What protections are in place when it comes to America’s food producers and suppliers? It’s a hard question to answer.
While government seems aware of the need for protection, and there are certainly plenty of hard-working agents and IT experts working on the front lines, it’s hard to get a read on just where things stand. Efforts to interview officials in the U.S. Department of Agriculture for this article were met with non-responses. Yet there is clearly awareness of the issue, based on Executive Order 14017, issued by President Joe Biden in February of this year.
The order tasked heads of federal agencies to report to the president on the strength and resilience of America’s supply chains. Secretary of Agriculture Tom Vilsack and his department were ordered in consultation with the heads of appropriate agencies to “submit a report on supply chains for the production of agricultural commodities and food products.”
All reports ordered were to include a review of the “defense, intelligence, cyber, homeland security, health, climate, environmental, natural, market, economic, geopolitical, human rights or forced labor risks or other contingencies that may disrupt, strain, compromise or eliminate the supply-chain, including risks posed by supply-chains’ reliance on digital products that may be vulnerable to failures or exploitation. …”
In response to publication of that Executive Order and a call for public comments, Jennifer van de Ligt, director of the Food Protection and Defense Institute at the University of Minnesota, outlined concerns over what she called “significant cybersecurity-related risks to the agricultural and food products supply chain that threaten its resilience and companies and consumers nationwide.”
The Institute addresses vulnerabilities in the global food system, with what it calls a “comprehensive, farm-to-table view.” It partners with industry, government and academic stakeholders to help assure product integrity, supply chain resilience and brand protection.
Ligt said in a public letter that the institute saw considerable risk of disruption, strain and compromise from vulnerability to cyberattacks on industrial control systems used in agricultural production, agricultural and food processing, and manufacturing. She pointed specifically to vulnerabilities built into systems and a lack of awareness among executives, equipment operators and regulators of risks.
Ligt wrote that potential consequences would include disruption in availability of agricultural and food products, injury and death to livestock and even the release of unsafe foods into the market that sicken consumers and damage company brand reputations.
Her words seem prophetic in retrospect. Ligt’s attempts to alert authorities, addressed to Melissa Bailey, of the USDA’s Agricultural Marketing Service, were dated March 18, 2021. Less than two weeks later, on March 30, 2021, JBS USA announced it had been hacked.
PRIVATE ENTITIES HAVE TO PROTECT AG
CHS cybersecurity expert Sarah Engstrom is hopeful there will be positive and proactive moves in the future at the governmental level to combat these ongoing cyberattacks. For now, however, she says we can’t count on the government to protect agriculture against cybercriminals.
“I sincerely hope they are part of a future solution to these problems, but we can’t hold our hats and twiddle our thumbs and wait. Private entities will have to invest, ask questions, and accept that interconnected systems are part of almost everyone’s business today. We have to be prepared to protect ourselves and what we’ve worked so hard to create.”
Editor’s Note: This is the third story in our special Cybersecurity and Ag series that examines the threat cyberattackers pose to agriculture and explores what farmers, ranchers and agribusinesses can do to protect themselves against these high-tech criminals. Next in the series: Is precision ag creating more opportunity for hackers?
You can find earlier stories in this series at:
- Cybersecurity and Ag – 2
- Cybersecurity and Ag – 1
Victoria Myers can be reached at firstname.lastname@example.org
Follow her on Twitter @myersPF