Attacks like the infamous JBS Food breach illustrate how important cybersecurity is for the food industry and the economy in general.
On a newly released episode of the Food Institute Podcast, Chris Campbell, host of the podcast, sat down with experts to talk about cybersecurity in the food industry. The participants of the podcast included:
- Bryan Daugherty, Co-Founder of Smart Ledger, Public Policy Director for BSV Blockchain Association and Subject Matter Expert for the civilian component of the Department of Defence;
- Gregory Ward, Chief Development Officer of Smart Ledger and the Co-Founder of Certihash;
- Patryk Walaszczyk, Blockchain Solution Expert for IBM.
The trio discussed how dangerous incidents such as the JBS Food attack are and what impact they can have not only on individual companies, but national economies too.
Finally, the panelists also presented Sentinel Node, a first of a kind blockchain-based software solution that significantly minimises an important vector in cyberattacks that can significantly reduce any damage caused by such attacks.
The immense economic impact of cyber attacks
To illustrate the extent of the damage to the food industry, Daugherty cited the JBS Ransomware attack. The incident occurred in the summer of 2021 and will likely be remembered by many from the U.S., Canada or Australia. Due to the attack, meat production was down in many locations. As JBS Food is the largest meat producer in the world, this drove up food prices in the U.S.
Production could only restart after management decided to negotiate with the hackers and paid a total of USD 11 million for the return of all encrypted information.
The JBS case is not an isolated incident, as Daugherty remarked. Attacks that not only disrupt business processes but also leak sensitive customer data occur time and again throughout the entire economy. These can lead to further crimes and, on top of that, it damages the reputation of the affected companies. Furthermore, if it turns out that important requirements for the protection of customer data were disregarded, massive fines may be due from the state as well. Such attacks are therefore no trifling matter, but a massive threat to companies and the economy.
The bottom line of this situation is that it is better to become preventive in terms of data security and data and network integrity, as the founder of Smart Ledger concludes.
Listen to the Food Institute Podcast on cybersecurity in the food industry
The Food Institute Podcast · Leveraging Blockchain for Cybersecurity
How the forensic investigation proceeds in the event of an attack
Patryk Walaszczyk, summed up the forensic work of an attack and described the steps that have to be implemented before day-to-day business can resume. He noted that working with Sentinel Node will not change this process in essence, but the software helps significantly speed up the forensic work required. Walaszczyk described four different steps:
1) Identification of an attack
The first step in dealing with an attack is to identify if an attack has indeed happened. Nowadays, hackers work with fake attacks to divert attention from their real attack, which might or might not happen at the very same time. Therefore, the first step is to diagnose if an attack has indeed happened.
2) Assessing damage and evidence preservation
When a real attack is detected, it is important to address the data affected by the attack as quickly as possible. The damage of the attack needs to be assessed and evidence recovery is also a priority. An important question here is whether personally identifiable, i.e. sensitive, data is affected.
After that, it is also important to record how much time has passed since certain data was compromised and to determine the duration of the attack.
3) Ensuring security and enabling normal course of business
The third step focuses on ensuring normal and safe business operations. This consists, for example, of enabling internal systems to run securely again, eliminating all attack vectors and rectifying all vulnerabilities.
4) Internal and external reporting and evaluation
The fourth step is reporting, i.e. the internal and external communication of such incidents. Externally, PR work must be done, i.e. to maintain the company’s reputation as well as possible. In internal communication, lessons must be learned from the incident. A thorough analysis of the mistakes and an evaluation and reappraisal of the mistakes are needed, which must lead to concrete improvements in security.
How Sentinel Node speeds up the process of dealing with an attack
The average time to first detect an attack on one’s own systems, i.e. the very first step to work through an attack, is 207 days, according to the IBM report that was published in 2023.
The number is so unexpectedly high because many attackers are successful at concealing not only clues to their own origin and identity, but also the attack itself and any evidence of it.
This is where Sentinel Node comes in, as Ward explained. It reduces detection time to minutes or even seconds. He explained in detail how Sentinel Node achieves this:
The integrity of each chosen file or logged or log is checked on a ten second interval. And simultaneously, the state of the network is sent to the blockchain for auditability purposes. If an alert is detected, it is immediately sent to the administrator and other permission stakeholders.
Upon the handling of that alert, whether their alert is dismissed or resolved in another fashion, the system admin is required to leave a note signed with their enterprise blockchain access key to give again and again accountability to the fact that this administrator has taken this course of action. And that note is encrypted and sent to the blockchain.
Walaszczyk noted why only the BSV blockchain is suitable for software like Sentinel Node. The most important property is the immutability of the database. For more than a decade, the BSV blockchain has been able to demonstrate that it is impossible to change any data stored on it. This means that an attacker no longer has the possibility to change or delete data that indicates his own attack.
In addition, the blockchain must be unboundedly scalable. In this case, it means that it must be able to store sufficient data on-chain at any time.
The BSV blockchain meets all of these criteria.