Updated News Around the World

The Dangerous Weak Link in the US Food Chain

Just-in-time logistics mean that even short-term cyberattacks can have serious consequencesHacks that disrupt fertilizer or pesticide production can force farmers to sit out planting seasons. Breaches at meat-packing plants can cause destabilizing supply shortages. Tampering at a food processing firm can lead to deadly contamination. Already, ransomware attacks that have forced companies to shut down operations for a week have left schools without milk, juice, and eggs, according to Sachs.

“A major disruption in this sector leads to immediate public health and safety issues,” says Mark Montgomery, who served as executive director of the Cyberspace Solarium Commission.

Despite being increasingly vulnerable, Sachs says, the food and agriculture sector still “doesn’t really understand the threat mindset” as well as higher-profile sectors, like financial services and energy, do.

Critical Businesses, Limited Support

Today, food and agriculture is one of four critical infrastructure sectors (out of 16) without an ISAC, along with dams, government facilities, and nuclear reactors and materials.

The food and agriculture sector was one of the first to launch such a center, in 2002, but it disbanded in 2008 because few companies were sharing information through it. Members were afraid that such openness jeopardized their competitive advantages and exposed them to regulatory action. Now, Sachs says, businesses worry that exchanging information with each other could prompt antitrust lawsuits, even though such collaboration is legal.

Some companies participate in a Food and Agriculture Special Interest Group (SIG) housed inside the IT-ISAC, which gives them access to data and analysis from some of the world’s biggest tech companies, as well as resources like playbooks for confronting specific hacker groups.

“Our work with the industry has really expanded over the last three years or so,” says IT-ISAC executive director Scott Algeier. In that same time period, the IT-ISAC has recorded 300 ransomware attacks on the food and agriculture sector.

But the SIG’s offerings are limited, Sachs argues. It doesn’t hold regular large-scale exercises simulating attacks on food and agriculture firms, doesn’t staff a 24/7 watch center that constantly monitors these firms’ infrastructure (along with related events like severe weather and supply chain disruptions), and can’t automatically generate insights and alerts by comparing classified government intelligence with data from sensors inside that infrastructure. “I appreciate everything Scott is doing over there,” Sachs says. “It’s a very good thing. But it’s not an ISAC.”

Algeier says the IT-ISAC has hosted exercises focused on the food and agriculture sector and that “members can reach out to us 24/7 if needed.”

But the sector needs its own ISAC that can “analyze the threat and provide a true operational assessment,” says Brian Harrell, a former assistant director for infrastructure security at the US Cybersecurity and Infrastructure Security Agency (CISA).

Pfluger says, “Plenty of folks I’ve spoken with think there needs to be a dedicated ISAC.”

Companies also need more support from the federal government.

The US Department of Agriculture, the industry’s sector risk management agency, is “significantly less effective” than other SRMAs, Montgomery says. The USDA doesn’t even have dedicated funding for its security support, which includes biannual sector-wide meetings, weekly threat bulletins, and occasional town halls.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.