What the JBS Meat Hack Means for Consumers
Huffington Post - June 4, 2021
By Heide Brandes
The meat production industry in the U.S. was rocked this week when a massive cyber attack shut down the operation of JBS, the world’s largest meat supplier.
Although some of JBS’s systems were back online Tuesday and Wednesday, the cyber attack (thought to have originated from a criminal organization likely based in Russia) forced the company ― which operates pork, poultry and beef plants worldwide ― to suspend operations at nine beef processing plants across the U.S. due to ransomware.
Going into what is traditionally a grilling season when consumers are buying up beef, chicken and pork for backyard cookouts, this latest industrial cyber attack will ultimately have little effect on the prices of meat, experts say. What it has done, however, is bring to light just how fragile the world’s food industry is to future cyber hackers.
Although you may not see a shortage of meat or a drastic increase in prices at the store, the ransomware attack on the livestock industry will have a long-lasting ripple effect on how we process and buy our meat.
What Happened?
On Sunday, May 30, JBS USA announced that it was the target of an organized cybersecurity attack that affected its servers in North America and Australia.
According to a media statement, JBS immediately shut down the affected systems and began working with an incident response firm to restore its systems as quickly as possible.
By Wednesday, the company announced that it was on schedule to resume production at all of its facilities on Thursday.
“JBS USA and Pilgrim’s continue to make significant progress in restoring our IT systems and returning to business as usual,” Andre Nogueira, JBS USA CEO, said in a statement Wednesday. “Today, the vast majority of our facilities resumed operations as we forecast yesterday, including all of our pork, poultry and prepared foods facilities around the world and the majority of our beef facilities in the U.S. and Australia.”
It appears that the shutdown didn’t affect the food safety of the products that left JBS during that time, as neither JBS nor the Department of Agriculture’s Food Safety and Inspection Service (FSIS) have issued any recalls or statements that the food is unsafe to eat. HuffPost reached out to JBS but hadn’t heard back by the time this story was published.
(Unrelated to the hack, FSIS announced that JBS recalled approximately 4,860 pounds of imported boneless beef products that may be contaminated with E. coli back in April.)
For the average shopper, the massive disruption barely had an impact on beef prices or consumer’s day-to-day needs.
“It wasn’t an incredibly long-lasting attack, but if the damage was greater or persisted longer, you would probably see a more market change and price change,” said Trent Milacek, an area agricultural economics specialist with Oklahoma State University Extension.
“We saw incredible price movements on Tuesday, but then the market recovered to pretty much where we were a week ago in terms of live cattle prices,” he said. “On the retail side of that, if you’re going out to buy stuff, I’m sure you will still find plenty of products available in the grocery stores, so that won’t be a huge concern.”
However, Milacek said, the U.S. is now aware of how fragile the food supply actually is. Additional attacks or disruptions, like what the industry experienced in 2020 during the COVID-19 pandemic, could definitely make waves in the market, increase volatility and affect supply and prices. That being said, Milacek said the public shouldn’t worry about running out of food anytime soon.
“The great thing about the U.S. is we are incredibly diverse. We have a lot of different sources of food, and that has always helped maintain our robust food supply,” Milacek said.
“As a consumer, I wouldn’t be incredibly concerned about this single incident, but in the future, it opens up our eyes to what can happen.”
How Future Threats Affect Our Food
The risk of cybersecurity to America’s food supply isn’t a new concern. In September 2019, The University of Minnesota’s Food Protection and Defense Institute released its “Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing” report on risks to the U.S. food supply chain, stating that the food industry is already a frequent target of criminals.
One of the biggest problems in large-scale food operations, the report showed, is that many control systems and software used by the food industry were developed before cybersecurity was a concern. Thus, these systems were never designed to be secure from cyber attacks.
“As the energy, financial and healthcare sectors harden their defenses in response to attacks, it’s safe to assume criminals and other threat actors will move on to lower hanging fruit. This could well be the food industry, which continues to use vulnerable (systems) that are discoverable on the internet,” the report warned.
Ravi Jadeja, food safety expert with OSU’s Robert M. Kerr Food and Agricultural Products Center, said the automated nature of industrial livestock production facilities and food processing centers could be its biggest weakness.
Many automatic machines are controlled by software, and if a hack occurs, those machines could be shut down or even used to harm plant workers if they are tampered with. It also disrupts the safety measures companies are required to use when processing food.
“Not only is the physical safety of the food products impacted by this, but the food industry needs to create tons and tons of documentation to prove that the food product is safe,” Jadeja said.
“If documents are not present, then the food industry may need to recall all of the food products that they produce. More and more industries are moving toward going online, so when there is an issue like this, it prevents them from creating those documents.”
Jadeja said the chemical antimicrobial agents the food industry uses to remove microorganisms from food could also be tampered with, making those foods unsafe to eat.
“For a multinational company with its system online, then it is likely that someone could even change the concentration of chemicals. It not only becomes a food safety issue, but it can even become a human health hazard.”
Although rare, future cyber attacks like that could happen without more safety protocols put into place.
“There are many different safeguards against this type of thing,” Jadeja said. “Cyber attacks are part of every company’s Food Defense Plans, which identifies your computer system and designs appropriate measures to mitigate the vulnerabilities. But again, this is very new to the food industry, which has seen small-scale issues, but not at the scale that we are seeing right now.”
Meat Prices Should Stay Stable ... For Now
The cyber attack on JBS was short-lived, but it still made an impact on the market. When JBS shut down its processing facilities this week, the USDA numbers for livestock saw 22% reduction in processing on Tuesday and a 15% drop on Wednesday.
“When you hit a 22% reduction in processing, that’s definitely going to affect what we see on the retail side for beef and also swine,” Milacek said. “It’s kind of similar to the pandemic, where we saw disruptions to processing facilities that were due to labor. On the retail side, we see prices go up. If this was a long-term attack, you might see reductions in supply, but we had just two days of disruption.”
Although you may not see much of a price increase on beef or pork in the grocery store, the attack is causing shoppers to rethink just how safe food production is from future attacks.