Cyberattacks Pose an Increasing Threat to Food Production and Safety, Researchers Say

• The industrial control systems used for processing and manufacturing food contain many vulnerabilities that are an appealing target for cyberattacks.
• Many systems also use outdated, legacy operating systems with hard-coded passwords that could allow attackers to gain unauthorized access to these systems.

What’s the matter?

The University of Minnesota’s Food Protection and Defense Institute (FPDI) has published a new report titled “Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing”.

Key Highlights

This report highlights that cyberattacks pose an increasing threat to the food industry.

• In this report, researchers have outlined that the ICS systems used for processing and manufacturing food contain many vulnerabilities that are an appealing target for cyberattacks.
• Researchers identified that many systems also use outdated, legacy operating systems with hard-coded passwords that could allow attackers to gain unauthorized access to these systems.

“In 2011 alone, researchers and manufacturers revealed over 200 ICS vulnerabilities. The numbers increased every year afterward to early 2016, the end of the study period. So, industrial control system vulnerabilities exist and are plentiful,” researchers said in the report.

Apart from vulnerabilities, researchers have also noted other factors that concern cybersecurity such as:

• Lack of awareness about cybersecurity
• Lack of knowledge about how industrial control systems and IT systems interact,
• Poor coordination and information-sharing among food system stakeholders.

“The food industry has not been a target of costly cyberattacks like financial, energy, and health care companies have. However, as companies in those sectors learn to harden their defenses, the attackers will begin looking for easier victims,” Stephen Streng, lead author on the report said.

Consequences

The potential consequences of a cyberattack against the ICS systems used in the food industry include adulterated food that threatens public health, physical harm to workers, destroyed equipment, environmental damage, and massive financial losses for food companies.

Recommendations

The researchers also provide recommendations to the food industry to prevent cyberattacks against the industry, which include:

• Conduct periodic risk assessments in both industrial control systems and IT systems
• Facilitate better communications between operations technology and information technology (IT) staff
• Consult cybersecurity experts while procuring or deploying new industrial control systems, and
• Include cybersecurity in the food safety and defense industry.

“Cyberattacks could have financially devastating consequences for the food industry, particularly among smaller companies, and in the worst case can threaten the public’s health. We hope this report will raise awareness among food industry executives of this potentially severe risk and will inspire them to start addressing it with the same care and urgency they apply to other aspects of food safety,” Amy Kircher, Director of FPDI said.