Posts

Cyber Security; the Threat is Real but Manageable

I got my socks scared off me. It is really not surprising, because I was at a Food Defense workshop, by the way at my alma mater, the University of Minnesota. The day started out predictably and smoothly. In the afternoon things turned dark, when John Hoffman of the Food Protection and Defense Institute spoke about the challenge of cyber security in the food industry.

If you work in the food industry, think of every device you have that is connected to your company network and then every access point to the internet. There are hackers out there who can get in to your data, and they will, if you do not actively monitor and stop them. If you work for a large corporation, there is a hacker out there right now trying to get in to your system. The hacker may be hired by your competitor or a foreign government. They are not phishing; it is targeted hacking. Scared yet?

Let’s think about our devices. At every step from Receiving to Shipping there are electronic devices to document data and store information. Think of supplier information, warehousing records, lab data, batching, packaging codes. Can you access that data from anywhere on the network? Can you monitor data from home? If you can get on the network, so can a hacker. If I have your email address, can I guess the email address of the President or CEO? I actually did that once. It was easy. A colleague of mine had a new job, and I didn’t have his new email address yet. I looked on the website of the company to find email addresses of others and guessed his email. Easy.

Where do you have a security camera? Is the recording separate, so that no one can hack in? I don’t normally watch spy movies, but I have seen by-passing of security cameras in enough movies to know it is not a unique concept. One of my favorite movies, National Treasure, uses the override of a security camera to steal the Declaration of Independence.

Where is the electronic image stored? Who has access to not only the folder but the network where it is stored? Really think through how security cameras are used for recording images, monitoring of the data, storage of the data, and how are you going to be certain it is not hacked. You must have continuous monitoring for intrusion of the data.

Luckily, my colleague at ConnectFood, Chris Metz, ConnectFood’s CTO, had recently warned me to remain diligent on using a unique password for every account and using systems like LastPass to manage it. Also, one of the biggest mistakes companies make is the misconception that just because their files and trade secrets are on their local drives, they are safer than in cloud storage because they seem more tangible. This is unfortunately not true as many companies do not properly invest in proper encryption and firewalls to keep hackers or ‘backdoor’ viruses from accessing their files and are not able to detect an intrusion since they don’t have monitoring in place. Even though hacks of larger storage providers make the news in a more sensational way, the hacks of smaller systems of everyday companies happen far more frequently and rarely if ever get reported. Using 3rd party cloud storage providers for the majority of companies is still by far the best option to protect their data because of the large investments made by those providers in several tiers of security and intrusion detection. Armed with this mindset, I came to the food defense/Intentional Adulteration (IA) workshop in Minneapolis.

Matt Botos, ConnectFood CEO, developed a food defense program after 911 while Director of the Illinois Center for Food Safety and Technology. There was no government mandate then- just the need to protect the food supply. Now we have FSMA. The Intentional Adulteration rule is the seventh rule under FSMA to be enforced. Luckily, industry has time as enforcement dates start to roll out in 2019. Then, FDA intends to tack on an Intentional Adulteration inspection quick-check to a food safety plan audit and inspection. It will be years after 2019 and with appropriate funding before full Intentional Adulteration inspections will be done.

Watch this blog for more information. And as always, contact the folks at ConnectFood with your questions and food defense issues.

Dr. Kathy Knutson has food safety expertise in microbiology, hazard analysis, and risk assessment. As a recovering academic, she resides in Green Bay home-of-the-Packers, Wisconsin with her brilliant husband and two handsome sons. Learn more about her consulting services at https://www.linkedin.com/in/kathyknutsonphd.