engaging with a security company that has real experience with real adversaries. Remember, I am talking about more serious threats than those posed by the average hacker. The threats posed by nation-states or transnational criminal organizations are magnitudes greater in sophistication.   

Start with the easy fixes: This includes fixing compromised cyber credentials (the passwords and tokens that enable employees to enter your system). A compromised employee’s access credentials potentially can compromise the whole system. Firewalls do not prevent threats that originate from within your own systems. Scheduled, forced password changes are essential. Consider also varying the forced password schedule to prevent pattern detection by adversaries.
Randomize the changes even further among your employees. Rather than making a given section change their passwords, stagger the changes across the whole enterprise, so that, for example, on Monday, 30 percent of employees change passwords, and on Tuesday, another group changes their passwords. Yes, this strategy is annoying to users, but not knowing how much time before passwords change makes the adversary’s job more difficult, which should always be the goal. Make defenses strong enough that the adversary decides to focus on an easier target.

Your IT department, no matter how good, will not be able to determine the full extent of the problem(s) caused by potentially compromised credentials. They also may not be able provide the full spectrum of solutions necessary for responding to compromised credentials. You will need to ask for proof of expertise and experience. Also, understand clearly—adversaries can exploit compromised credentials, even when those credentials are no longer valid in your systems. Do not engage with a security company, which does not recognize this fact. Adversaries do this by targeting the credential holder by combining them with other types of information. Targeted individuals could be approached with threats of blackmail.

Increase the robustness of defenses for your personnel: The following is not hypothetical. In 2015, a group identifying itself as “The Impact Team” stole massive amounts of user data from Ashley Madison, the commercial website that promoted and enabled extramarital affairs. Sadly, but not surprisingly, some users included their work emails addresses and phone numbers when registering. Putting the ethics and morality aside, the use of company emails was just plain stupid!  

The adversaries broke into the servers, enabling them to access specific personal identifiable information (PII), along with email messages, some quite salacious, relayed through the site. Individuals using Ashley Madison as a hook-up site assumed wrongly that their data were safe, and obviously did not their use of the site shared with spouses or significant others. The surreptitious activity created a huge vulnerability for exploitation. Adversaries knew that, and in some cases Ashley Madison users fell prey to exploitation schemes.

The hack weirdly but actually diminished the potential for blackmail by making the information available to everyone. You can’t be targeted with information everyone else already knows. The proverbial jig was up, and many innocent people suffered. The hack managed to ruin careers, destroy marriages and sever relationships. The aftermath was tragic.   

Nation-state adversaries have no compunction about using purloined user data as a blackmail tool. That is one of their expressed intentions! Adversaries have done so on many occasions and will do so again. In time of war, be assured that the enemy will seek to exploit both systems and people. Compromised credentials remain exploitable forever, if adversaries possess other connections that users don’t want exposed. Employees who frequent pornography sites are highly exploitable targets, for example, since many of these sites contain malware.          

Robert A. Norton, Ph.D., is chair of the Auburn University Food System Institute’s Food and Water Defense Working Group (aufsi.auburn.edu/fooddefense). He is a long-time consultant to the U.S. military, federal, and state law enforcement agencies. His blog, Bob Norton’s Food Defense Blog, can be found at aufsi.auburn.edu/fooddefense/blog/. He can be reached at nortora@auburn.edu or by phone at 334.844.7562.

Disclaimer: Dr. Norton and production of this article were supported by the Alabama Agricultural Experiment Stations and the Hatch program of the National Institute of Food and Agriculture (NIFA), U.S. Department of Agriculture (USDA). The article represents the personal opinion of Dr. Norton and does not reflect official policy or statutory related opinion of the federal government, NIFA or USDA.     


Author(s): Robert A. Norton, Ph.D.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • people holding baby chicks

    Serovar Differences Matter: Utility of Deep Serotyping in Broiler Production and Processing

    This article discusses the significance of Salmonella in...
    Methods
    By: Nikki Shariat Ph.D.
  • woman washing hands

    Building a Culture of Hygiene in the Food Processing Plant

    Everyone entering a food processing facility needs to...
    Sanitation
    By: Richard F. Stier, M.S.
  • graphical representation of earth over dirt

    Climate Change and Emerging Risks to Food Safety: Building Climate Resilience

    This article examines the multifaceted threats to food...
    Risk Assessment
    By: Maria Cristina Tirado Ph.D., D.V.M. and Shamini Albert Raj M.A.
Subscribe For Free!
  • eMagazine Subscription
  • Subscribe to eNewsletter
  • Manage My Preferences
  • Website Registration
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Food Safety Magazine audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Food Safety Magazine or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Deli Salads
    Sponsored byCorbion

    How Food Safety is Becoming the Ultimate Differentiator in Refrigerated and Prepared Foods

Popular Stories

recalled sysco and lyons imperial nutritional shakes

Listeria Outbreak Linked to Nutritional Shakes Served at Healthcare Facilities Causes 14 Deaths

Image of fish on ice

Common Fish Food Poisoning Types and Prevention Methods

Scientist inspecting food substance with microscope

FDA Announces ‘Proactive’ Post-Market Chemical Review Program to Keep Food Supply Safe

Events

June 12, 2025

Additive Bans Ahead: Your Guide to Avoiding Risk and Maintaining Agility

Live: June 12, 2025 at 12:00 pm EDT: From this webinar, attendees will learn how ingredient bans will impact product development, labeling, and sourcing.

View All

Products

Global Food Safety Microbial Interventions and Molecular Advancements

Global Food Safety Microbial Interventions and Molecular Advancements

See More Products
Environmental Monitoring Excellence eBook

Related Articles

  • Food and Agriculture Are Domains of War: Part 3

    See More
  • Food and Agriculture Are Domains of War: Part 5

    See More
  • Food and Agriculture Are Domains of War: Part 4

    See More

Related Products

See More Products
  • 9781498721776.jpg

    Handbook of Food Processing: Food Safety, Quality, and Manufacturing Processes

  • 1444333348.jpg

    Handbook of Food Safety Engineering

  • 0813808774.jpg

    Improving Import Food Safety

See More Products

Events

View AllSubmit An Event
  • February 26, 2025

    Transforming Food Safety Through Digitalization and AI—Are You Ready?

    On Demand: This webinar will cover the role of digitalization in addressing food safety challenges and the potential of AI in food safety.
View AllSubmit An Event

Related Directories

  • ETQ, part of Hexagon

    ETQ Reliance is the world’s most flexible, powerful & easy-to-use advanced Quality Management System. Automate & standardize all aspects of quality, from document control, training, CAPA, audits, supply chain & more. Benefit from improved compliance, enhanced reputation, reduced costs, speed to market & visibility into your supply chain.
  • Saldesia "Goddess of Food Safety"

    Saldesia is a distributor of Food Safety products and solutions. We are focused on supplying the Quality, Production, Safety and Sanitation departments. Product lines include Color Coded, Metal Detectable, Antimicrobial Flooring & Mats, Workwear, Footwear, Spray Nozzles, and more!
×

Never miss the latest news and trends driving the food safety industry

eNewsletter | Website | eMagazine

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Directories
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • Instagram
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing