The food and agriculture sector is in the cross-hairs of international cyber adversaries just like every other critical infrastructure, according to Auburn University professor Robert Norton, who is urging agri-businesses of all sizes to “empower yourself” through information sharing, workforce training and other steps.
“The food supply is a target of adversaries,” said Norton, who has written extensively on the food supply chain, including the possibility that it could be targeted in a conflict with China. “Many of the problems are the same across critical infrastructure,” he said, citing intellectual property and identity theft, hacktivism, social media weaponization and, “increasingly, intelligence gathering … that can be used in cyber warfare.”
Alterations in food production processes could cause system disruptions or the addition of the wrong ingredients to products, with potentially dire consequences, Norton warned.
Robert Norton, Director of the Futures Laboratory, Auburn University
He discussed how the food and agriculture sector is adapting to growing cybersecurity challenges with Scott Algeier of the Information and Technology Information Sharing and Analysis Center on the IT-ISAC's latest “Firewall Chats” podcast.
Norton is director of the Futures Laboratory collaboration involving Auburn University, Auburn University at Montgomery, and Air University at Maxwell Air Force Base. He is also coordinator of “National Security Initiatives” in the Auburn University Open Source Intelligence Laboratory and works closely with Auburn's McCrary Institute for Cyber and Critical Infrastructure Security led by Frank Cilluffo.
“The McCrary Institute is trying to look beyond the horizon [at how] critical infrastructures touch each other -- and agriculture is critical infrastructure,” Norton said, adding that Auburn is increasing its research in this area.
According to Norton, “Eighty percent of the threats affecting corporate America” are cyber-related, and focusing on cybersecurity to “protect the bottom line” and “maximize return on investment” is as important in food and agriculture as any other sector.
But Norton suggested that many organizations -- of different sizes and budgets -- “have far more ability to empower themselves than they realize” when it comes to improving their cybersecurity posture. He called for working with professional organizations including ISACs to make systems more resilient and to train staff.
“Develop your corporation's intelligence capabilities, both internally and externally,” Norton urged, which can involve training workers on “what to look for” on a company's systems as well as working with ISACs, for example.
“I am an advocate for ISACs,” Norton said. “I tell corporations that ISACs are really your first go-to experts.” In addition to sharing threat indicators, ISACs “also serve as an advisory body” for their members, he said.
The key, he said, is to get usable information on which to base business and security decisions.
“The threat matrix is too big” and even large organizations struggle with making sense of the volume of cyber threat information, he said. Therefore, he urged, become involved with organizations that gather, analyze and synthesize data to make it useful.
“Information sharing is critical [and] must be a two-way street” that allows for anonymized sharing of threat indicators, Norton said, while noting that ISACs can serve entities as their “24/7 eyes on” the cyber threat environment. -- Charlie Mitchell (firstname.lastname@example.org)