By Audrey J. Adamson, A2 Strategies, LLC
The U.S. food and agriculture sector has long embraced technology to improve productivity, safety and welfare, and the environment. Digitalization in this U.S. sector continues, unabated, accelerated by the global pandemic. Increasingly, the sector is implementing technology-based solutions to address challenges such as labor shortages, environmental issues, animal health and welfare, food safety, amongst others. Using your phone to sign financial documents, scheduling grain or animal deliveries, controlling hundreds of harvest or processing plant operating systems all via a handheld tablet, or maintaining delivery schedules to retail outlets all require connectivity. The proliferation of connected devices is an IT and OT nightmare in a sector that traditionally is focused on providing abundant, safe and affordable food, fiber and agricultural products in our global just in supply chain world.
The sector, itself, has been reticent to recognize and act on the potential for catastrophic disruption and loss as cyber security threats and breaches increase. The U.S. government has struggled with how to engage this critical infrastructure to address the cyber issue. It could be its lack of expertise, lack of statutory authorities, or that complexities within the sector that require interaction amongst many government entities interfacing with the myriad of private sector entities. Congress is also looking at these issues. It has held several hearings on the topic. Several Members of Congress are drafting bills requiring agencies to engage, build intelligence capabilities, or develop cyber guidelines requiring implementation through fines and other enforcement mechanisms. Do we want to wait until the government brings a solution that is unworkable? Do we wait until we are debating bills moving in Congress?
The economic stakes are high. According to the 2021 Food and Agriculture Industries Economic Impact Study (Feeding the Economy, John Dunham & Associates 2021). The food and agriculture sector contributes about $2.7 Billion in output or 19% of U.S. national output. It is responsible for 19 plus million jobs and another 10 million indirect jobs. It generates $4.3 billion in economic output in supplier industries through induced spending. It pays $683 billion in wages and benefits—and $797 billion in taxes paid. The U.S. Department of Agriculture's Economic Research Service reports its data differently but tells much the same story.
The economic stakes are high, but I would argue that the impact on national security is even higher. Cyber-criminal enterprises and nation and non-state actors involved in these breaches are not all seeking crypto-currency rewards some are seeking ways to destabilize U.S. civil society. History tells us that food and agriculture has been used in this way for millenia.
We like to say that this sector is “different” than other critical infrastructures because it depends on biological systems and its’ rurally based infrastructure offers a level of protection. All true, but today the threats are coming to you without setting foot on your farm, in your tractor, in your freezers or on your plant floor. Over the past 30 years, in our drive to squeeze out redundancies and increase economies of scale, concentration and consolidation have left us increasingly vulnerable to complex and systemic cyber security attacks. The impact of having even one or two harvesting or processing facilities go down ripples up and down the chain and we must plow under onions, spill milk or euthanize animals.
This sector often chafes when the government develops plans and regulations -- with or without direct engagement. I would argue that it is way past time for the sector come together, establish a common understanding of the issues, consider successful cyber security models used in other critical infrastructure sectors, and set out a pathway for engagement on cyber security in the U.S. food and agriculture sector. The stakes could not be higher.
Audrey J. Adamson is a Principal at A2 Strategies, LLC. Prior to this she served as Vice President of Public Policy at the National Pork Producers Council.