Why Information Sharing Is Critical for Food Companies to Combat Cyber Attacks

Today’s Food and Ag-ISAC is starting with sensibilities already in place from the previous version. We have a strong core of member companies who are significant industry players and are adopting it, and they’ve already been engaging with each other for over a decade. Some of those growing pains the first ISAC had, like trying to build trust with members and trying to build capabilities to help them, I think we’ve overcome those. Today, we already have capabilities, we already have trust, and we already have analysis. We’re not starting from scratch, we’re building off of a solid foundation.

PFW: Let’s say one of today’s member companies experiences a cyberattack. How does the Food and Ag-ISAC become involved?

ALGEIER: The model that we have is food companies will be the primary responders to the incidents. They’re the ones who are responsible for identifying the incident and managing containment during the incident response, but [with Food and Ag-ISAC] they have a community of analysts within the industry that help them. They have various methods through setting up meetings, secure checks, email listservs, regularly scheduled meetings, contacting the operations team, and contacting companies individually that they’ve been working with through the ISAC. They can communicate with each other: “We’re seeing this. We’re not sure what it is. Is this familiar to you? Have you seen this before?”

We also have adversary attack playbooks on multiple threat actors they can consult, and we have ransomware trackers they can view. If a company is victimized from a ransomware campaign, we have a tracker that can help them identify indicators within our intelligence management platform that correlates to other incidents. We also think that by sharing this information ahead of incidents that it increases the chance companies will be able to manage these risks. And if they do become a victim, they’ll be able to recover more quickly because of the total capabilities we offer them.

PFW: Generally speaking, why would a food company be targeted for a cyberattack?

ALGEIER: I think different actors have different motives. Why would they attack an oil and gas company or a health care company? Some cybercriminals are looking for money, and some nation/state actors are looking for intellectual property. Of course, there’s always the possibility that critical infrastructure can be targeted by a nation/state for disruption.

See how cyberattacks are impacting the food manufacturing industry post-pandemic.

I think the food and agriculture industry is like most other critical infrastructure sectors, which is you have larger enterprises with more resources that are generally better able to defend themselves than the smaller enterprises with fewer resources. And one of the goals that we have within our Food and Ag-ISAC is to help increase the security level of those smaller enterprises, so we can drive secure practices back to them and they can elevate their defenses and improve their mitigation and incident response.

PFW: Does each Food and Ag-ISAC company monitor their cybersecurity using their own equipment, or is there some level of standardization of tools to make it easier for members to communicate with each other?

ALGEIER: Not everyone is using the same equipment and not everyone uses equipment in the same way. They have their own risk management plans, they deploy"The food and agriculture industry is like most other critical infrastructure sectors...you have larger enterprises with more resources that are generally better able to defend themselves than the smaller enterprises with fewer resources," says Scott Algeier, executive director, IT-ISAC.IT-ISAC tools, technologies, and response plans. They make their own security investments based on what they think is right for their company.

We do provide a toolset they can plug into and we have our intelligence management platform they can plug their security tools into so they can get the indicators that we’re seeing and uploading that other member companies are seeing. And then through this platform, companies will be able to pull those indicators from the platform into their security tools. So, there is a common technology that we all leverage through the IT-ISAC for indicator sharing. But once you get into the enterprises, the companies make their own investments on security and technology tools they deploy internally.

PFW: Are there plans to have a Food and Ag-ISAC annual meeting for member companies to check in with each other in person?

ALGEIER: We’re working towards annual meetings, but we currently have virtual meetings every other week where the analysts from the member companies come together to talk about what new threats they’re seeing, what they’re monitoring, what potential vulnerabilities have announced, how that’s impacting them, and how they’re mitigating them. We also have other ways our members communicate between meetings like secure chat listservs.

PFW: Was there anything you wanted to add or something we missed?

ALGEIER: We’re really excited about the great feedback we’ve received and the support we have from the industry, our policymakers, transportation partners, and the food and agriculture industry, who really are supportive of the Food and Ag-ISAC mission and our common desire to defend this critical infrastructure. We look forward to working together to protect each other and the industry as a whole. I think it’s an exciting time for the industry, and it’s great they now have an industry lead forum to help manage risk.