Hunger Pains: Food Security, Cybersecurity, and the Need to Better Protect the Supply Chain

Hunger Pains: Food Security, Cybersecurity, and the Need to Better Protect the Supply Chain

Genocides, terrorist attacks, military aggression, and cyber-attacks; these are dimensions of national security issues, problems that relate to the internal security of a nation-state and “are directly concerned with the foreign relations of the United States, or protection of the Nation” from such activities. Though conventional national security frameworks focus on rigid security threats, such as terrorism and militarism, an emergency “human security” framework has garnered new attention. Human security encompasses threats to humanity that could eventually result in hardline security concerns (e.g., environmental disasters, political instability, etc.).

Though regarded as a humanitarian concern, food security also lies within the human security framework. As climate change threatens farming livelihoods and famine is increasingly used as a weapon of war, food security has become a pressing issue on the global scale.

Food Security in 2022

Food security is a sorely misunderstood, yet very pressing, issue. According to the International Food Policy Research Institute (an international agricultural research non-profit), food security is “when all people, at all times, have physical and economic access to sufficient safe and nutritious food that meets their dietary needs and food preferences for an active and healthy life.”

The definition contains four separate dimensions which further clarify food security and its’ relation to global security. According to The World Bank, these dimensions are the “Physical availability of food,” the “economic and physical access to food,” the “utilization of food in having good nutrition and sufficient energy,” and the “stability of the other three dimensions over time” with instability coming from “adverse weather conditions, political instability, or … unemployment, rising food prices”.

For food security to be effective and truly realized, all these four objectives must be simultaneously worked on and accomplished. In today’s global society, over 800 million people are affected by food insecurity and face hunger daily. Moreover, evidence shows that “growth in the agriculture sector … [is] at least twice as effective in reducing poverty as growth in other sectors”; with the global population expected to grow almost 30% by 2050, food security is of larger importance than many may realize or recognize.

In July of 2022, five months after Russia’s invasion, eleven researchers from universities across

Europe and Western Asia published a study of the war’s effects upon the global food supply chain. The research confirmed what many had already theorized and hypothesized: the war poses threats to global food supply chains via six primary channels. These channels include food production; processing and storage; transportation logistics; market/retail; consumption; food dependent services; and food quality.

Russian and Ukrainian shares in the global cereals (wheat, corn, and coarse grains) and global sunflower seed and oil exports trade were 19.1% and 72% respectively. The destruction of Ukraine’s agricultural infrastructure is alarming.

Additionally, Russia is a major exporter of fertilizer. Russia exports 20% of global nitrogen and 10% of phosphate, which is used in low-income countries in Africa to incentivize higher agricultural production. Ukraine’s export of cereals between 2016 and 2021 was worth almost $12 billion and extend throughout the globe, including to many food-insecure nations: for instance, its exports reached 30% in the Asia-Pacific region, 34% in Africa, and a collective 28% in Northeast and South Asia.

Ukraine is rich in “prime agricultural land that produces a major share of the world’s wheat, as well as its corn, barley, rye, sunflower oil, and potatoes.” Thus, the ongoing armed conflict in Ukraine directly affects countries across the globe, many of which are already food insecure. The realms of this conflict extend beyond the borders of Russia and Ukraine; the conflict has globalized food insecurity.

The Food Supply Chain and Cybersecurity

Cyber-attacks also pose a growing threat to food security. These cyber-attacks, conducted by foreign intelligence entities (FIEs) or nefarious non-state actors, could negatively affect the supply chain for food systems in the United States and elsewhere.

The role of cybercriminals and FIEs in the food supply chain is an understudied realm. However, a string of recent cyber-attacks on food supply chain actors emphasizes the growing need to protect these actors.

In June of 2021, JBS S.A., the large meat processing company in the world, fell victim to a “cybersecurity attack” that ultimately impacted its North American and Australian IT systems. JBS was forced to temporarily shutter its American and Australian beef plants until the plants’ IT systems were restored. In the immediate aftermath, an internal and U.S. investigation found that REvil, a Russian gang, was the culprit of the attack. REvil deliberately targeted the agricultural sector and was arguably successful as JBS eventually paid the hackers $8 million USD in Bitcoin to end the cyberattack.”

Since the JBS attack, there have been at least 10 publicized cyber-attacks against multi-state grain processing, milling, and agricultural services.

Not only have criminal threats come from cybercriminals, but also from politically-motivated groups. According to Jennifer Shike, an editor with Pork, agro-terrorism is “a tactic that can be used to either generate or cause mass socio-economic disruption or as a form of direct human aggression [sometimes being] the deliberate introduction of a disease agent against livestock or into the food chain”. While agro-terrorism is of concern to the business community and food industry, more recent historical and contemporary analysis uncovers that no agro-terrorism event “will ever truly destroy the entire U.S. food supply” yet “shortages may occur … [because] the food system’s [diversity in the US] … make[s] it resistant to total failure.”

In 2021, the U.S. Department of Justice issued a Private Industry Notice and advised private food and agriculture industries to increase their cybersecurity protections. The Federal Bureau of Investigation (FBI) reiterated this in May of 2022.

In February 2022, the U.S. Department of Agriculture (USDA) released the results of a year-long study on the Agri-Food supply chain system in the United States. The report found that the weakest links in the food and agricultural industry supply chain “occur at chokepoints in food production, manufacturing, and distribution” while the second most prominent vulnerability comes from a “concentration in agri-food supply chains can arise from the market power exercised by firms controlling large shares of production, processing or distribution capacity.”

Terror groups and FIEs looking to exploit the food industry would be sure to exploit its weakest choke points. These choke points are typically located along the supply chain, especially within cyber systems.

Cybersecurity is the largest weakness within agricultural industries and mandates better protection. Foreign intelligence groups and terrorist groups alike could substantially halt American agricultural productivity via cyberattacks. Such attacks thus further American infrastructure and food security.

Recommendations to Better Protect the Food Supply

Industry experts have advocated the U.S. to designate food security and insecurity as a national security issue. In late November of 2022, the United States government finally took advanced, measured action via the National Security Memorandum 16 (NSM-16), which intends to “strengthen the security and resilience of United States food and agriculture”. The Memorandum aims to prioritize resources to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk” by increasing the level of cooperation among federal actors and mandating comprehensive and repeat security and risk assessments on the food industry. From a policy perspective, this is a soft start, but continued action will ultimately focus cyber protection efforts on the agricultural and food processing industries.

Likewise, the private sector must also work to protect enterprises. Samir Ibrahim, the CEO of SunCulture, an IT consulting firm that addresses climate change and food security issues, discussed how individuals and private companies themselves can work to better secure their own systems and protect them from intrusion. Among his many recommendations, Ibrahim’s primary recommendation is for “large companies [to audit] their supply chains for meals or other food they offer employees” and ensure that such supply chains “support sources that invest in long-term and sustainable farming solutions.” Ibrahim also pushes private citizens to consider food security when discussing, advocating, or debating national security issues as this would help policymakers and private businesses take note of food security.

While Ibrahim’s recommendations are helpful, they are rather too simplistic. The NSF, a public health organization, on the other hand, has a series of recommendations that are more comprehensive and all-encompassing. They advocate that private companies learn that the “interconnectedness of supply chains gives attackers the advantage of a single entry point to infiltrate the entire system.” They also argue that the private industry has to recognize their own failings and weak spots and adapt to the cyberattacks while “increasing situational awareness about the issue and fully utilizing the latest guidelines prepared by federal agencies and industry interest groups.”

Conclusion

To halt cybercrime and foreign intrusion within the food supply chain system, the protection of cyber systems and supply chain systems must be protected. Cybersecurity is among the weakest points within the food supply chain, and is easily penetrable by nefarious actors.

Simple recommendations include increased cybersecurity within private industries, broadening the national security context, and legislating increased cyber protections. Even more beneficial, the federal government and agricultural industries could increase cooperation in monitoring cyber threats. Facilitating communication between companies and federal agencies would benefit the food industry and help the industry better understand growing supply chain threats. Many executives of large companies that focus on food distribution may not be up to date or may not have access to accurate information about the issue.

Government officials can provide intelligence and strategic suggestions to companies, which will ultimately protect the food supply chain and ensure global food security.

---