Lawmakers Propose a Farm and Food Cybersecurity Bill
The image of a small town farmer losing sleep over the potential of a cyberattack seems like one meant for a comic strip. But, the truth is, it’s a little more real and quite a bit less comical. The food system is more technologically advanced than most consumers realize. There are many critical points where small disruptions can have far reaching impacts. Most of us don’t think the food supply chain is delicate because we regularly shop the abundance of our grocery stores.
How Secure is Our Food Supply?
Flash back to the height of the pandemic when it became very obvious that the American food supply chain was highly sensitive to disruption; and, the more recent Ransomware attacks on both large and small companies. Take a closer look at the intricate network of players in the supply chain itself, from feed suppliers, to fertilizer producers, to growers, to processors, to distributors, to retailers; to name just a few. In an effort to be more efficient they have all adopted new technologies. Add in the growing push towards automation, precision ag, and the use of drones, robotics, and sensors on farms across the nation. Don’t forget the data collection AI machine that can learn to make improvements. Put all these components together and we’ve got ourselves a situation to consider.
January wrapped up with lawmakers from both the House of Representatives and the U.S. Senate introducing legislation specifically intended to address cybersecurity in the agriculture sector. https://industrialcyber.co/regulation-standards-and-compliance/us-lawmakers-propose-farm-and-food-cybersecurity-act-to-boost-cyber-protections-for-agriculture-food-supply-chain/
How Prepared for a Cyber Attack Are We?
The agriculture industry in the United States is a prime target for cyber attacks for two main reasons. Our highly concentrated industry is efficient at driving down costs and increasing the output and disseminating safe and affordable food. But the large, efficient plants and operations also create potential choke points that can cause major disruptions. Two past events clarify the significant impact a cyberattack could have on supply.
A beef processing plant in Holcomb, Kansas was the subject of an attack in 2019. This facility had a daily capacity of 6,000 head of cattle per day; roughly 6% of the national capacity. The attack came in the form of a fire which resulted in a shutdown of the processing plan. In less than one week boxed beef prices saw an increase from $215 to $240 per hundredweight. Unable to accommodate all of the cattle available to be processed, producer prices fell 8-10% that same week.
In the 2021 JBS Ransomware attack, it was clear that when a few large companies control extensive portions of the country’s food supply any attack could be devastating. While the 2019 attack only took out one facility, the cyber attack had the potential to take one quarter of beef capacity offline.
Fewer companies mean larger targets. When an attack occurs and even one operations is disrupted, the effects are felt nationwide. The cattle didn’t disappear, but suddenly we couldn’t do anything with them other than pay to feed them. The chain is fragile.
Second, while likely all agriculture companies use information technology, few understand it and the many ways it can be manipulated. Iowa co-op, New Cooperative, was attacked in 2021 resulting in a complete online shut down. The co-op said that 50% of its devices relied on automated technology. Though the co-op was able to resume some activity by resorting to manual methods, the system shut down brought their ability to receive, process and deliver grains to a snail’s pace. As a result, area farms and markets experienced a shut down of their own. https://www.desmoinesregister.com/story/money/agriculture/2021/10/06/iowa-grain-cooperative-recovering-cyberattack-remains-mum-ransom/6007123001/
Join the Conversation
Farmers, equipment companies, and service providers are all discussing data ownership and safety. The conversation on the topic of data has progressed significantly, and the conversation around security hasn’t caught up yet. Most companies are currently using systems that were designed long before cyberattacks were an issue. It begs the question; in our haste for efficiency, did we compromise the resiliency of our food supply chain in more ways than one?
The goal of the proposed Farm and Food Cyber Bill is to identify vulnerabilities and implement protective measures within the food supply chain. In doing so, it would bring the Secretary of Agriculture, Homeland Security, National Intelligence and Health and Human Services into one conversation focused on bolstering our cyber defenses. Government and industry sharing knowledge with each other for the sake of protecting America’s food and supply infrastructure.
Awareness is key here. The more companies across the value chain that understand the vulnerabilities of their systems, the more apt they will be to update operating systems and add layers of security; a concept most operators understand because of HACCP plans. Should the bill pass, regular studies will be done to examine the vulnerable pieces of the supply chain and the extent of damage that could be felt nationwide. We already know that a cyber attack could influence food safety and food supply, but perhaps there are other things to think about such as food reserves, environmental damage, and price raises that could dramatically affect consumers.
Comments