Submitted by the Food Safety Summit

In 2021 the United States of America experienced cybersecurity ransomware attacks on industry i.e., the Colonial Oil Company and Pilgrim’s Pride of JBS. Does your IT department and top management have your critical food safety and supply data protected from hacking?  The 2022 Food Safety Summit will provide the latest input from some of the leading experts of the federal government, the cybersecurity industry, and universities to define threats and preventive controls.  

Marcus Sachs, Deputy Director for Research at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, will provide a real world characterization on the cyber threat for the U.S. and its relevance to the food industry. Food and agriculture are critical infrastructures and are responsible not only for the food supply, but also for the production and distribution of non-food farm products such as fiber, oils, and services such as watershed protection, as well as the production of animal feed.  Both sectors have consolidated over the past two decades. The food chain is highly complex and must therefore continually guard against cascading effects, which can cause disruptions to cross interlocking support critical infrastructures, such as the power grid and water/sewage. In this way, a cyber-event can rapidly become a power grid event, which in turn rapidly becomes a food systems and water event — all at the speed of electrons across the cyber web.

As the food and sgriculture sectors become more digitally connected and automated, new sources and types of evolving threats are sure to occur.  Our nation’s adversaries are increasingly more sophisticated. Of particular concern are the kinds of threats that can be brought to bear by malevolent actors, below the threshold of actual warfare. Food and agriculture sectors need to become both more vigilant and self-reliant. Recent ransomware and other types of cyberattacks have made clear that our nation’s adversaries consider the food and agriculture sectors as a target of opportunity for exploitation. Food safety, food defense and cyber security are now inextricably intertwined and will have to be dealt with comprehensively through robust planning and resilient operations.  In this way our food supply can continue to remain the safest, most diverse, and abundant food supply possible.

Joshua Corman, former Chief Strategist for the CISA COVID Task Force, Cybersecurity, and Infrastructure Security Agency (CISA) Department of Homeland Security, will address “Cybersecurity and the risk it presents to the food industry, especially regarding food safety.” During the past 18 months, we’ve seen successful hacking compromises of: the water we drink, the food we put on our tables, the oil and gas that fuels our cars and our homes and the timely availability of patient care — during a pandemic.  He will review recent cybersecurity exposures and compromises to the sector — including food safety, supply chains, agri-tech, manufacturing, water, and other critical dependencies to the nation’s food supply. We will also discuss some recent and upcoming legislation, regulations, and standards — so that this community is best prepared to understand and integrate some uncomfortable truths. Since so many in this sector are “Target Rich; Cyber Poor,” he will also outline the free and/or tax-payer-funded services and publications regarding pragmatic starting points — to meet you wher you are and help you to identify and buy down risk.

Dr. John Spink, Director and Assistant Professor at Michigan State University, will provide an overview of the cybersecurity threat and current ISO 22000 standards. In 2018 the ISO 22000 standard was updated to acknowledge “external issues” including “cybersecurity and food fraud.” But what is cybersecurity?  Why is cybersecurity included in the same concept as food fraud? Do they intend to present two separate topics of cybersecurity and food fraud or both together in cybersecurity and food fraud? Does it matter? The ISO 22000 direction builds upon ISO 28000 Supply Chain Security, ISO 27000 Information Security and the specifically ISO 27032 Cybersecurity.  

Craig Henry, Food Safety Consultant for Intro Inc., will moderate the two-part workshop on May 10 at the Food Safety Summit taking place at the Donald E. Stephens Convention Center in Rosemont, IL. The first part of the workshop is set for 12:30 p.m. – 2:30 p.m. with presentations from the various speakers.  The second part of the session is set for 3 p.m. – 5 p.m. with a question and answer session with the full panel of cybersecurity experts.  For more information, visit www.foodsafetysummit.com.