As we explored in our last post, securing the food and beverage sector has become a rising priority. This is reflected in the business decisions being made by leading manufacturers. For example, Rocky Mountain Chocolate Factory, Inc., an international franchiser and manufacturer of gourmet chocolates, introduced a new position to its board committee. The position is focused on overseeing safety policies and performance issues, which includes cybersecurity. According to the company’s press release, this decision was made in order to enhance revenue growth and profitability. And this makes sense. By uplifting cybersecurity, a company is choosing to protect its systems and data, ultimately safeguarding the process that enables money to come in.
But addressing the critical role of cybersecurity in the food and beverage sector isn’t just unfolding in the United States. It has become an important mission abroad as well. Building on our interest in this topic, we focus this piece on the latest in food production cybersecurity across the globe.
Colombia’s Food and Drug Agency Hit by a Cyberattack
It was recently reported by The Record that Colombia’s National Food and Drug Surveillance Institute (INVIMA) experienced a disruptive cyberattack. In response, the organization has taken down its website and server connections so that it can thoroughly investigate the incident. In the meantime, INVIMA has put together other ways for products to be submitted for review.
Although the case presented above doesn’t consist of a manufacturing breach, it does demonstrate the growing reality that the sector at large has a target on its back throughout multiple regions of the world. This trend coincides with the broader cybersecurity issue that regulators are attempting to handle.
Regulators Expand Cybersecurity Legislations
In a more general ruling impacting manufacturers, the EU plans to release the EU Cyber Resilience Act, a regulation guide for the security of connected devices. Based on coverage appearing on IoT Business News, the commission states that the aim is to tackle “the low level of cybersecurity of many of these products and more importantly the fact that many manufacturers do not provide updates to address vulnerabilities.” If manufacturers of connected devices fail to meet the requirements set, they will face financial repercussions. Again, this isn’t solely centered around food and beverage manufacturers, but it is adjacent considering that as the industry transitions more and more to industry 4.0 settings, it increasingly relies on connected devices.
In Australia, however, legislators are taking a pointed approach to food and beverage security. Michael Murphy from Fortinet writes for Food & Drink Business, “As part of Australia’s critical infrastructure, food and beverage manufacturing is subject to federal security legislation that came into effect in April.” Because of the risk that an attack on this industry poses, the country has included it in the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act), which encourages operators to participate in risk management programs and follow incident reporting directions.
Other Steps for Protecting Food and Beverage Manufacturing
As cyberattacks on the industry continue to occur and international governing bodies seek out best ways to address this issue, there are other methods that operators can adopt in the meantime no matter their geographic location. Murphy offers three pillars to emphasize. The first is achieving “network visibility.” This foremost because it helps to educate on the vulnerabilities that exist. In turn, identifying where action is needed becomes clearer. The second is to “protect and control critical assets.” In doing so, manufacturers should reach out to allies that can share information on how to succeed at this task. Lastly is to “prioritize highly effective, non-intrusive techniques.” Essentially, this constitutes taking action that won’t hinder operations.
- “Rocky Mountain Chocolate Factory Issues Board Update to Stockholders” – Press Release, Yahoo Finance
- “Colombia National Food and Drug Surveillance Institute hit with cyberattack” – Jonathan Greig, The Record
- “EU announces first ever move to legislate cybersecurity for IoT” – IoT Business News
- “Building a secure state for critical infrastructure” – Michael Murphy, Food & Drink Business
Learn about the ultimate solution to protect infrastructure networks, Net-Optix.