NSF Logo
Contact us

Agriculture and Food Manufacturing Sectors: Make Cybersecurity a Top Concern

John Hoffman from the FPDI shares how small farms and food processing firms can implement cybersecurity solutions at little or no cost.

Anyone looking for an expert in the world of information security as it relates to the food and agriculture industry might want to beat a path to John Hoffman’s door. His official title is Senior Research Fellow at the Food Protection and Defense Institute (FPDI) at the University of Minnesota, which means that he works with a lot of top-level information security people in this sector. But he makes it a priority to ensure that the small farmers and food firms also get the help they need.

“We have been at the forefront of food defense research and development of strategies and tools to aid our nation’s food supply owners and operators to protect their operations,” Hoffman says. “We have also focused on assisting the private sector to reduce risks from cybercrime. FPDI currently works with all the federal food and agriculture sector agencies, as well as the Department of Homeland Security, the Department of Defense and private industry firms.”

Food and agriculture tend to operate quietly and away from big news stories and splashy headlines. That changed dramatically in May 2021, when meatpacking giant JBS suffered a serious ransomware attack. “The attack was a wake-up call for many,” Hoffman recalls. “But it should not have been. There have been high-impact attacks for more than a decade. We began to see cyber intrusions in food processing networks about two decades ago.

“But these quickly shifted to intrusions intended to find and steal intellectual property from these firms, such as recipes, vendor and customer lists, and employee information,” Hoffman adds. “These were potentially far more damaging than simple ransomware attacks, and they became quite common by 2005. I and others within DHS and the other agencies in the food and agriculture sector began to raise the alarm about the level of such attacks more than 15 years ago.”

After the JBS attack, stories appeared prominently on news networks and business websites. The industry was getting publicity, but not the kind it wanted. And Hoffman would like to remind us that not every successful ransomware attack hits a big company with deep pockets, like JBS. Some attacks target smaller, family-run enterprises. When that happens, there can be a serious human cost; sometimes families lose their businesses and livelihoods. But this doesn’t have to be the case.

He offers a hopeful message for those more vulnerable operators: There are effective solutions available to address the challenge of ransomware attacks. And they can often be implemented with little or no cost, which solves a critical issue for the smaller, family-run food and agriculture firms. These solutions fall into technical, physical and educational areas.

Technical

  • Keep an inventory of information technology (IT) and operational technology (OT) systems.
  • Create and maintain separate, isolated backups for all your data and frequent server images.
  • Maintain active, real-time intrusion monitoring on all networks and gateways into your systems.
  • Ensure that all operating systems (OS), applications, firewalls, anti-malware and anti-virus software are secure and current.
  • Do the same for all intrusion detection, routers and hardware across all networks, both OT and IT.
  • If there are outdated but critical legacy devices and systems, isolate them from other networks.
  • Properly maintain and update your networks, hardware, applications and operating system.
  • Implement applications that monitor and record/report user IDs that access all critical systems.
  • Maintain a technical systems plan for responding to and isolating a cyber intrusion.

Physical

  • Isolate critical systems from the internet, including OT and legacy systems that are not easily upgraded.
  • Always make sure to isolate and secure your backup location, wherever that location might be.
  • Never allow company employees to connect any external devices to any of your network systems.
  • Always ensure that all connections with customers and suppliers are made by using a secure VPN.
  • Make sure that all suppliers and customers acknowledge and comply with your security standards.
  • Implement a policy that uses physical devices and two or three-factor access for all network entry.
  • Have a company-wide policy that limits network access on a need-to-know basis only.
  • Update or replace legacy cyber or network-controlled devices, applications and operating systems.
  • Have a plan that isolates systems from the web, so all production systems can remain functional.
  • Have manual workaround plans that enable critical functions to continue despite a cyberattack.

Educational

  • Conduct ongoing cyber hygiene training for all employees across every level within the company.
  • Make sure to update training and operational standard operating procedures continuously.
  • Engage recommended third-party cybersecurity firms to assist in both training and system monitoring.
  • Conduct weekly cyber risk reviews and cyber event assessments as soon as practical after each event.
  • Have a plan that includes training for how you will eject an attacker from your system once detected.
  • What you do tomorrow will not prevent what may happen today, so have a plan for IT and OT security.

John Hoffman works with many upper-echelon people as part of his position at the Food Protection and Defense Institute, but he never forgets the small farmers, food processors and wholesalers who are important to his constituency. He would like us to remember them as well, because they put quality, affordable food on our tables, and they do it quietly and efficiently every single day.

Want to Learn More About Cybersecurity?

Contact us with questions or to receive a quote.

Related Posts

Foodstuffs: How To Store and Heat Leftovers Safely

Do you know the secret ingredient to avoiding bacteria and foodborne illness in leftovers? Our experts offer tips for how to store and reheat leftovers safely.
Read More

Kitchen Cleaning 101: Your Ultimate Guide to Optimum Kitchen Cleaning

Cleaning up? Do you know which areas and appliances are the germiest in your kitchen? Our NSF experts share tips for keeping your kitchen running smoothly and safely.
Read More

Keeping a Clean Home, Especially When You Share It With Your Pet

Feel like you’re always on pet patrol, trying to keep your home clean and safe for yourself and your furry friends? NSF experts share helpful tips.
Read More

loMT: Utilize Internal Information Security Expertise to Combat Cyber Risks

The goal is to ensure that patient data is kept in the right place, with the right encryption level and protected behind the right systems.
Read More

How NSF Can Help You

Get in touch to find out how we can help you and your business thrive.

What’s New with NSF

Michigan’s “Filter First” Law: A Guide for Schools and Childcare Centers
April 23, 2024
To ensure quality, Michigan's K-12 schools and childcare centers must guarantee the installation of certified drinking water filters.
Read the Story
Healthy People Living on a Healthy Planet: The Future We’re Working For
April 4, 2024
On April 7, NSF honors World Health Day as a celebration that lies at the heart of our public health mission and honors our status as a World Health Organization Collaborating Centre.
Read the Story
American Meat and Egg Distributors Now California-Ready with NSF’s Prop 12 Certification
April 3, 2024
A trusted name in the industry, NSF’s services will enable distributors in meeting regulatory requirements and consumer demands for quality meat and eggs.
Read the Story
2024 GFSI Conference - Meeting the Needs of our Evolving World
March 20, 2024
NSF is proud to announce our sponsorship of the GFSI Conference, an annual event dedicated to advancing food safety and consumer trust.
Read the Story