Cyberattacks pose a major threat to the reliability and safety of food supply in the U.S. and around the world. The sources of cybersecurity threats for food processing facilities continue to increase, ranging from criminal organizations, nation states (state-sponsored hacking groups), hacktivist groups (crowdsourced hacking for a variety of different “causes”) and disgruntled insiders. Attacks from these groups can potentially lead to significant supply disruptions and even food safety issues.

The COVID-19 pandemic has already highlighted the susceptibility of food supply to disruptions and the potential for significant price fluctuations for consumers. From March to June of 2020, U.S. consumers saw a 10% jump in the cost of meats, poultry, fish and eggs, and a 20% jump in the cost of beef. A large-scale cybersecurity incident could cause similar ripples in supply.

Patrick O’Brien

Patrick O’Brien is a cybersecurity team lead at exida, where he conducts safety and cybersecurity risk assessments, supports program development and delivers lifecycle services for industrial applications, including chemical, oil and gas, pharmaceuticals, food and beverage, machinery, and robotics. He is a coauthor of two industrial cybersecurity books. Image courtesy of exida


This has already been seen in cases like the 2021 ransomware attack on JBS, the world’s largest beef supplier, which led to production disruptions in at least six U.S. meat processing facilities. The incident only ended after an $11 million ransom was paid to REvil, a prominent Russian hacking group.

While the potential for hackers to disrupt the distribution of food sources is serious enough, there is also the distinct possibility of a cybersecurity incident impacting food safety for consumers. An example of this was already seen when hackers successfully increased the lye (sodium hydroxide) concentration to 100 times higher the typical level at the Oldsmar, Fla., water treatment facility. Although it was caught well before the issue made its way downstream to consumers, the concentration was high enough to cause serious injury if left unchecked.

The threats facing food processing facilities are already here, and there is no longer any time to delay implementing minimum protections for these sites. The argument that hackers only target large oil and gas companies no longer holds water. The food industry must be treated with the same level of care as other critical industry sectors.

The good news is that simple steps can go a long way toward defending against the most common types of cybersecurity incidents impacting industrial facilities:

  • Cybersecurity Awareness: Phishing emails and compromised accounts/passwords continue to be one of the most common methods for gaining initial access into IT systems and industrial systems with remote access applications (the case of the Oldsmar Water Treatment plant). Training employees to take caution when receiving external emails, checking the sender address, checking any links carefully and asking the IT team when employees have questions can lead to significant reductions in instances of staff clicking on phishing links.
  • Segment the Industrial Network from the Corporate Network: Corporate networks are connected to many external networks, including the internet, but the industrial control systems used to operate food processing plants should not be. Although significant progress has been made in improving the security of industrial devices in recent years, these devices were never meant to be connected to untrusted external networks. A strong demilitarized zone (DMZ) using one or two firewalls to prevent all direct traffic from the IT network to the industrial control network provides a key layer of defense against external attacks.
  • Patch Known Vulnerabilities: Many cybersecurity incidents affecting industrial networks take advantage of known vulnerabilities that may be present in the system for months or even years. Although it is much more difficult to patch industrial systems (due to the concern of disruptions to operations), it is still important that the vulnerabilities in the system are identified and patched in an appropriate timeframe, which can be proactively scheduled around operational activity.
Fingers typing on keyboard
Photo courtesy of Getty Images Plus / YuliyaTaba

After tackling this low-hanging fruit, companies should implement a more robust cybersecurity program. Proactively aligning cybersecurity activities with existing quality and safety measures will help to improve resiliency against cybersecurity threats more quickly and to embed cybersecurity into a site’s existing safety culture.

Understanding which security requirements to implement as part of a cybersecurity program can seem like a significant challenge by itself, but leveraging existing industry standards that are already tailored to industrial applications such as the ANSI/ISA-62443 series significantly reduces this development time and ensures that industry best practices are incorporated into the organizational approach.

Although the cybersecurity threats facing the food sector are great, the guidelines and tools necessary to tackle these challenges are available for companies who choose to take action to secure and safeguard their portion of the food supply.