We don’t often think of our food as a potential terrorist tool, but for Christopher Young, an intelligence analyst for the FBI’s Weapons of Mass Destruction (WMD) program in Chicago, it’s top of mind every day.
There are two kinds of threat actors in the food segment, said Young during a presentation at ProFood Tech this week: The foreign terrorist organizations and the homegrown violent extremists, who are often lone actors. Either way, the goal of the WMD program is to protect the health and safety of the public; to identify, apprehend and prosecute perpetrators; and to prevent subsequent attacks.
The FBI is about food security, not regulations. The bureau investigates potential threats and crimes, and Young’s job is to look at many different cases in order to recognize WMD trends and identify problems before they happen. “We want to spend most of our time staying ahead of that,” Young said, noting that food is only one of many different industry segments observed. “The reason I’m here today is because we need your help,” he told the audience of food manufacturers and equipment builders.
Why target the food sector? “It’s a soft target,” Young said. “There are so many places to attack the sector. Somewhere between the farm and my fork there are a lot of touchpoints. They can poison the cows or the food for the cows or the grain once it’s been harvested.”
These are all areas that people consider “safe.” But even small incidents can become national news—which provides a good platform for a malevolent group wanting to get a message out. “Food has a lot of advantages to a bad guy,” he said, noting there are also significant public health and economic consequences.
While the thought of a terrorist group targeting our food is frightening, typically the problem stems from an inside threat, Young said. Somebody who has the rights to be in the company—be it an employee, contractor or partner—who may either put something into the plant or take something out, like proprietary information.
The inside threat is divided into three groups: violence (shooter), manipulation (fraud and sabotage) and theft (espionage).
Young gave the example of Walter Liew, a consultant, and Robert Maegerle, a former DuPont employee, who conspired to steal trade secrets from DuPont around its titanium dioxide (TiO2) production technology. TiO2 is a white pigment that makes paint, plastics, paper—even food—a bright white color. Liew sold the illegally obtained DuPont technology to state-owned companies of the People’s Republic of China for $28 million.
Fighting food crime
The FBI is looking to manufacturers and other companies in the food supply chain to be, in essence, the first line of defense—acting as the eyes and ears of the organization. To do that, there are several “detection elements” that can be built-in to the company culture.
“Build a culture of checking,” Young said. With personnel, there should be periodic reinvestigations on the screening of employees and contractors. Information that could be noteworthy includes undisclosed or misrepresentation of work history, unreported foreign travel and even signs of depression. Employees may resist periodic checks, as it may make them feel that they are not trusted, but the overall emphasis is on understanding the company’s lines, that if crossed, will result in termination.
On the other side of that, companies should offer employees lifelines, which are mechanisms that will help an individual if they are going through a difficult time. If they are having financial problems or are depressed, for example, they know they have resources that will help them rather than having to hide it, which could result in more stress. The lifeline is very important, because if they are going through a challenging financial situation, for example, or if they feel their job is at risk, they become more vulnerable—which may compel someone to accept that $28 million.
“Perfectly honest people can be put into terrible positions, so you have to have those lifelines, and do the periodic research,” Young said.
If something seems suspicious, it should be reported and there should be leadership and employee training in place. For example, if someone is not wearing a badge in restricted areas—including company executives—the employee should feel empowered to call the person out on it.
And, when something weird happens, like someone stole some containers that doesn’t seem too threatening, but just weird, it should be reported. In fact, in those situations, a call can be made directly to the FBI.
“I get all of the weird calls,” Young said. “People know what to do with an active shooter or a bank robber, but when someone stole too many chemicals that seems weird, or someone has weird behavior, give us a call.”
Before an investigation begins, the agency conducts a credibility evaluation in which a teleconference is conducted between a company representative and FBI technical experts—in fields ranging from biological to chemical to nuclear—who, will determine if their expertise is applicable as the situation is described. Ultimately, the team will determine if a threat is technically feasible (Is it possible to execute this kind of attack?), if it is operational feasible (Does the threat organization have the ability to do it?) and the adversarial intent (Identifying the ultimate threat). Lastly, the FBI has to determine if they have the authority to investigate.
It’s important to note that during the investigation an individual’s identity and the brand is protected. Just because someone is being investigated doesn’t mean they’ve done anything wrong. Therefore the FBI will not release names because it could ruin a person—or a brand.
“We come in small and we’ll protect your brand the best we can…but the ‘threat or no threat’ determination takes time,” Young said, explaining that it has to be a collaborative effort between the FBI and the company. “The bureau can’t come in alone and figure it out. We need your help. I need your help to prevent something from happening, but if it does, we need your help to work with your security staff, management and communications.”
The FBI will also work with the company’s public information officers to send out the right message to the masses because, while the work being done is directed toward protecting people, it’s also about protecting the business in the center of it all. “We don’t want to damage the brand while we are trying to protect it.”