How Cybersecurity and Food Safety Intersect in Today's Digital Age

The necessity for cybersecurity measures in the food industry is rapidly evolving, highlighting the critical demand for enhanced security measures to preserve food safety.

In fact, the industry faces serious challenges due to the increasing digitization of food processes and reliance on interconnected technologies. Such challenges include the vulnerability of supply chain systems to cyberattacks, the risk of unauthorized access to sensitive customer and business data, potential threats to food safety through tampering with digital controls, and the potential for disruption of production and distribution systems.

Added to this is the diverse ecosystem of suppliers and partners in the food industry, creating an intricate web of vulnerabilities needing robust cybersecurity measures to ensure the integrity of the food supply chain.

The Growing Importance of Cybersecurity in Food Operations

Insights from key industry experts, Annelies Van Oosterom, International Business Development Manager of Food, Feed & Farm at Kiwa, and Marcel Jutte, Director of Business Sector Cyber Security at Kiwa and founder of Hudson Cybertec, underscore the crucial intersection between cybersecurity and food safety.

"Quality, including food safety, is fundamental in the food industry,” states Annelies. “And technology plays a crucial role in maintaining product excellence. We know that OT (Operational Technology) systems are integral to properly functioning production processes and product quality. Unfortunately, we’re increasingly reading about compromised food systems in the news, so both cybersecurity measures and certifications are imperative for companies and, in turn, consumers.”

“We also see that companies are eager to invest in cybersecurity,” furthers Marcel, “Yet, they face uncertainty about the right approach and need support regarding the European Cyber Security Directive, NIS2, while preparing for legislative compliance. And that’s where the collaboration between Kiwa and Hudson Cybertec, which began in January 2023, comes into play.”

Collaborative Efforts to Enhance Cybersecurity within the Food, Feed, & Farm Market

Together, Kiwa and Hudson Cybertec offer comprehensive services to the food industry, ensuring cybersecurity compliance, knowledge, advisory, and certification services.

"Our goal is to elevate cybersecurity for Operational Technology (OT), specifically within the Feed, Food, & Farm market,” explains Marcel. “To do so, we advocate the integration of People, Process, and Technology to safeguard assets, respond to incidents, and ensure recovery. And for this to happen, we must consider technical, operational, and organizational safeguards.”
“Through cooperation, we offer food industry knowledge, practical assistance, guidance, and certification services,” adds Annelies. “And the food industry, subject to stringent regulations, is already well-known within Kiwa.”

Hudson Cybertec, on the other hand, has over a decade of experience helping organizations become more resilient regarding cybersecurity. "We provide assessments, awareness campaigns, penetration testing, and network monitoring and have already done so successfully in various industries, including dairy, potato, and sugar," adds Marcel.

The Kiwa-Hudson Cybertec partnership aims to offer comprehensive one-stop solutions. We address and meet market demands with Kiwa’s specialized IEC 62443 certification and security testing proficiency and Hudson Cybertec's OT security expertise. Hudson Cybertec conducts risk assessments and provides initial assessments to form cybersecurity roadmaps, balancing cost and risk considerations. We also offer NIS2 assessment services, assisting firms in understanding operational impact and devising cost-effective compliance strategies.

"By combining our expertise, we aim to provide a comprehensive answer to clients' complex cybersecurity challenges," Marcel commented. “Numerous clients often ask, "What is the minimum requirement for addressing Cyber Security?" This question becomes particularly intricate when it involves certification or compliance with laws and regulations such as Radio Equipment Directive (RED) and Network and Information Security Directive (NIS2). Together, we combine our expertise and comprehensively answer and address this question for our customers.”

Impact of the IEC 62443 Standard on the Food, Feed, & Farm Market

The IEC 62443 standard is the global cybersecurity standards framework for operational technology (OT), offering guidance and a common basis for securing Industrial Automation and Control Systems (IACS). It includes standards, technical reports, and related information, providing stakeholders with measures to enhance digital resilience. This standard assists in implementing cybersecurity management systems and making informed decisions on security measures.

"Organizations who adopt this globally accepted standard ensure clarity and build trust with consumers and employees by defining security levels," states Annelies. “Kiwa's certification in this standard assures a specific level of protection, enabling companies to showcase adherence to regulations such as the NIS2 and RED. And together with Hudson Cybertec, we are keen to support clients in achieving this standard.”

Training Programs for Cybersecurity in the Food Sector

In addition to the guidance and certification offered, education and training on the topic are imperative. Hudson Cybertec's training academy offers various programs and masterclasses related to the IEC 62443 standard. These programs enrich understanding and communication with suppliers, customers, and regulatory authorities about cybersecurity matters.

“Our training programs importantly align with the standard's evolution and legislation's progression,” says Marcel. "Moreover, an increased demand exists for more real-world implementation examples and tailored training for specific audiences, including end users and system integrators. We are currently updating our training offerings, which will introduce a basic training course and various specialization training modules.”

Propelling Cybersecurity Forward for Food, Feed, & Farm

It is clear that as the food industry embraces digital transformation, it must confront significant cybersecurity challenges. Safeguarding supply chain systems, protecting sensitive data, and fortifying against disruptions are essential. By prioritizing cybersecurity measures and fostering a culture of awareness, the industry can navigate these challenges, ensuring the resilience and security of its digital future while maintaining consumer trust and the integrity of the global food supply.

“It's really important for all individuals to rely on product and food safety,” says Annelies. “When drinking tap water, for example, I often wonder if it is safe. Can I rely on information provided by the authorities? Can I trust drinking water to sustain myself and those close to me? And this safety starts with ensuring cybersecurity measures are in place for the authorities and related institutions.”

“One of my goals is to ensure a more digitally resilient world,” says Marcel. “Cybersecurity affects us all, and it is especially important within the Food, Feed, & Farm market as it links to our physical health and safety. As a consumer, I want to rely on what I see in the supermarket and to know that the products I buy are safe. When I want to buy something — like all other consumers — I want to be sure there are no disruptions in the chain.”