Food Safety
search
cart
facebook twitter linkedin
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Food Safety
  • NEWS
    • Latest News
    • White Papers
  • PRODUCTS
  • TOPICS
    • Contamination Control
    • Food Types
    • Management
    • Process Control
    • Regulatory
    • Sanitation
    • Supply Chain
    • Testing and Analysis
  • PODCAST
  • EXCLUSIVES
    • Food Safety Five Newsreel
    • eBooks
    • FSM Distinguished Service Award
    • Interactive Product Spotlights
    • Videos
  • BUYER'S GUIDE
  • MORE
    • ENEWSLETTER >
      • Archive Issues
      • Subscribe to eNews
    • Store
    • Sponsor Insights
  • WEBINARS
  • FOOD SAFETY SUMMIT
  • EMAG
    • eMagazine
    • Archive Issues
    • Editorial Advisory Board
    • Contact
    • Advertise
  • SIGN UP!
ManagementFood Defense

Food Defense Is All About Protecting Yourself: Part 2

April 7, 2020

China wants to know how the U.S. maintains its economic advantage. It researches how companies are operating, right down to the level of the settings on the equipment that controls your food plant systems and processes. 

In addition to nation-state industrial espionage, companies face a wide range of threats. “Hacktivists” launch attacks for ideological, political, or religious reasons, or simply for the challenge. Criminal organizations attack for profit, trying to extract payment from the victim. In addition, companies sometimes become victims even if they are not the intended target, such as the notpetya attack, which targeted a software company but had much broader impact, including the food and agriculture industry.

It is important to know that nation states and criminal organizations both do target corporations, and this article will provide solutions on how companies can better protect themselves. 

Part 1 of this series talked about the fact that actions disrupting our food and agriculture systems would be considered acts of war (de bello),[1] if they originated from nations that linked them to armed conflict and the attacks were intended to diminish our nation’s capability and public will to respond militarily. The article also discussed food and agriculture as vital critical infrastructures (CIs), whose incapacitation or destruction would harm the country.

“Near peer nations,” which include China and Russia, were described as developing sophisticated technologies that are being used to target CIs, including food and agriculture. Countries are interested in the CIs for two reasons. They desire to explore the functionality of companies in the sectors should they at some point attack, and they also desire the proprietary information belonging to companies. In the first case, this “probing” is a potential act of war (“preparation of the battlefield”), while the latter case is espionage. While Russia and China are the largest near-peers, the cyber-security domain has lowered the bar to entry, affording other countries to enter the fray with minimal economic or time committed.

What Is Espionage?  
When aimed at a competing company, spying is called “industrial espionage.” For nation-state actors, corporations are enticing targets. They have an immense amount of intellectual property (IP) that can be used for military and economic gain. Nation states target these companies directly but also outsource hacking activity to others, often permitting companies they own or that are based within their jurisdiction to hack foreign companies. The Federal Bureau of Investigation (FBI) estimates that U.S. companies lose billions of dollars in IP to foreign actors each year. This includes attacks from nation-state actors and from attacks initiated by overseas competitors.[2]

Nation-state actors and their proxies are methodical, deliberate, and effective. In 2019, the cybersecurity firm CrowdStrike released an intelligence report that details how China successfully coordinated the global theft of IP from leading aerospace industry companies to build its new, state-of-the-art C919 Aircraft.[3] Stealing this IP shaved off years of research and development costs, helping to advance China’s domestic aviation program. Previously, news outlets have reported that China stole designs of the U.S. F35 fighter jet for China’s FC-31 fighter Jet.[4]

Applying this to the food and agriculture industry, one can see why the industry is an attractive target to nation states. Thanks to R&D investments, the industry has seen a significant advancement in technology. This enables the U.S. food and agriculture industry to provide more food to more people, and with fewer farms. In fact, the U.S. Department of Agriculture reports that between 1997 and 2017, the number of U.S. farms declined 8 percent and the amount of farmland declined 6 percent.[5]

Meanwhile, from 1997 to the present, the U.S. population has increased by more than 63 million people.[6] Given the level of poverty and malnutrition experienced by other nations, one should assume other countries would be interested in duplicating this success. The quickest way to duplicate these gains would be by accessing the IP that has enabled it. As the C919 example demonstrates, stealing this IP enables a country to more rapidly advance its own capabilities and goals, with little to no financial investment.

It is common for nation states to seek sensitive information from others or to spy on each other. However, we are seeing a consistent and sustained pattern of nation states—not just China—targeting private industry for sensitive information. Today, private enterprises must be prepared to guard themselves against nation-state attacks. FBI Director Christopher Wray, speaking before the Senate Homeland Security and Governmental Affairs Committee, noted that the Chinese government is “now targeting our innovation through a wider-than-ever range of actors, not just Chinese intelligence officers conducting both traditional and cyber espionage, but people they enlist to help them, like contract hackers, certain graduate students and researchers, insider threat through U.S. businesses, and a whole variety of other actors.”[7]

It is not just the nation-state actors that pose a threat. Cyber criminals and activist groups also target the food and agriculture industry. Business Email Compromise (BEC), where attackers try to impersonate or trick senior level corporate executives in the hopes of initiating a funds transfer to an account controlled by the attacker, is impacting industries across the globe. Another threat is ransomware, which gives a criminal access to a network, encrypts its data, and offers to decrypt it upon payment (usually in cryptocurrency). Several Information Technology-Information Sharing and Analysis Center (IT-ISAC) Food and Agriculture Special Interest Group (SIG) companies consider BEC and ransomware attacks among the top threats they face.

In addition, while criminals and activists often have different objectives from nation states, tools from well-funded nation states are unfortunately leaking into criminal hands. Criminal actors also sell their tools to others. So, even adversaries with limited resources can access sophisticated attack tools.

The food and agriculture industry operates in an extremely competitive and unpredictable environment. Consumer tastes and trends are constantly evolving, and crop production remains highly dependent on the weather. This is driving a digital revolution as smart devices are being deployed to factories and farms to provide more information to producers and farmers alike. There is more and more reliance on internet-connected devices to deliver food from farm to plate. However, as these new smart devices are integrated into networks, the industry is also operating on a lot of legacy technology. This poses additional security challenges—Internet of Things[8] devices increase the attack surface while companies work to secure many disparate technologies.

Security through Collaboration
With an increasing attack surface, a reliance on technology to enable the global food and agriculture supply chain, valuable IP, and a complex set of threat actors targeting the community, the cybersecurity leaders in the food and agriculture industry have a lot on their plate (no pun intended). The cybersecurity challenges facing the industry are too great for any company to effectively address on their own.

Helping companies address these threats collaboratively is the primary function of an ISAC. ISACs are trusted forums for companies in a critical infrastructure sector to collaborate on common security challenges. The ISAC model is now 20 years old and has proven successful across various industries.

Participating in an information-sharing forum provides a force multiplier for member companies. Every company has limited resources. However, participating in information-sharing forums provides companies with access to additional analysts—those in peer companies that are facing similar challenges. Companies are no longer limited to their in-house talent.

Without its own ISAC, food and agriculture companies at first appear to be at a disadvantage. Building an information-sharing organization is a time-consuming and expensive proposition. Identifying companies that would be interested in starting a new group, forming an organization, developing by-laws and operating plans, and procuring technology and staff all take time and money, which no one has in abundance.

However, with the support of leading food and agriculture companies such as Bunge, Cargill, and Conagra, the IT-ISAC has created an ISAC within the ISAC for the food and agriculture industry. The IT-ISAC Food and Agriculture SIG[9] is a trusted, industry-only forum for companies to share information about cyber threats and attacks—including specific indicators of compromise and mitigations—effective practices, and common challenges. Through the SIG, companies gain tactical threat intelligence needed to address specific, immediate threats, as well as strategic information needed to address longer-term challenges.

The Industry Is Stronger Together
To defend against cyber threats, the food and agriculture industry should continue to follow the lead from other sectors, noting that cyber security is not a competitive issue but instead an issue of collaboration. Only together can the “Food be Defended” from a plethora of adversaries.

While it might seem counterintuitive that you can improve cybersecurity by partnering with your competitor, engaging with peer companies amortizes the cost of defense by providing you with access to intelligence, analysts, and expertise to which you would not otherwise have access. It serves as a force multiplier by connecting specialized expertise and analysts from across a diverse industry. This gives your company access to intelligence that will help you understand the threat, which will better enable you to manage risk.

Corporate threats like competition will never go away but will continue to evolve, requiring faster, cheaper and better solutions for companies to remain viable and profitable. Partnering with others experiencing the same frictions makes good business sense, particularly where close margins mean constrained capital for reinvestment. Defend better by working together.

Robert A. Norton, Ph.D. is a professor at Auburn University who consults widely on food defense. He can be reached at nortora@auburn.edu. Scott C. Algeier is president and CEO of the cybersecurity consulting firm Conrad, Inc. and serves as the executive director of the IT-ISAC, among other industry leadership positions. He can be reached at scott@conradinc.biz.

References
1. U.S. Code § 2331 defines an “act of war” as “any act occurring in the course of declared war; armed conflict, whether or not war has been declared, between two or more nations; or armed conflict between military forces of any origin.” www.law.cornell.edu/uscode/text/18/2331.   
2. www.fbi.gov/file-repository/economic-espionage-1.pdf/view.
3. The CrowdStrike Research Report is available at www.crowdstrike.com/resources/wp-content/brochures/reports/huge-fan-of-your-work-intelligence-report.pdf.
4. www.cnn.com/2015/01/19/world/china-us-f35-fighter-denial/index.html.
5. www.nass.usda.gov/Publications/Highlights/2019/2017Census_Farms_Farmland.pdf.
6. www.census.gov/prod/3/98pubs/p23-194.pdf; www.census.gov/popclock/.
7. insidecybersecurity.com/daily-news/fbi-director-web-actors-enlisted-beijing-steal-intellectual-property-larger-ever (subscription required). Director Wray’s full statement is here: www.hsgac.senate.gov/imo/media/doc/Testimony-Wray-2019-11-05.pdf.
8. For more information on the Internet of Things (IoT), see www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#2b4138791d09.
9. For more information on the IT-ISAC Special Interest Group – Food and Agriculture SIG, see www.it-isac.org/special-interest-groups. A FAQ is also available at 130760d6-684a-52ca-5172-0ea1f4aeebc3.filesusr.com/ugd/b8fa6c_b7340ebee6e240e3989b841eae3f90b5.pdf.


Author(s): Robert A. Norton, Ph.D., and Scott C. Algeier

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
to unlock your recommendations.

Already have an account? Sign In

  • people holding baby chicks

    Serovar Differences Matter: Utility of Deep Serotyping in Broiler Production and Processing

    This article discusses the significance of Salmonella in...
    Meat/Poultry
    By: Nikki Shariat Ph.D.
  • woman washing hands

    Building a Culture of Hygiene in the Food Processing Plant

    Everyone entering a food processing facility needs to...
    Sanitation
    By: Richard F. Stier, M.S.
  • graphical representation of earth over dirt

    Climate Change and Emerging Risks to Food Safety: Building Climate Resilience

    This article examines the multifaceted threats to food...
    Management
    By: Maria Cristina Tirado Ph.D., D.V.M. and Shamini Albert Raj M.A.
Manage My Account
  • eMagazine Subscription
  • Subscribe to eNewsletter
  • Manage My Preferences
  • Website Registration
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Food Safety Magazine audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Food Safety Magazine or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • mold
    Sponsored byIFC

    Tackling Mold Remediation in Food Processing Plants

  • a worker in a food processing plant
    Sponsored byLPS® DETEX®

    How a Beverage Facility Improved Food Safety and Compliance with Detectable Packaging Solutions

  • Two men standing in a produce storage facility having a discussion.
    Sponsored byOrkin Commercial

    Staying Compliant With FSMA

Popular Stories

sunflower oil

Louisiana Passes ‘MAHA’ Bill Targeting More Than 40 Ingredients, Including Seed Oils, Dyes, Sweeteners

smoked salmon in oil

Study Shows Food Type Significantly Affects Listeria’s Ability to Survive Digestion, Cause Sickness

FSM podcast

Ep. 197. Jatin Patel: Lessons Learned and Best Practices for Handling a Recall

Events

July 15, 2025

Hygienic Design Risk Management: Industry Challenges and Global Insights

Live: July 15, 2025 at 11:00 am EDT: From this webinar, attendees will learn the importance of hygienic design to ensure food safety and sanitation effectiveness.

July 22, 2025

Beyond the Binder: Digital Management of Food Safety

Live: July 22, 2025 at 3:00 pm EDT: During this webinar, attendees will learn best practices for the use of digital food safety management systems across industry and regulatory agencies.

August 7, 2025

Achieve Active Managerial Control of Major Risk Factors Using a Food Safety Management System

Live: August 7, 2025 at 2:00 pm EDT: From this webinar, attendees will learn about changes to the FDA Food Code, which now includes a requirement for FSMS. 

View All

Products

Global Food Safety Microbial Interventions and Molecular Advancements

Global Food Safety Microbial Interventions and Molecular Advancements

See More Products
Environmental Monitoring Excellence eBook

Related Articles

  • Food Defense Is All About Protecting Yourself: Part 1

    See More
  • conveyor belt

    How is the Revolution in Technology Changing Food Safety?—Part 2

    See More
  • What Industry and FDA Are Thinking about FSMA Implementation – Part 2

    See More

Related Products

See More Products
  • 0813808774.jpg

    Improving Import Food Safety

  • 1119053595.jpg

    Food Safety for the 21st Century: Managing HACCP and Food Safety throughout the Global Supply Chain, 2E

  • food safety.jpg

    Food Safety Contaminants and Risk Assessment

See More Products

Related Directories

  • ETQ, part of Hexagon

    ETQ Reliance is the world’s most flexible, powerful & easy-to-use advanced Quality Management System. Automate & standardize all aspects of quality, from document control, training, CAPA, audits, supply chain & more. Benefit from improved compliance, enhanced reputation, reduced costs, speed to market & visibility into your supply chain.
  • Aptar Food + Beverage - Food Protection

    Aptar Food + Beverage – Food Protection manufactures premium active packaging systems and processing equipment, applying its unique material science expertise to develop advanced packaging systems that help extend freshness and enhance safety for fresh-cut fruits, vegetables and seafood. The company’s newest groundbreaking technology, InvisiShield™, offers an antimicrobial packaging solution that seamlessly integrates into sealed packages to protect fresh-cut produce and other food products from bacteria, fungi and viruses. Other offerings include trays, pouches, containers, slicing equipment, lidding film, and tray sealing technology.
×

Never miss the latest news and trends driving the food safety industry

eNewsletter | Website | eMagazine

JOIN TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Directories
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • Instagram
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing