When Bad Actors Weaponize Food

March 29, 2019
During a presentation at ProFood Tech, an FBI analyst outlined how the food supply chain can be tainted and what manufacturers can do to safeguard their brands.

We don’t often think of our food as a potential terrorist tool, but for Christopher Young, an intelligence analyst for the FBI’s Weapons of Mass Destruction (WMD) program in Chicago, it’s top of mind every day.

There are two kinds of threat actors in the food segment, said Young during a presentation at ProFood Tech this week: The foreign terrorist organizations and the homegrown violent extremists, who are often lone actors. Either way, the goal of the WMD program is to protect the health and safety of the public; to identify, apprehend and prosecute perpetrators; and to prevent subsequent attacks.

The FBI is about food security, not regulations. The bureau investigates potential threats and crimes, and Young’s job is to look at many different cases in order to recognize WMD trends and identify problems before they happen. “We want to spend most of our time staying ahead of that,” Young said, noting that food is only one of many different industry segments observed. “The reason I’m here today is because we need your help,” he told the audience of food manufacturers and equipment builders.

Why target the food sector? “It’s a soft target,” Young said. “There are so many places to attack the sector. Somewhere between the farm and my fork there are a lot of touchpoints. They can poison the cows or the food for the cows or the grain once it’s been harvested.”

These are all areas that people consider “safe.” But even small incidents can become national news—which provides a good platform for a malevolent group wanting to get a message out. “Food has a lot of advantages to a bad guy,” he said, noting there are also significant public health and economic consequences.

While the thought of a terrorist group targeting our food is frightening, typically the problem stems from an inside threat, Young said. Somebody who has the rights to be in the company—be it an employee, contractor or partner—who may either put something into the plant or take something out, like proprietary information.

The inside threat is divided into three groups: violence (shooter), manipulation (fraud and sabotage) and theft (espionage).

Young gave the example of Walter Liew, a consultant, and Robert Maegerle, a former DuPont employee, who conspired to steal trade secrets from DuPont around its titanium dioxide (TiO2) production technology. TiO2 is a white pigment that makes paint, plastics, paper—even food—a bright white color. Liew sold the illegally obtained DuPont technology to state-owned companies of the People’s Republic of China for $28 million.

Fighting food crime

The FBI is looking to manufacturers and other companies in the food supply chain to be, in essence, the first line of defense—acting as the eyes and ears of the organization. To do that, there are several “detection elements” that can be built-in to the company culture.

“Build a culture of checking,” Young said. With personnel, there should be periodic reinvestigations on the screening of employees and contractors. Information that could be noteworthy includes undisclosed or misrepresentation of work history, unreported foreign travel and even signs of depression. Employees may resist periodic checks, as it may make them feel that they are not trusted, but the overall emphasis is on understanding the company’s lines, that if crossed, will result in termination.

On the other side of that, companies should offer employees lifelines, which are mechanisms that will help an individual if they are going through a difficult time. If they are having financial problems or are depressed, for example, they know they have resources that will help them rather than having to hide it, which could result in more stress. The lifeline is very important, because if they are going through a challenging financial situation, for example, or if they feel their job is at risk, they become more vulnerable—which may compel someone to accept that $28 million.

“Perfectly honest people can be put into terrible positions, so you have to have those lifelines, and do the periodic research,” Young said.

If something seems suspicious, it should be reported and there should be leadership and employee training in place. For example, if someone is not wearing a badge in restricted areas—including company executives—the employee should feel empowered to call the person out on it.

And, when something weird happens, like someone stole some containers that doesn’t seem too threatening, but just weird, it should be reported. In fact, in those situations, a call can be made directly to the FBI.

“I get all of the weird calls,” Young said. “People know what to do with an active shooter or a bank robber, but when someone stole too many chemicals that seems weird, or someone has weird behavior, give us a call.”

Before an investigation begins, the agency conducts a credibility evaluation in which a teleconference is conducted between a company representative and FBI technical experts—in fields ranging from biological to chemical to nuclear—who, will determine if their expertise is applicable as the situation is described. Ultimately, the team will determine if a threat is technically feasible (Is it possible to execute this kind of attack?), if it is operational feasible (Does the threat organization have the ability to do it?) and the adversarial intent (Identifying the ultimate threat). Lastly, the FBI has to determine if they have the authority to investigate.

It’s important to note that during the investigation an individual’s identity and the brand is protected. Just because someone is being investigated doesn’t mean they’ve done anything wrong. Therefore the FBI will not release names because it could ruin a person—or a brand.

“We come in small and we’ll protect your brand the best we can…but the ‘threat or no threat’ determination takes time,” Young said, explaining that it has to be a collaborative effort between the FBI and the company. “The bureau can’t come in alone and figure it out. We need your help. I need your help to prevent something from happening, but if it does, we need your help to work with your security staff, management and communications.”

The FBI will also work with the company’s public information officers to send out the right message to the masses because, while the work being done is directed toward protecting people, it’s also about protecting the business in the center of it all. “We don’t want to damage the brand while we are trying to protect it.”

About the Author

Stephanie Neil | Editor-in-Chief, OEM Magazine

Stephanie Neil has been reporting on business and technology for over 25 years and was named Editor-in-Chief of OEM magazine in 2018. She began her journalism career as a beat reporter for eWeek, a technology newspaper, later joining Managing Automation, a monthly B2B manufacturing magazine, as senior editor. During that time, Neil was also a correspondent for The Boston Globe, covering local news. She joined PMMI Media Group in 2015 as a senior editor for Automation World and continues to write for both AW and OEM, covering manufacturing news, technology trends, and workforce issues.

Sponsored Recommendations

Put the Plant Floor in Your Pocket with Ignition Perspective

Build mobile-responsive HTML applications that run natively on any screen.

Ignition: Industrial-Strength System Security and Stability

Ignition is built on a solid, unified architecture and proven, industrial-grade security technology, which is why industrial organizations all over the world have been trusting...

Iron Foundry Gains Competitive Edge & Increases Efficiency with Innovative Technology

With help from Artek, Ferroloy implemented Ignition to digitally transform their disconnected foundry through efficient data collection and analysis while integrating the new ...

Empowering Data Center Growth: Leveraging Ignition for Scalability and Efficiency

Data center growth has exploded over the past decade. Initially driven by organizations moving their computer assets to the cloud, this trend has only accelerated. With the rise...