Customers at various grocery stores were recently surprised to find shelves empty and prescriptions delayed. A cyberattack in early November hit Ahold Delhaize USA, causing disruptions in over 2,000 stores, including Hannaford, Food Lion and Stop and Shop. Specific information about the attack’s nature has not yet been disclosed publicly.
Due to the impact on digital systems, some stores couldn’t process credit/debit cards, while others had to halt online orders. Moreover, Hannaford’s website was offline for multiple days. Issues with food supply have persisted for weeks in certain regions, particularly in New England, highlighting the consequences of cyberattacks on daily living.
The realm of cybersecurity in the agrifood sector
The significance of cybersecurity in the food distribution chain is rising with the growing digitization of the agrifood industry. The rise of intelligent farming means that a cyber threat can even impact cultivation and harvesting. Beyond production and distribution, a cyberattack might endanger food safety by disrupting systems that oversee food temperature during production, potentially causing contamination.
Cybersecurity holds particular importance within this field since a single issue can rapidly escalate globally. With the intricate process of moving food from farms to tables, a vulnerability in one small enterprise can severely affect the food supply chain. Additionally, numerous agrifood companies heavily rely on external suppliers.
“One of the difficulties posed by ransomware attacks is their repercussions that extend beyond the victimized company to its suppliers or partners. Given the interconnected structure of the food and agriculture industry, disruptions in one entity are likely to cause a ripple effect,” as mentioned in the Farm to Table Ransomware Report by Food Ag ISAC.
For instance, various grocery chains employ third-party vendors for product transportation. An attack on such a logistics company can paralyze essential systems, leading to delays in product deliveries and resulting in empty store shelves.
“Attacks targeting suppliers, distributors, or logistics providers may delay deliveries, create shortages, or introduce counterfeit goods. Disruptions in the supply chain can have widespread implications, affecting not only company profitability but also food availability and driving up prices for consumers,” reports Food Safety magazine.
As outlined by Forbes, FBI Special Agent Gene Kowel, at the FBI Agriculture Threats Symposium in Nebraska, emphasized: “The cyber risks and national security threats to farms, ranches, and food processing facilities are escalating rapidly. The threats are becoming more intricate, severe, and extensive.” He also identified the four primary threats facing the agriculture sector: ransomware attacks, foreign malware, data theft, intellectual property theft, and bioterrorism affecting food production and water supplies. Furthermore, he cautioned that foreign powers actively seek to destabilize the U.S. agriculture industry.
Discover cybersecurity services
Recent cyberattacks within the agrifood domain
Although grocery stores have dominated recent headlines regarding cyber incidents in agrifood, numerous enterprises have encountered cybersecurity threats in recent times.
In October 2021, Schreiber Foods, a milk processing company, fell victim to a ransomware attack, disrupting the entire milk supply due to digital process alterations in milk processing, as reported by ZDNET. According to Wisconsin State Farmer, milk deliveries resumed five days after the cyber event. Moreover, transporters faced impediments accessing facilities, and the company encountered a $2.5 million ransom request.
The notorious cyber intrusion on JBS, the largest meat processing company globally, also unfolded in 2021. Operations halted at 47 sites in Australia and nine locations in the U.S. for five days following the encryption of systems by the Russian hacker group Revil. JBS reportedly bowed to a $11 million ransom demand. The attack led to meat shortages and resulted in temporary price hikes.
Farm and Food Cybersecurity Act
To bolster cybersecurity within the agrifood industry, the Farm and Food Cybersecurity Act is presently under review in both the U.S. House of Representatives and the U.S. Senate. A pivotal aspect of the act involves the agriculture secretary conducting a biennial study on cybersecurity risks and vulnerabilities within agriculture and food sectors.
Furthermore, the agriculture secretary will collaborate with other agencies to execute an annual cross-industry crisis simulation drill for food-related cyber crises or disruptions.
“Food security signifies national security, hence safeguarding American agriculture from cyber threats is imperative,” expresses Rep. Elissa Slotkin, D-Mich. “Beyond being merely a technological issue, cyberattacks have the potential to disrupt daily routines and jeopardize our food supply – as seen a while back when cyber culprits took offline the meat processing behemoth JBS with a ransomware attack. This legislation mandates the Department of Agriculture to work in close synergy with national security bodies to shield us against adversaries like China aiming to undermine our autonomy in feeding ourselves.”
Minimizing the risk of agrifood cyber incidents
Owing to their indispensable role in the food ecosystem, all entities in the agrifood industry should accord high priority to cybersecurity. To enhance cybersecurity practices in this sector, the Cybersecurity and Infrastructure Security Agency (CISA) has recently furnished a Food and Agriculture Cybersecurity Checklist.
The checklist provides guidance on:
While the recent sight of empty grocery store shelves serves as a stark reminder of cybersecurity’s importance, the agrifood industry must adopt a proactive stance in addressing cybersecurity vulnerabilities every day throughout the year.