Cybersecurity In The Food And Agriculture Sector

Friday, April 8th, 2022 | 723 Views

The top priorities for producers and suppliers in the food and agriculture sector have long focused on diversified food sources and improved productivity through technology adoption. However, in recent years the rise of cyber criminals targeting critical infrastructure has meant that cyber security and the fight against criminal threats must now take centre stage.

By Vijay Iyer – Regional Vice President – Solutions Engineering, APJ, Claroty

It was only in September 2021 when the FBI published a Private Industry Notification (PIN) highlighting the rise in ransomware attacks targeting the food and agriculture critical infrastructure sector, with concern that these attacks would impact the food supply chain.

Just a few weeks ago in February, the United States, United Kingdom, and Australia issued a joint Cybersecurity Advisory on the “Increased Globalized Threat of Ransomware” against critical infrastructure sectors, including food and agriculture.

“Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally,” said the advisory.

Real-world examples: JBS Foods and NEW Cooperative

One of the ransomware attacks highlighted by the tripartite advisory was the one against JBS Foods, which processes roughly one-fifth of the world’s meat supply, in late May 2021. The company was compromised by an attack that shut down its plants and meat distribution as well as paid US$11 million in ransom to appease the hackers.

Then, only a few weeks after the FBI’s notification in September, NEW Cooperative, a farmer cooperative with 60 locations operating in the US, was forced to shut down its operations in a ransomware attack. The company declined to comment if it paid the US$5.9 million ransom demanded of it.

The JBS attack came from a hacker organisation known as REvil or Sodinokibi, which is believed to be based in Russia, while the group targeting NEW Cooperative was DarkSide, a Russian-speaking ransomware-as-a-service. Given the current political tensions, there is real concern that the attackers may look beyond monetary gain, and be aiming to critically disrupt the supply chain.

Legacy systems exposed to new cyber threats

The crux of the issue is that many food and beverage production sites run on legacy operational technology (OT) that was never designed to be connected to the internet. However, the recent push for digitalisation has exposed old systems to new cyber threats.

Claroty’s most recent Biannual ICS Risk & Vulnerability Report highlights that more researchers and threat actors are looking at vulnerabilities in IT and OT systems running in food and beverage plants, with a 56% increase in industrial control system (ICS) vulnerabilities from 2019 to 2020 after relatively few reports prior to 2019.

When looking at vulnerabilities for all industries in general, 87% of them are low complexity, meaning they don’t require special conditions and an attacker can expect repeatable success every time. Additionally, 70% don’t require special privileges before successfully exploiting a vulnerability, and 64% of vulnerabilities require no user interaction.

Finally, 63% of the vulnerabilities disclosed can be exploited remotely over a network. While today’s hyperconnected world means that employees can work literally from anywhere in the world, it also means attacks can come from everywhere.

More than 60% pay the ransom

There is evidence that most companies do pay the ransom when they are attacked. In a global survey of 1,100 critical infrastructure organisations conducted last year by Pollfish on behalf of Claroty, over 60% of the respondents who reported experiencing a ransomware attack chose to pay the ransom.

The financial impact was significant. Of those who paid, 30% paid between US$500k to US$1 million, 15% paid between US$1 million and US$5 million, and 7% paid more than US$5 million.

Simply put, for many companies, the cost of paying the ransom is cheaper than the cost of not paying it. The majority of respondents estimated that the loss in revenue per hour of downtime to their operations was equal to or greater than the payout.

However, cybersecurity authorities discourage the paying of ransoms. This is because it gives the perpetrators more resources to wreak more havoc on other victims, while simultaneously not being a guarantee of rectifying the problem. Additionally, companies that pay off the ransom often stop working with authorities to track and catch the criminals.

Regardless of the decision whether to pay or not, the advice given is to immediately disconnect affected systems from the network, or if that is not possible, to power them down to prevent further damage. Restoration and recovery needs to be based on a list of critical priorities, and organisations that have already planned out a response in case of such an emergency will clearly be able to get back on their feet more quickly.

Making hyperconnectivity more secure

However, these threats will continue as long as deploying ransomware continues to be lucrative. The only way to mitigate the risk is to understand how to make hyperconnectivity more secure, by addressing gaps in processes and technology, and preparing for the worst if it should eventually occur.

A number of national agencies have shared guides addressing the issue of ransomware, such as the US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian National Cyber Security Centre (ACSC). All stress the importance of recent reliable backups and are a part of security for the system as a whole.

Effective industrial cybersecurity starts with knowing what needs to be secured. Good practices include maintaining a current inventory of all assets, processes and connectivity paths, and strengthening them where possible.

Resilience can be built through network segmentation, essentially quarantining sections of the systems from each other so that attackers cannot easily infect them.  Maintaining and storing backups offline will enable quicker data restoration when needed and help resume operations.

Employees also need to be aware of what could go wrong, and organisations need to take the responsibility of training their staff on the dangers of social engineering and phishing techniques. Even simple practices like not supplying passwords openly via email and reporting suspected phishing attempts all play their part in maintaining resilience.

Finally, organisations should be diligent in testing their incident response plans and conduct tabletop exercises to put those plans into motion, all without impacting production environments. Training and testing improves response and ensures business continuity.


Say Goodbye To Plastic Coated Moisture Barrier Paper!
Vitafoods: Natural-Based Products With Functional Ingredients
Food Supply Chain Recovery: Sector Crucial For Economies To Get Back On Track
Complete Solutions For Meat, Sausage And Plant-Based Alternatives
Californian Startup Eat Builds Largest-Ever Plant-Protein Factory In Singapore
‘Meet-Use-Experience’ Initiative To Accelerate The Distribution Of Kikkoman Soy Sauce across India
ABG+® Aged Black Garlic Moves Into Gummies Space

To not miss our exclusive articles, follow us on our social media platforms LINKEDIN, FACEBOOK, TWITTER