Invisible Threats Have Tangible Consequences

I remember vividly the 1979 headlines about the Three Mile Island incident involving a nuclear power electricity-generating station in Pennsylvania, which was on the other side of the country from where I was living at the time. It seemed like we were bombarded by 24-hour TV coverage of the partial meltdown. I also remember the leadership shown by then-President Jimmy Carter as he walked through the plant’s control room only a few days after the incident began. Even though I was young at that time, it created in me an awareness of an invisible threat — something from which we cannot necessarily hide.

More recently, we have witnessed the media’s focus on new examples of invisible threats with economic and even human casualties.

The recent 24-hour coverage of the collapsed condo building in Surfside, Fla., has included much of the predictable questions of what early indicators were known and why didn’t anyone do anything to avoid the tragedy. Investigators are looking into testing records, certifications, compliance — and details that will point to or eliminate liability on the part of owners and management. Regardless of the legal conclusions, the human toll will serve as a universal call for transparency.

“Buildings like this don’t fall down in America,” Surfside’s mayor said to a press gathering, according to a story in The New Yorker.

Writer Amy Davidson Sorkin described the mayor’s words as “implicit” in their “appeal to the nation’s exceptionalism.” Similarly, I often hear federal food regulators and industry executives make statements that the American food supply is “the safest in the world.” Many experts have criticized these misleading statements as they portray a lesser sense of risk to policymakers and consumers.

We are also aware of the recent cyber ransomware attacks on Colonial Pipeline (having paid some $2 million) and on meat producer JBS (having paid some $11 million in ransom).

I talked with two cyber security experts who both independently shared that while our current push for regulatory compliance that aligns with more digitization and transparency is overdue, federal regulations “miss the boat” when it comes to cybersecurity. One expert described the Food and Drug Administration’s (FDA) New Era for Smarter Food Safety’s lack of even mentioning cybersecurity as “a potential oversight,” while another compares our nation’s food supply as having “the same level of cybersecurity as a Third World country.”

Nobody has died from these attacks. However, we have no guarantee of security from these hacks on industrial control systems — ones that could impact food safety. Earlier this year, a hacker tried to poison the public water supply at a water treatment plant near Tampa, Fla., by increasing the level of sodium hydroxide (or lye) in the water supply to 100 times higher than normal. Fortunately, this attempt was quickly discovered and corrected. Another consideration for food safety is a company and even investigators being locked out of access to traceability data in the middle of an outbreak.

Concerns over cyberattacks as a form of food terrorism are not new. After the 9/11 attacks, the World Health Assembly, the decision-making body of the World Health Organization (WHO), published “Terrorist Threats to Food” — a food terrorism document for national government policy makers. In the document’s preface, the WHO classifies food safety as an essential element of modern, global public health security. In the United States, the Department of Agriculture (USDA) collaborates with the National Security Council (NSC) on threats and policy pertaining to the food and agriculture sector. Food is a national security issue.

The WHO uses lessons learned from outbreaks and recalls to emphasize the potential of causing the disruption of global trade, economic stability and even political stability of smaller nations.

Some of the points in “Terrorist Threats to Food” hold significant meaning for unintentional food problems. Today, this must be interpreted as including those created by cyberattacks.

The pandemic has increased the food industry’s installation and use of remote sensors and remote-access software. The use of third-party data collection, storage and analysis companies is also on the rise. While some experts point to these third-party companies’ database encryption being strong, that could undone by clients’ control of password access. The understanding by those in the industry of every facet of the food chain is critical in identifying and preventing all failures and violations of the system.

Consumers may not be able to see food safety failures in their food, but industry prioritization of preventing or mitigating invisible threats, similar to those in a collapsed building or a cyberattack on a utility, will always be perceived by consumers as essential.