I must admit that I don’t often think about the food supply when I think about cyber-attacks, but, according to this University of Minnesota news release, our food supply is vulnerable:
A new report by University of Minnesota researchers indicates cyberattacks pose a rising threat to food production and safety.
“Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing,” released today by the University’s Food Protection and Defense Institute (FPDI), illustrates the mounting cybersecurity risk facing the food industry and provides industry-specific guidance to keep operations safe and secure. The potential consequences of an attack on the industrial control systems used in the food industry include contaminated food that threatens public health, physical harm to workers, destroyed equipment, environmental damage, and massive financial losses for companies.
While cybersecurity is rarely recognized as a food safety issue, the systems companies use for processing and manufacturing food contain many vulnerabilities that experts believe will soon present a more appealing target for cyberattacks than industries that are more commonly affected by, and therefore better prepared for, such attacks.
Domestic attacks are likely to come from juveniles looking for attention and prestige, but those should be relatively minor compared to national adversaries and terrorist organizations.
The cited white paper suggests that the usual suspects, such as poor passwords, hard-coded passwords, and computers no longer up to the increasing processing requirements of today’s security regimes, are joined by less usual attacks:
The case of co-bots, which are robots designed to work alongside human workers, instead of in a physically secured area away from humans, is especially worrisome. A malicious actor exploiting a co-bot’s vulnerabilities could cause grave harm to the workers alongside it. In addition, mobile apps, which are becoming increasingly popular tools for monitoring and managing ICSs [industrial control systems], have become another source of vulnerabilities. For example, a recent study identified nearly 150 vulnerabilities in thirty-four SCADA [Supervisory Control and Data Acquisition] Android apps that could be exploited to cause damage.
I wonder how much longer it’ll be before we hear of a substantive attack. Does anyone ever weigh the advantages of computerized systems against the damage that can by caused by malicious actors gaining access to them? Sometimes, as a software engineer, I wonder if we’ve come to rely on them too much.