article

Hacked: 5 reasons why your food might be in danger

Can the food supply chain be hacked? Which dangers exist? What can be done? Take a look at the five reasons for why threats exist.

food-fraud-hacking-cyber-threat

Thanks to a renewed appreciation for the reality of a cyber threat to smart devices, industry is beginning to invest in cyber security. The food industry is no exception. 

To explore this further, New Food takes a look at the five reasons for why your food might be at threat from cyber criminals and hackers. To prevent, we must first understand. 

#1 The inherent vulnerability of smart devices

Smart devices often utilise badly written code in order to keep costs as low as possible perhaps using incomplete or inefficient software. This means that our food is vulnerable to hacking. Imagine a scenario in which hackers adulterate products, nab secrets or intentionally spoil perishable items… This all threatens the very safety of consumers and is ultimately due to the fact that the devices we use in industry are themselves hackable. The food industry is no different in this respect to any other. 

#2 The complexity of the supply chain encourages cyber penetration

The intrinsic inter-connectivity of the supply chain necessitates that attackers are able to take advantage of a single link in the chain which would corrupt the entire system. Its complexity means that if just one of the many points are penetrated by hackers, then the entire food can be corrupted and manipulated accordingly. 

“That’s the wonder of modern manufacturing, and that’s the vulnerability of modern food manufacturing,” says Brian Isle, a researcher at the University of Minnesota and long-standing cyber-security consultant.

#3 Criminal opportunity

Due to the technological possibility (point one) and food industry’s particular susceptibility (point two), criminals are presented with financial opportunity. Food fraud is a serious issue that threatens the food and beverage industry and up until recently was largely carried out in many ways that were largely centred around the replacing of or diluting of the original claimed food stuff so as to maximise profit margins. The dilution effect can be seen in the horse meat scandal of 2013 in which beef was diluted or entirely replaced with horse meat as it increased criminal profit. Food fraud could quite realistically become cyber. 

In this respect, researchers have already contextualised the cyber threat as further detailed here at techcrunch.com. The simulation created a form of ransomware that infiltrated the water supply system. Their program installed itself within a model water plant and enabled researchers to change chlorine levels, shut down water valves, and send false readings to monitoring systems. 

“We are expecting ransomware to go one step farther, beyond the customer data to compromise the control systems themselves,” said David Formby, a Ph.D. student and co-author of the study. “That could allow attackers to hold hostage critical systems such as water treatment plants and manufacturing facilities. Compromising the programmable logic controllers (PLCs) in these systems is a next logical step for these attackers.” 

Imagine the consumer health threat of this occurring a a dairy processing plant. 

#4 Reluctance to invest

A lack of education and awareness, coupled with a lack of financial resources (as much of the food industry is comprised of Small and Medium-sized Enterprises (SMEs)) has led to a slow rate of reaction and investment. Food companies are often more worried by the visible threats to food quality and safety and ensuring supply meets demand, rather than cyber-security. This lack of incentive to invest may mean that a large scale, public hack to a major company may need to occur before the industry begins to sit up and take notice. That said, the probability of such a hack surfacing is further threatened as many large companies fear of reporting hacks so as to lose public confidence. 

#5 Lack of a legal imperative

Under the FDA’s Food Safety Modernisation Act, called “the most sweeping reform of our food safety laws in more than 70 years” companies must develop a comprehensive food defence plan but are not specifically, legally required to address cyber-security. 

All of these factors present a very worrying case and there are solutions emerging. Many see blockchain as a presenting the potential to secure the supply chain, a simplification of the entire industry is argued to be in order. The aim is not to scaremonger but to raise awareness. The world is entering a new age and industry in general and the food industry must move with it.