Disruptions at Wisconsin dairy processor highlight food and ag industry’s vulnerability to cyber attacks

A recent disruption at a Wisconsin dairy processor highlights the risk of cyberattacks on food companies.

Schreiber Foods is an international dairy processing company headquartered in Green Bay with plants in Richland Center and West Bend.

A spokesperson confirmed in an email that the company experienced a “cyber event” last week that began impacting systems on Saturday. All of the company’s plants and distribution centers could not run because of the disruption to their systems, which affected their ability to receive raw milk and other materials.

The spokesperson said Schreiber Foods’ specialized response team immediately began working to resolve the issue. Plants and distribution centers began operating late Monday and all plants are currently running.

John Hoffman is a senior research fellow at the Food Protection and Defense Institute at the University of Minnesota. He said cyberattacks have been going on for years in the food industry and it’s not unique to see a company experience operation disruptions because of a hack.

“Schreiber hasn’t yet formally acknowledged that it was an attack or a ransomware event, although I suspect it was one or both,” Hoffman said. “It became public and obvious when they stopped receiving milk after Friday when things started to happen. But exactly what happened hasn’t been made public.”

Hoffman said many companies that go through a cyberattack are reluctant to share information about what happened, fearing the impact on their brand or reputation. But he said the lack of information sharing is unfortunate because it prevents other companies from learning from the incident.

“The food and ag sector is probably the least prepared sector for cyberattacks,” Hoffman said. “They tend to have older software, they tend to have older devices and they’ve been working for a long time. They’re still doing exactly the same thing. So if the device works and the software works, ‘don’t fix something that’s not broken’ is kind of the view of it. The truth, however, is these devices are vulnerable.”

On top of that vulnerability, Hoffman said food processors are the perfect target for ransomware attacks because of the pressure of handling raw food materials.

“Who is highly incentivized to pay you? Somebody that has to produce on a continuous basis and they’re part of a critical infrastructure,” Hoffman said. “They know there will be great pressure on the company to get systems back up and running and therefore there’s pressure to pay.”

He said the rash of recent attacks on prominent processing companies, including a ransomware attack on meat processor JBS in May, has turned up the pressure on companies to invest in these systems.

The U.S. Department of Agriculture held a cybersecurity expo earlier this week for companies to learn how to increase their resilience to attacks.

And earlier this month, the Wisconsin Cheese Makers Association held a webinar for its members to learn about new cybersecurity threats and strategies to prevent attacks. Communications director Grace Atherton said the association’s members have taken notice of the increased threat of cyberattacks and how it affects the entire dairy industry.

“They realize that any attack on one individual business is really an attack on the entire supply chain, from the farm all the way down to the consumer. So more and more of them are proactively directing their resources to protect their business interests and really our supply chain from these disruptions,” Atherton said.

Atherton said having one of these attacks hit close to home presents an opportunity for processors to review what cybersecurity measures they have in place and where they may need to improve their defenses.

Hoffman said his biggest advice for companies is to segment their systems as much as possible, instead of keeping them all on the same network. He said companies may like the idea of connecting all of their operations to the internet, but the convenience of accessing control from anywhere is a trade-off for a more secure system.