Food security: how protected is our supply chain from cyber attacks?

With grocery prices soaring and the war in Ukraine raging on, how vulnerable is our supply chain infrastructure to disruption?

The UK is currently facing one of the worst cost of living crises, with the OECD (Organisation for Economic Co-operation and Development) noting annual inflation of 9.4%, exceeding the Eurozone’s average of 8.6%. In the year to June 2022, food and non-alcoholic beverages as a part of the Consumer Price Index in the UK rose 9.8%. With rising energy prices, we’re all hurting, with the biggest impact on the most poor who are spending even more of their monthly budget on these essentials.  

The conflict in Ukraine put a spotlight on the potential for disruption to our food supply chain. It took to the end of July, months into the war, for Ukraine and Russia to negotiate a deal which allows for the export of grain through the Black Sea. In July there were already 20 million tonnes of grain stuck in silos in the port city of Odesa, rotting away. The same conflict in Ukraine has dramatically affected transportation and logistics costs, not just impacting us at the pump, but making it all the more expensive to transport food from farms to our tables. All it takes is a walk into the supermarket to plainly see how globally interconnected our food supply chain is: grain from Ukraine, chard from Spain, apples from Chile and bananas from Ghana.  

Pressure is being placed on the fabric of our societies, which needs this fragile, interconnected mesh of supply chains. With such fragility, we need to look beyond the bricks and mortar to our digital realm to better understand where we might be at risk from cyber disruption across our critical supply chain infrastructure. Only that way can we better protect ourselves and become more resilient in the face of such uncertainty.  

 The machinery we rely on 

Our farms are becoming ever more connected, where data is being taken advantage of to do things like more accurately measure crop yields and more efficiently manage jobs around the farm using connected and autonomous vehicles.  

With these opportunities comes risk. We heard last mid-last year that hacker ‘Sick Codes’ had accessed farm machinery manufacturer John Deere’s customer information and farm data by infiltrating their data operations centre. Agricultural ‘smart’ machinery manufacturers can become single points of failure for our farming supply chain; if a hacker were to disable fleets of CNH, New Holland or John Deere machinery, they could put a dramatic halt on our farmer’s ability to complete the work they need to grow or raise our food.  

It’s not just on the farm that we’re more connected, but further down the supply chain at the processing and distribution stage as well. In June 2021, the world’s largest meat supplier JBS was hit by a ransomware attack on its servers, shutting down its processing capability for days. This represented one quarter of the US’ total capacity for processing beef, pork and chicken.   

Moving our food from A to B  

We also need to think about the fabric which stitches together key operations in our global food supply chains: transport links. Our port infrastructure, as well as the trucks, container ships and trains which service them are all critical to getting the food we need to us every day. All of these processes are managed using connected software, and automated using machinery too.  

As an example, shipping lines are highly dependent on their IT and automation infrastructure. Danish conglomerate Maersk fell victim to the ‘NotPetya’ attack in 2017, resulting in ransomware locking staff out of their computers all over the global operations. This meant that container ships could not be loaded or unloaded and trucks were turned away from ports. It took two weeks for ports to begin operating normally again. This one attack resulted in around $300 million in losses for Maersk.  

The software we need 

Our food industry is based on a solid understanding of the food we buy, as well as the auditability of each step along the supply chain. We rely on software and ‘smart’ systems to check our food quality and maintain hygiene for health and traceability purposes. The shut down or corruption of the data in these systems caused by a cyber attack could not only sow confusion, but can impact the viability of the food itself as its being transported to retailers from our farmers.  

Buying from our retailers 

The final step is the retailers we buy directly off, or the wholesale distributors our cafes, restaurants and venues use. They need the ability to keep our food fresh or cold, with the future being fully connected ‘smart stores’. There’s also the customer facing tools we need to actually buy our food: the barcode scanner, the till, and the point of sale devices used to take our payments. While there have been incidents of theft of credit card detail theft from point of sale and other systems in the past, the real risk for our supply chains comes from the disruption or outage of the payment system. Even with our supermarkets stocked up, we wouldn’t be able to pay for the food we need to continue with our everyday lives, and so too is the supply chain at risk from not receiving the cash they need to continue operating at a daily basis.   

What’s the bottom line?  

We live in a highly interconnected world, where the supply chain to get our food from farm to fork is fragile and littered with risk for cyber disruption. Food at an accessible price is critical for our national security, and we need to view this supply chain as critical national infrastructure. This means we need to embed a strong cyber security posture along every step of the way. Cooperation is essential across everyone involved, from our equipment manufacturers to our farmers, processors, distributors, logistics providers and retailers. The failure of one cog in this food supply machinery from a cyber attack could bring our countries grinding to a halt. When it involves something so necessary for all of our survival, without adequate protections, we could be in for a shock to the core of our society.  

 Originally featured by the Evening Standard