Close Ad

The Spoon

Daily news and analysis about the food tech revolution

cybersecurity

Alternative Protein Companies Shouldn’t Ignore the JBS Hack

The ransomware attack that shut down meatpacking giant JBS this week should be a wake up call for every startup developing alternative proteins. The big lesson here is that food companies aren’t immune from online threats. Even if your startup is still in the lab, cybersecurity needs to be part of your product roadmap right now.

To be clear, there is still a lot we don’t know about the JBS hack. Was JBS specifically targeted, or did hackers just stumble across a security vulnerability? How did the hackers get in? What systems at JBS were affected? While JBS says most of its plants would be back up and running today, will there be long-lasting effects?

Here’s what we do know. JBS is a food company. It doesn’t deal with national security (as far as we know), doesn’t provide immediate critical infrastructure needs like the Colonial pipeline hack last month. The JBS attack was bad enough to halt production and shut down all JBS facilities across the U.S., with the potential to drive up food prices at retail and restaurants if it doesn’t get fixed quickly. If hackers now think food companies are soft targets, we could certainly see similar attacks against a number of different producers around the world.

Because the entire alternative protein category is so young, startups working in the space might think they can fly under a hacker’s radar. Plant-based meat only became widely available at retail just last year, and cell-based meat is mostly still in the pilot phase. Companies could be tempted to focus solely on their product and kick the IT security can down the road.

Plant-based food companies, for example, don’t generate nearly as much revenue as their animal processing counterparts, so they just can’t pay as much in ransom. The retail market for the entire plant-based foods category, which includes plant-based meat, dairy, etc., is now worth $7 billion, according to the Good Food Institute. To compare, animal meat grocery sales in the U.S. in hit $82.5 billion in 2020.

But sales of plant-based foods are on the rise. U.S. sales of plant-based meat grew by more than $430 million last year to reach $1.4 billion. If these trends hold and plant-based companies generate substantially more revenue, they too will become more attractive to ransomware attackers. Beyond Meat and Impossible Foods, two of the biggest plant-based meat players, could become ripe targets if they become more central to our collective diets.

Cell-based meat companies in particular should take heed. Even though cell-based meat is only for sale from one company (Eat Just) in one country (Singapore), cultured food companies have even more reason to worry about hackers. Cell-based meat is grown in bioreactors, which are controlled by some type of networked computer to adjust nutrient baths, monitor growth, etc. Could hackers then hijack the meat being grown? Could they do so and go unnoticed? There are a lot of drawbacks to using animals as meat, but a hacker cannot take over a cow. Cell-based protein on the other hand, still needs to be approved for sale around the world and win over customers who might be wary of eating lab-grown meat. Any major hack to cell-based meat companies could stop the sector’s growth before it even truly begins.

All of this may sound alarmist, but alarms should be going off for these nascent alternative protein companies. Build in the proper security now while you are still developing your overall corporate roadmap so you don’t have to deal with hackers derailing your entire business down the road.

Steve Nackers on The Evolving Role of Cyber-Security in the Connected Kitchen

Does your blender prefer a specific brand of low-fat yogurt? Is your stovetop eager to share snapshots of last weekend’s epic dinner party? Just how connected are smart kitchens, and more importantly, which appliance knows what (and who are they sharing it with)?

Steve Nackers, corporate Manager of Electronic Controls for Sub-Zero, will be at this year’s Smart Kitchen Summit discussing cybersecurity, the connected kitchen, and the chances of your slow-cooker chili setting off five alarms in all the wrong places.

We sent him a few questions before the October event about how the Sub-Zero team are tackling innovation, performance, and adaptive privacy settings.

This interview has been lighted edited for clarity. 

Tell us more about what you do for Sub-Zero Group, Inc.
I’ve been with Sub-Zero Group, Inc. for over 18 years. During that time, my career has spanned from field support to product launches to innovative research initiatives. I have enjoyed experiencing a wide part of the DNA of this family-owned company and its commitment to its customers — something I’m excited to see even more growth around with the recent breaking ground on our new innovation center that will serve as a hub for research and development.

As the Corporate Manager of Electronic Controls for Sub-Zero Group, Inc., my team will be one of the first to move to the new innovation center where we will work alongside teams from across our three great brands on developing and integrating the controls, software, and innovations that deliver on that promise of quality and value that Sub-Zero Group, Inc. is known for.

How have you seen technology transform the way we cook in the kitchen?
Yes — technology is reshaping the kitchen and the home space around us in ways we see, and in ways we don’t. However, it is important to make sure that those technologies are applied in meaningful ways that enable and enhance the consumer experience. From the NASA-inspired air filter technologies that enhance food preservation to precision software and instrumentation that has evolved greatly in the last decade to provide the consumer greater control and more predictable cooking results, these technologies are reshaping the cooking experience. We continue to take really innovative and new technologies and shape them in ways that help our consumers to have an experience in the kitchen that gives them confidence.

Do you envision a future in which all kitchen appliances are connected and controllable via your phone/voice?
The key thing is providing the consumer with choice. Homeowners still really value the ability to interact with their appliances, but are also looking for ways to improve their efficiency in the kitchen. Their data, privacy, and security should be what they have control over, and we need to enable them to interact with their appliances in the ways that are most seamless and comfortable for them. For some people, that will be voice, for others it is mobile, and still others it is a physical knob. Thoughtfully designing the appliances from day one throughout our engineering process to accommodate that choice and respecting the values of our consumers is what drives our vision of the future.

How do you address consumer concerns about privacy with IoT-enabled devices?
We take security very seriously and have worked closely with organizations like UL and Microsoft from the start to ensure proper measures are in place to be proactive about vulnerabilities. Cybersecurity is an ever-changing landscape, and is something we must continuously evolve and update our security measures to stay on top of. The most important thing is to have a mindset and commitment to security as a priority in every step of your design process and throughout the various levels of your organization. That is something we take seriously and continue to cultivate.

We also understand that consumers have concerns about IoT enabled devices. Our customer service teams are dedicated to working with consumers on their questions. Our hope is always that any concerns they might have we address so effectively that they come away with confidence and a greater sense of trust. To that end, we work to be clear, transparent, and effective in communicating what and how data is handled.

What’s the one kitchen appliance you could never live without?
My Wolf induction cooktop, hands down. Induction is finally making inroads in the U.S., and I’ve converted a few family and friends as well. I had used gas and standard electric methods for years previously, but getting my first Wolf induction cooktop was eye-opening. The power, efficiency, and absolute precision was amazing. To be able to drive a pot of water to rolling boil in under a minute, and yet leave chocolate at a soft melt for as long as needed with such precision on the same devices is incredible. There is a lot of exciting innovation to come in this space too which makes me even more eager for future generations of the product!

Come watch Steve speak on Hacking The Oven: Cybersecurity & The Connected Kitchen at SKS next month! Get 25% off your tickets here.

National Restaurant Association Attacks Cyber Threats With a New Tool

Restaurants are as vulnerable as any business when it comes to cybersecurity and data breaches. We saw that last month, when at least 5 million credit card numbers were swiped from Sonic Drive-In customers.

In a timely move, the National Restaurant Association has responded by publishing an update to its 2016 Cybersecurity 101 guide and tool (PDF), titled “Cybersecurity 201: The Next Step” (PDF).

The tool is a kind of primer on the five steps of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework: Identity, Protect, Detect, Respond, and Recover. Gartner has predicted that half of all U.S. businesses will use this framework by 2020.

Cybersecurity 201 is considerably longer than its predecessor, and is focused specifically on restaurants and the actions they can take to protect themselves. It lays out four hypothetical “attack” scenarios and the actions restaurant owners should take in response.

Not that these types of scenarios are fictional in any way. As new technologies make their way into the hospitality industry, and as establishments accept more and more digital payments, businesses grow more and more vulnerable. Arby’s and Chipotle were both attacked this year, as was Whole Foods. And those were just the big ones. You don’t have to be a nation-wide chain to get hacked. Many of restaurant-industry attacks are focused around the POS system, which also happen to be one of the most difficult types of threats to protect against. And a restaurant without a POS system these days is a rare find.

Cybersecurity 201 was designed for restaurants of all sizes and types. The tool walks readers through restaurant industry-specific action steps around the NIST Framework. Every suggested action is rated on a scale of one to five in terms of importance, with five being “urgent.” Currently, 17 items are considered urgent, including having a consistent response plan, monitoring the physical environment (aka, guidelines for day-to-day operations at the restaurant), and identifying internal and external threats. The guide wraps up with a handy glossary of terms.

Restaurant Business Online, meanwhile, has published six tips for restaurants to consider when it comes to security at their establishments. Of all the tips, “understand that you can’t eliminate risk” highlights one of the most important points about cybersecurity: technology and guidelines may be evolving to combat attacks, but those attacks are evolving right alongside them. Acknowledging that and committing to a plan of constant assessment is perhaps the smartest thing restaurants can do right now.

Sonic eventually acknowledged the attack and posted information on what affected consumers could do. That’s cool and all, but patrons have the least amount of control over the situation when their favorite restaurant gets attacked. Hopefully Cybersecurity 201 can help restaurants assume more of the responsibility for these attacks—before they happen.