Australia’s food supply is especially vulnerable to cyber attacks, warns the director of a national cybersecurity company, while urging the industry to raise its standards on the anniversary of the JBS ransomware hacking.
Key points:
- The head of a national cybersecurity company warns that Australia’s food supply is particularly vulnerable to piracy and pandemic closure.
- The food industry was added to the Commonwealth’s list of critical industries following a successful attack on Australia’s largest meat company.
- Five Eyes Security Alliance Says Russia-Backed Hackers Aim for Countries Helping Ukraine
JBS Foods, the world’s largest meat processor, was rescued by Russia-based hackers for $ 11 million last year.
The cyberattack shut down the company’s global operations for five days, including several Australian slaughterhouses.
Claroty’s Australian regional director Lani Refiti said Australia’s entire food and beverage supply chain was “only vulnerable” to further attacks.
“It’s happening,” Mr. Refiti said.
“It’s not a question of ‘whether’ there will be a major attack on the Australian food and drink sector, it’s a question of ‘when'”.
He said there would be food shortages if there was another incident like JBS.
Laws were passed months after JBS hacking to list food and beverages as a critical national industry.
They led to the introduction of mandatory cyber incident reporting and enhanced cyber security obligations for assets of national importance.
But Mr. Refiti said major supermarkets, distributors and food processors were still much less secure than other industries.
“If we look at critical infrastructure such as financial services, energy, water, food and beverages they are at the bottom of the list,” he said.
Threat of piracy with the support of Russia
The Australian Cyber Security Center said cybercrime rose 13 per cent last year with self-reported losses totaling $ 33 billion.
About a quarter of the 67,500 cybercrime reports the agency received last year were associated with Australia’s critical infrastructure.
“Significant national and global guidance on essential services such as the health, food and energy distribution sectors has highlighted the vulnerability of critical infrastructure to significant disruption to essential services.” loss of income and potential for damage or loss of life. ” says the center’s 2021 report.
Mr. Refiti said the rise in cybercrime had accelerated since the Russian invasion of Ukraine.
He said there had been much more coordination between nations and cybercrime groups in the last three or five years.
“Eastern European criminal groups use cybercrime as a service,” he said.
“Information on threats has been telling us that these groups are being supported or offered a safe haven by the Russian government.”
The Russian invasion of Ukraine could expose organizations to increased malicious cyber activity. (Flickr)
The center joined the cybersecurity authorities in the United States, the United Kingdom, Canada and New Zealand last month to issue a public warning that Russian state-sponsored hackers were targeting critical infrastructure. countries and organizations that provide material support to Ukraine “.
Animals, food at risk
The vulnerability of Australia’s food supply was highlighted during the pandemic, as the shortage of some products led to the panic buying of many others.
Elizabeth Jackson, a senior professor of supply chain and logistics at Curtin University, said a cyberattack could cause more problems than empty supermarket shelves.
“It’s animal welfare. You can’t leave animals in a truck,” Dr. Jackson said.
A Woolworths spokesman declined to be interviewed, saying only “cybersecurity is a crucial part of our risk management framework and we welcome new legislation that will help create a coherent standard for cybersecurity protocol across the largest supply chain “.
JBS Foods did not respond to requests for comment.
The JBS attack was one of the many successful hacks targeted at Australia’s food supply.
Lion, one of Australia’s largest milk and beer processors behind brands such as XXXX, Tooheys, Pura and Masters milk, was hacked and stopped production in 2020.
Toll Group, one of Australia’s largest food distributors, was hacked and shut down twice in 2020.
“Anything over three weeks would be serious [food] scarcity, “Refiti said.
“These companies are absolute targets,” Dr. Jackson said.
Technology is available
The Australian Cyber Security Center listed a number of types of attacks in its warning to critical industries “including destructive malware, ransomware, DDoS attacks and cyberespionage”.
Mr. Refit said malware attacks were a common way for hackers to extort ransoms and shut down entire businesses.
“Malware can change, but the actual MO is simple and always works,” he said.
“All it takes is one or two people in an organization to open an infected file and then it spreads like wildfire in an infected organization.”
However, he said there were ways to improve security.
“Controls to fight ransomware have been around for 10 years,” he said.
“It’s not a difficult thing to do from a process or technology perspective.”
He said the financial sector had tightened its security.
“It took a lot of credit card theft and personal information for regulators to act and the government to start holding these organizations accountable,” he said.
“I think the same thing will happen in the food and beverage sector.”