by Marion Nestle
Jun 8 2021

What’s known about the cyber attack on JBS?

What with accusations of causing cancer and climate change, putting workers at risk of Covid-19, and exercising inappropriate political muscle (writing Trump’s  executive order to keep the meat packing plants and collaborating with USDA to fight public health measures), Big Meat is under a lot of pressure.

And now we have the latest—a ransomware hack of the largest meat company in the world, the Brazilian company JBS ($52 billion in revenues).

By messing with the company’s IT systems, the hackers shut down all of its meatpacking facilities.

In a press release, JBS said the attack would not seriously affect supply chains, but one expert says the meat industry is likely to feel the effects of this disruption for weeks..

The USDA says it is in communication with everyone concerned: the White House, Homeland Security Department and JBS.

The Counter points out that JBS is not the first food company to be subject to a ransomware attack, and it undoubtedly will not be the last.

Politico (behind a paywall) reports:

Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy — just voluntary guidelines exist. The two federal agencies overseeing the sector include the USDA, which has faced criticism from Congress for how it secures its own data. And unlike other industries that have formed information-sharing collectives to coordinate their responses to potential cyber threats, the food industry disbanded its group in 2008.

Politico also reports that last month, the University of Minnesota’s Food Protection and Defense Institute warned about the threats to meatpacking plants, and how shutdowns would cause meat shortages and price spikes.  And in November last year, the cybersecurity firm CrowdStrike noted “a tenfold increase in interactive — or “hands-on-keyboard” — intrusions affecting the agriculture industry over the previous 10 months.”

Politico also said:

A 2018 report from the Department of Homeland Security examined a range of cyber threats facing the industry as it adopts digitized “precision agriculture,” while the FBI said in April 2016 that agriculture is “increasingly vulnerable to cyberattacks as farmers become more reliant on digitized data.” The industry also offers plentiful targets: As the Department of Homeland Security’s cyber agency notes , the ag and food sector includes “an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities,” almost all under private ownership.

The Justice Department says it intends to handle ransomware cases the same way it handles terrorism cases, according to CBS News.

The White House says the hackers are almost certainly Russian cyber-criminals.

JBS has not yet said whether it paid a ransom.  [Added comment, 6-10-21: JBS paid $11 million in ransom].

If food companies have not adequately invested in their IT systems, now is the time.