When we featured cybersecurity as a cover story in April, one expert thought a significant chink in the food & beverage industry’s armor was the lack of its own Information Sharing and Analysis Center (ISAC) within the government’s Cybersecurity and Infrastructure Security Agency (CISA). That vulnerability has been patched.
On May 24, CISA quietly created an ISAC just for food and agriculture. Originally, food & ag was a Special Interest Group within CISA’s IT-ISAC, the general manufacturing group. Representatives at the time said that was good enough, that food & ag was sufficiently represented and in the loop. But some members disagreed.
The founding board members of the food & ag ISAC are Bunge, Cargill, Conagra, Corteva, PepsiCo and Tyson. An ISAC tracks cybersecurity threats within its industry category and shares that information industry-wide, although with focus on its own industry.
“The IT-ISAC originally established the Food and Agriculture Special Interest Group in 2013 to help what was then a small number of member companies in the industry protect their enterprise,” the CISA website explains. [Now] “We will continue as the Food and Ag-ISAC, recognizing the growth of the community, the capabilities developed and the members' commitment to securing not only their enterprise but the sector as a whole.”
Food and agriculture together are certainly one of the most critical national assets to protect from cyberattack. Despite a problematic 2021, when there were at least four published reports of cyberattacks on food & beverage companies (Arizona Beverage, Molson Coors, JBS, Schreiber Foods), nearly all of 2022 passed until Maple Leaf Foods was hit in November. Dole was hacked this February.
In all the cases, the attackers wanted ransom to unlock computer systems or not to publicize sensitive company information. But observers worry that a nastier and more sophisticated attack could have as its goals the poisoning of consumers, explosions within a plant or destruction of a crop.
“The food and agriculture sector relies on information technology to feed the world, from precision farming to supply chain management and modern production processing, transportation, and logistics,” said Paul Hershberger, cyber command center lead of Cargill and a founding board member of the Food and Ag-ISAC.
“Maintaining a close relationship between the Food and Ag ISAC and the IT-ISAC enables critical collaboration between the food, agriculture and technology industries to manage cybersecurity risk across the value chain,” he continued.