Meat supply at risk? After two major disruptions in a year, industry confronts vulnerabilities

The recent cyberattack on massive meat processing conglomerate JBS has highlighted, for the second time over the past year, the vulnerabilities of the heavily centralized and concentrated slaughterhouse industry in the U.S. and across the world.

The cyberattack, which targeted global computer networks at the Brazillian-based JBS and led to a brief, targeted shutdown by the company, comes almost exactly a year after fears of the SARS-Cov-2 pandemic saw slaughterhouses across the U.S. shutting down for weeks at a time, raising fears of looming meat shortages and instances of panic-induced shortages. 

With vaccines widely available and more and more aspects of everyday life returning to normal, fears of COVID plant shutdowns have largely abated, at least for now. Yet the JBS attack has underscored the vulnerabilities of the meat processing industry to cyberattacks in a world where cyberterrorists are growing increasingly refined and exacting. 

Meatpacking in the U.S. is largely controlled by just four megafirms: JBS, Cargill, Tyson, and National Beef. That kind of massive consolidation is not foreign to other industries — Microsoft reportedly commands more than three-quarters of the desktop operating system market worldwide, while various pharmaceutical products are often similarly concentrated in just a few companies. 

Yet few industries, when disrupted, loom as large in the mind as food: Even before meat plants began briefly shutting down last year, panic-buying was observed in supermarkets across the country as consumers snatched up canned goods, dried pasta and other groceries out of fear of global supply chain disruptions. 

"The meat industry has been a target" of cyber attacks, Keith Belk, an animal sciences professor at Colorado State University, told Just the News. "And because it is labor-intensive and very visual, it also clearly was vulnerable to the pandemic — although much was learned about preventing similar breakdowns in the future during the past 14 months."

Belk argued that "the entire food supply chain is actually vulnerable to a wide range of potential attacks," something that has led to voluntary preparedness protocols among various food industries. 

"I'm not certain that such vulnerability assessments have typically included cyber-attacks, but they are certainly likely to in the future," he said. "This could help to prevent such disruptions in the future."

Jim Dickson, an animal science professor at Iowa State University, argued that the meat industry's massive centralization does not "necessarily present any unique dangers" from such attacks and disruptions.

The global food industry "is highly centralized, and relies on the interaction of all of the individual components (production, processing, transportation, storage, distribution, etc) to function," Dickson acknowledged.

But "the biggest issue in any manufacturing operation, whether it is food, automobiles or consumer electronics, is complacency," he maintained. "The attitude that 'it can't happen here.' I hope that the latest event with JBS will be a wake up call for all of the companies."

That will likely be the case. But retrofitting the highly complex and interconnected machinery that dominates most major slaughterhouse operations today will be a costly task, albeit a cost major companies will likely feel compelled to swallow, particularly in light of aggressive new cyberattack techniques. 

"I'm very, very concerned about the physical infrastructure — things like the gas pipeline and the refrigeration systems at the plants," said Temple Grandin, an animal behaviorist at Colorado State University's College of Animal Sciences. 

Grandin is well-known for her pioneering work in the meatpacking industry, having developed several standards and processes to facilitate easier and more humane slaughtering of livestock. She said the industry is dominated by "very expensive, very difficult-to-replace infrastructure" that needs to be secured against various forms of attack. 

Grandin argued that "old-fashion electro-mechanical controls" are the key to bolstering vulnerable systems against malicious attack. Such technology, she said, would function to shut down an entire system "if the computer instructs it to do something that could damage or destroy it."

"People don't think of this," she said. "They think they can do everything with software." She said that "air gapping," in which critical networks are kept completely isolated from unsecured servers such as the open Internet, could help to protect vulnerable infrastructure from malicious attacks. 

The JBS debacle was resolved relatively quickly, with little apparent disruption to any local food supplies, but disrupting massive industries is still relatively easy. This was seen last month when a cyberattack shut down the critical Colonial Pipeline for several days, leading briefly to widespread and in some cases severe shortages, albeit due largely to panic-buying rather than a genuine supply problem.

Cybersecurity is, of course, a matter of national security, as has been the case since computer systems became ubiquitous in both civilian and military life. Both industry leaders and government officials are actively scrambling to develop effective security guards and other countermeasures to head off the next attack. 

President Joe Biden last month, for instance, issued an executive order calling for "bold changes and significant investments" in cybersecurity "in order to defend the vital institutions that underpin the American way of life."

"The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid," Biden said in the order.

Grandin stressed that companies should prioritize both cybersecurity and a reliance on older yet more secure non-digital technology. She pointed to the recent ransomware attack on the Martha's Vineyard Steamship Authority ferry operator, which attacked the authority's reservation system but which only slowed the ferries instead of stopping them completely. 

"They hacked the reservation system, but the boat still worked," she said. "The boat is a lot more important than the scheduling system."