The digital implications of supply chains

Jump to Section

Benefits of digital supply chains | Facts and statistics on digital trust | Impact of cybersecurity issues on living supply chains | The FBI warns of cyber and ransomware attacks | Cybersecurity threats in food supply chain | How to prepare for cyber-attacks and related supply chain disruptions? | Standards and mitigation strategies | Managing information and cybersecurity: A culture issue, not just a tech issue | Conclusion

In today’s interconnected world, digital transformation has revolutionized supply chains, offering benefits such as enhanced integration, traceability, streamlined workflows, reduced costs, and improved transparency. However, this digital evolution also exposes supply chains to unprecedented cyber threats. This article explores the intricate balance between digital advancement and cybersecurity in supply chains, focusing particularly on the food industry.

Benefits of digital supply chains

Digitalization has transformed supply chain operations across industries, including food and retail. The seamless integration of systems facilitates real-time data sharing, optimizing inventory management and production planning. Enhanced traceability ensures visibility from farm to fork, which is crucial for maintaining food safety standards and regulatory compliance. Moreover, digital workflows reduce operational costs and enhance supply chain resilience by enabling agile responses to market dynamics.

Impact of cybersecurity issues on living supply chains

Cybersecurity issues can have severe consequences for living supply chains, such as food products, which are either living, and therefore perishable, or temperature, moisture, and storage-sensitive meaning they are more vulnerable. For example:

• Animal welfare and biosecurity: Disruptions can affect the transport or holding of animals, such as cattle, poultry, and live seafood, during transit.  
• Food safety: Issues like temperature control, moisture, pests, and storage conditions can arise when supply chains are suspended, exposing products to potential hazards.
• Perishable products: Items such as vegetables and temperature-sensitive goods can deteriorate quickly when supply chains are disrupted.

Let’s look at three food supply chain examples where cybersecurity issues can result in serious outcomes and impact our daily food products.

Example 1: Grain supply chain

What would a cyber disruption look like in a grain commodity supply chain where everyone is connected? Consider the impact if point 5 - silos, grain elevators, and bulk handlers – were taken out from the grain supply chain during harvest time (see figure 1)

If the silos and grain terminals are unable to receive the grain, farmers face significant challenges due to limited farm storage. Unharvested grain exposed to the environment can suffer from moisture, rain, aflatoxin contamination, quality deterioration, sprouting, pests, and reduced prices. Without grain, silos are immobilized, feed mills lack grain for livestock feed, impacting industries such as egg, poultry, and pork production. Flour mills run out of flour, leading to shortages in raw materials for daily bread, pasta, noodles, rice, and pastries.

Example 2: Poultry supply chain

What would a cyber disruption look like in a poultry supply chain where everyone is connected? In poultry supply chains, it takes around 42 days to fatten a chicken. What would happen if point 4 – the hatchery – were taken out from the poultry supply chain (see figure 2)?

If the hatchery were unable to function, there would be no day-old chickens to supply the growers. Without chickens, feed suppliers, meat processors, and retailers would be affected, leading to shortages and economic losses. Consumers would miss out on their favorite fried chicken treats from fast-food outlets. Targeting a poultry hatchery could disrupt feed production, breeding farms, processing facilities, and distribution networks, leading to potential shortages and economic losses.

Example 3: Dairy supply chain

What would a cyber disruption look like if point 5 - processing, bottling and distribution – were taken out in a dairy supply chain where everyone is connected (see figure 3)?

The FBI warns of cyber and ransomware attacks

The examples provided demonstrate that the food supply chain faces unique challenges, many of which are shared by other supply chains, from raw materials to finished products:

• The sector is heavily unregulated, making it an easy target
• Manufacturing is increasingly dependent on software
• Security attacks often arrive via social media
• Cyber-attacks can escalate into food safety incidents
• Everyone in the supply chain has a role to play
• Living and perishable supply chains (chilled and frozen) are particularly vulnerable
• Just-in-time delivery is critical—any disruption can cause chaos
• All entities are connected and dependent on the entire supply chain

The FBI has highlighted the risk of ransomware attacks on various agricultural sectors, including dairy and meat production facilities. Such attacks can quickly result in spoiled products and cascading effects throughout the supply chain.

You can read more about these warnings and incidents in the following articles:

• FBI Security Alert on Ag Cyberattacks
• FBI Puts Ag on Alert: Ransomware Attack Potentially Timed to Critical Seasons
• JBS Cyberattack
• CBS News: FBI's Ransomware Attacks Warning to Farmers
• Politico: How Ransomware Hackers Came for America’s Beef
• BBC: Science and Environment Report on Ag Cyberattacks

These incidents demonstrate the vulnerabilities of our supply chains and how interconnected we all are. The whole supply chain is impacted by these knock-on effects.

Cybersecurity threats in food supply chain

Despite the many advantages of digitizing supply chains, one unintended consequence is the increased vulnerability to cyberattacks. The food industry, heavily reliant on interconnected systems, faces significant risks that can disrupt operations and compromise food safety. Here are three real examples of cybersecurity threats within the food supply chain:

These examples demonstrate that whether it’s a data breach at a food distribution network, a malware incident at a food processing plant, or a phishing attack at a food retailer, cyberattacks can disrupt various points in the supply chain. Each disruption not only affects operational efficiency but also undermines consumer confidence in food safety, impacts profitability, and can result in data breaches and regulatory fines.

How to prepare for cyber-attacks and related supply chain disruptions?

While it is challenging and potentially misleading to claim specific preventative actions could have avoided past incidents, the following activities can help build safeguards and resilience in your system:

1. Implement cloud-based threat detection solutions, data backup, and response systems.
2. Conduct effective user training.
3. Perform penetration testing (mystery hacker).
4. Use Bitsight assessment to get a security score and benchmark your business.
5. Implement and specify ISO 27001, the international standard for information security management
6. Protect your supplier ecosystem by ensuring critical supplier facilities are audited and comply with regulations and best practice standards.
7. Foster a good cyber culture across the business.
8. Develop business continuity plans for supply disruptions.
9. Obtain cybersecurity and ransomware insurance.

Standards and mitigation strategies

Adhering to cybersecurity standards and frameworks like ISO 27001 is crucial for mitigating risks in digital supply chains and instills the discipline to do the right thing, embedding the necessary processes and culture.

In the food sector, cybersecurity is an essential part of food defense planning. With 50% of manufacturing processes run by software, facilities are vulnerable. The following standards and methods can enhance your digital security and that of your entire supply chain:

• PAS 96 – Defending food and drink from deliberate attack.
• TACCP – Threat assessment and critical control point.
• VACCP – Vulnerability assessment critical control point.
• US Food Safety Modernization Act – Intentional adulteration rule.
• ISO 22001 food safety management [integrating cyber/information/data security as a risk for the hazard analysis and critical control point (HACCP), TACCP, and VACCP study]
• Global food safety initiative (GFSI) food safety schemes such as FSCC 22000, brand reputation through compliance global standard (BRCGS), and safe quality food (SQF), all of which have provisions for cyber risk assessment.

It’s important to remember that employees cause over 95% of information security incidents. Therefore, establishing a strong cybersecurity culture is just as important as implementing IT security infrastructure. Training should include best practice such as:

1. Password control: Use strong, unique passwords, and password managers.
2. Phishing, malware, and ransomware awareness: Stay updated on phishing tactics and report suspicious emails.
3. domain spoofing and evil twin wi-fi: Verify website authenticity and avoid unsecured Wi-Fi.
4. Spear phishing and social media security: Recognize targeted phishing and avoid oversharing on social media.
5. Two-factor authentication (2FA): Implement 2FA for added security.
6. Regular software updates: Keep software and systems updated.
7. Data encryption: Encrypt sensitive data in transit and at rest.
8. Incident response training: Conduct regular drills for security incidents.
9. Physical security: Secure devices and workspaces.
10. Secure remote work practices: Use VPNs and secure communication tools.

Chief executive officer’s cyber priorities

• Elevate the chief information security officer (CISO) to a position of authority
• Understand the risks and set the tone and culture
• Invest in best practice controls and benchmarking

Chief financial officer’s cyber priorities

• Understand business risks and work with the CISO
• Recognize that financial and cybersecurity risks are symbiotic
• Be aware of general data protection regulation (GDPR) fines for breaches (EUR20 million or 4% of turnover)
• Develop contingency plans for ransomware issues.

Chief marketing officer’s cyber priorities

• Understand digital transformation and associated cyber risks.
• Embed cyber risk training with sales, marketing employees, and consider risk in social media, websites and community engagement.
• Foster a cyber-aware culture and collaborate with the CISO.

Chief operating officer’s cyber priorities

• Understand operational risks and work with the CISO.
• Embed a cyber-aware culture and good working habits into operations.
• Collaborate with C-level executives for best practice solutions.

Establishing robust cybersecurity frameworks and promoting a culture of cyber awareness are crucial steps in mitigating risks and safeguarding supply chain integrity.

Conclusion

This article’s focus on the food sector and supply chain is intentional due to its critical nature and significant connection to national security. The food sector’s fast-paced and high-risk supply chains offer valuable lessons transferable to other industries like toys, textiles, fast-moving consumer goods, healthcare, automotive, aerospace, and manufacturing. The author’s extensive experience across sectors highlights the universal applicability of robust cybersecurity practices.

As supply chains evolve with digital transformation, cybersecurity risks become paramount, especially in the food industry. Prioritizing cybersecurity awareness, stringent standards, and advanced technologies is essential for navigating digital supply chains and safeguarding against cyber threats.

Key points:

• Data, technology infrastructure, and information security are critical assets
• Cyber risk increases with the use of technology and IT platforms
• Cybercrime is constantly evolving
• All supply chain sectors are vulnerable to high-impact cyber threats
• Cybersecurity is an organizational issue, with over 95% of incidents caused by employee error
• Cybersecurity training is crucial for establishing awareness and culture
• Integrate cybersecurity into product quality and safety planning, such as food defense planning

Recommendations:

1. Comprehensive cybersecurity training: Educate employees on best practices and threat mitigation.
2. Advanced threat detection and response systems: Use cloud-based security solutions and proactive monitoring.
3. Penetration testing: Regularly test systems for vulnerabilities.
4. Bitsight assessment: Benchmark your business with a security score.
5. Adherence to standards and regulations: Implement frameworks like ISO 27001.
6. Collaborative partnerships: Share information with industry peers and experts.
7. Continuous improvement: Regularly update cybersecurity protocols.

By adopting these measures, businesses can enhance their cybersecurity resilience, mitigate cyber threats, and ensure the reliability of digital supply chains. Everyone in the supply chain must be vigilant and implement best practices and certifications, with ISO 27001 being a good starting point.

© The Hinrich Foundation. See our website Terms and conditions for our copyright and reprint policy. All statements of fact and the views, conclusions and recommendations expressed in this publication are the sole responsibility of the author(s).