November 2022
· 4 min read
Anyone looking for an expert in the world of information security as it relates to the food and agriculture industry might want to beat a path to John Hoffman’s door. His official title is Senior Research Fellow at the Food Protection and Defense Institute (FPDI) at the University of Minnesota, which means that he works with a lot of top-level information security people in this sector. But he makes it a priority to ensure that the small farmers and food firms also get the help they need.
“We have been at the forefront of food defense research and development of strategies and tools to aid our nation’s food supply owners and operators to protect their operations,” Hoffman says. “We have also focused on assisting the private sector to reduce risks from cybercrime. FPDI currently works with all the federal food and agriculture sector agencies, as well as the Department of Homeland Security, the Department of Defense and private industry firms.”
Food and agriculture tend to operate quietly and away from big news stories and splashy headlines. That changed dramatically in May 2021, when meatpacking giant JBS suffered a serious ransomware attack. “The attack was a wake-up call for many,” Hoffman recalls. “But it should not have been. There have been high-impact attacks for more than a decade. We began to see cyber intrusions in food processing networks about two decades ago.
“But these quickly shifted to intrusions intended to find and steal intellectual property from these firms, such as recipes, vendor and customer lists, and employee information,” Hoffman adds. “These were potentially far more damaging than simple ransomware attacks, and they became quite common by 2005. I and others within DHS and the other agencies in the food and agriculture sector began to raise the alarm about the level of such attacks more than 15 years ago.”
After the JBS attack, stories appeared prominently on news networks and business websites. The industry was getting publicity, but not the kind it wanted. And Hoffman would like to remind us that not every successful ransomware attack hits a big company with deep pockets, like JBS. Some attacks target smaller, family-run enterprises. When that happens, there can be a serious human cost; sometimes families lose their businesses and livelihoods. But this doesn’t have to be the case.
He offers a hopeful message for those more vulnerable operators: There are effective solutions available to address the challenge of ransomware attacks. And they can often be implemented with little or no cost, which solves a critical issue for the smaller, family-run food and agriculture firms. These solutions fall into technical, physical and educational areas.
Technical
Physical
Educational
John Hoffman works with many upper-echelon people as part of his position at the Food Protection and Defense Institute, but he never forgets the small farmers, food processors and wholesalers who are important to his constituency. He would like us to remember them as well, because they put quality, affordable food on our tables, and they do it quietly and efficiently every single day.