Cyberattack on meat giant has Iowans looking to fortify defenses

Livestock industry leaders are looking for ways to prevent cyberattacks. (Photo by Ahlea Forster, CC BY-SA)

A ransomware attack on the world’s largest meatpacking company this week drew attention to the need for more cybersecurity in agriculture.

JBS plants across the U.S., including two in Iowa, had moved toward reopening at full capacity late Wednesday after a cyberattack on servers. The White House said a Russian crime organization is likely to blame. 

President Joe Biden has been preparing for talks with Russia, which has been accused of interfering with U.S. elections and with the operation of the Colonial Pipeline

When a reporter asked President Joe Biden on Wednesday if he would retaliate against Russian leader Vladimir Putin for the latest ransomware attack, Biden said, “We’re looking closely at that issue.”

Asked if Putin was testing him, Biden said, “No.”

Some feared that the hacking at JBS would mean a return to even higher prices at meat markets, and maybe shortages. There were no reports of that happening as of Wednesday, however.

The incident had more than meatpacking plant operators nervous. Hog producers were, too. Iowa is the nation’s top supplier of hogs.

The Iowa angle

Pat McGonegle, CEO of the Iowa Pork Producers Association, said the JBS incident showed that an industry already consumed with guarding against biological attacks that could disrupt the food supply now needs to ramp up its work on preventing cybercrimes.

“I think this particular incident will accelerate and heighten the preparedness that we take as an industry,” McGonegle said.

While he said he doesn’t know of Iowa cybercrimes at individual livestock confinement operations in Iowa, many feature climate controls and other systems that are connected online, McGonegle said. That means risk.

“I think this incident with JBS will cause some of the organizations to take a stronger look at the programming that we have in this area and then have discussions with USDA,” the U.S. Department of Agriculture, he added.

Eldon McAfee, an attorney for Iowa’s major livestock organizations, said there were some reports that deliveries of some animals were delayed. But the disruption appeared to be short-lived. 

Iowa Agriculture Secretary Mike Naig told Iowa Public Radio the JBS plants in Marshalltown and Ottumwa had to reduce production briefly. Naig said the incident shows the need for the U.S. to work more aggressively on cybercrimes in packing plants and other farm facilities, and at manufacturers and other industrial sites.

“The bigger picture here with these cyberattacks is that it was first on critical energy infrastructure, with the energy pipeline recently, and now with the food supply chain. We’ve got a lot of work to do as a country to shore up and defend our critical infrastructure and cyber is certainly one of those areas that needs a focus,” Naig said.

A spokeswoman for the North American Meat Institute, representing meatpackers, did not return an email seeking comment. 

In a statement Tuesday, the U.S. Department of Agriculture said, “USDA will continue to encourage food and agriculture companies with operations in the United States to take necessary steps to protect their (information technology) and supply chain infrastructure so that it is more durable, distributed and better able to withstand modern challenges, including cybersecurity threats and disruptions.”

Former Iowa Gov. Tom Vilsack is U.S. agriculture secretary. 

Fortune reported that the attack on JBS forced the company to shut down computers across North America and Australia. Fortune noted that the industry is still battling back from workforce issues related to COVID-19.

The trouble started on Sunday for JBS. By Wednesday, the company hoped to resume most of its slaughter operations at beef, pork and poultry plants. 

White House comment

On Tuesday, Karine Jean-Pierre, principal deputy White House press secretary said the FBI is investigating the attack on JBS. 

“Combating ransomware is a priority for the administration. President Biden has already launched a rapid strategic review to address the increased threat of ransomware to include four lines of effort: one, distribution of ransomware infrastructure and actors working closely with the private sector; two, building an international coalition to hold countries who harbor ransom actors accountable; expanding cryptocurrency analysis to find and pursue criminal transaction; and reviewing the (federal government’s) ransomware policies,” Jean-Pierre said. 

We call on organizations across government and the private sector to take the threat of ransomware seriously and modernize their cyberdefenses …” she added. 

Automation needed to feed people presents risk

In March, IEEE Spectrum reported that having so much equipment connected to the internet could bring added cybersecurity threats to industries that need technologies to feed 8.5 billion people by 2030. Of those people, 840 million are expected to be facing acute hunger. 

Before the JBS cyberattack, Xing Yang of Nanjing Agricultural University in China told IEEE Spectrum smart agriculture has been studied extensively, but “the security issues (involving) smart agriculture have not.” IEEE is the Institute of Electrical and Electronics Engineers, a professional association.

Some of the ag systems make them vulnerable to attacks beyond more conventional cybercrimes, the researcher added. Feeding systems, climate sensors and data technologies could be interrupted.