Kristin Demoranville

I was actually just speaking to some people from the cattle industry last week, and they were expressing their frustration of just how difficult it is to manage their supply chain. So what if a supplier gets hit like JBS? How do the grocers purchase any meat? They can't purchase it from them. So where do they go? Is there a backup plan?

You know, there's all these questions that I went even further and said, what happens with JBS? Because the cattle couldn't get slaughtered in time. So then you've got cattle that's standing in trailers or holding pens. You can't retract them to the farm because they don't have feed or space for them probably by then because they've already rotated. There's all these.

So who does the burden fall onto? The rancher? Oh, God, I hope not, you know? Right. Does it fall on the distributor? They don't have overflow pens necessarily. Nobody's ever tested their backup incident response plans. There's no disaster recovery. There's no BCP because people just think, oh, well, you know, it's like business as usual.

We're just going to lean on people around us in the community. But the community has shrunk because... We're losing agriculture jobs every day because people are moving to cities. It's not as popular anymore. It's trying to get a little more trendy.

I'll be honest around like regenerative agriculture, because you can be a total nerd and geek and still farm because now you can bring your cyber truck out to move your chicken house. Which looks sexy, right? Like not that it's not sexy, but it's just the concept of it is sexy. You could use, you know, hybrid cars or plugins to do that work. So that kind of is attractive, obviously.

I've been kind of joking around. It's like cyber farming, you know, in a way. Yeah. I'm don't quote me on that. Cause if somebody brands that, I'll be like, well, but those kinds of things, people just don't have a good handle on the supply chain at all because it is huge.

And instead of actually, and I say this all the time and I ripped this off a friend of mine, that's an OT in the UK, but we literally keep trying to boil the ocean, find that silver bullet moment when we just need to sit down and make a cup of tea.

And if we start focusing on the smaller aspects, like, you know, people process, because honestly it's probably the easier and less expensive to deal with. And then move to, okay, we've got these technology that are in these environments. What are we doing with them? There are companies out there turning tractors into autonomous vehicles via like a little kit. That's O-T-I-C-S.

Like, hello, does the industry know that? Did you know that, listener? Did you know that? Like, that's stuff when I hear that, I'm like, oh my God, did anybody talk to the security teams around these? Like, the farmer doesn't have a security team. Mm-mm. The farmer doesn't have time for that. They are just happy if they break even and make some profit at the end of the year.

That's what they want to do. Keep their families fed, the lights on, their cattle fed. That's it, right? It doesn't have to be more than that. But here we are as security professionals who have been in the industry long enough, both of us, and we know just how bad it's going to get because nobody's been dealing with this. So my worry, and I know I'm jumping your question, Seth. Okay.

Everybody get it. What my worry is over the next three to seven years, roughly, is that we're going to have such a major foodborne illness issue out of the food industry because of some cyber attack that hit, whether it's nation state, bad actor, disruptor, brand disruptions, whatever, that we're going to be so rattled that we're not going to know what to do.

And we're going to do the wrong things. We're going to put a Band-Aid that needs to be a stitches situation. And it's just going to make the supply chain even worse. And that's my concern. And I've talked to a few food safety experts who've asked me on air, literally, hey, how many bodies need to be on the floor before somebody does something? And my response back was probably a lot.

And I hate to say that out loud. And the person who asked me that actually lost a child to E. coli poisoning. So it was this really personal moment of, I'm sorry to say, I just think we're not smart enough to deal with it ahead of time. Because people don't like being proactive. They just want to be reactive. And that's frustrating.

Thank you so much for tuning into this episode of Bites and Bites podcast in collaboration with Protect It All podcast. Your support means the world to me. I have some very exciting news. I've been nominated for the Women in Podcasting Awards in the technology category. Yeah. Please vote for the show.

Your vote would be a huge help in gaining visibility and raising more awareness for cybersecurity and food and agriculture. Voting is open now from August 1st till October 1st and the link can be found in the show notes. Thank you in advance. I appreciate you taking the time and I couldn't be more thrilled that the show has been nominated. Now back to my conversation with Aaron.

And I'm about to use some buzzy terms, so everybody just brace. But we need to move away from being in recovery mode all the time to being resilient, especially in the food industry. And that's what I constantly go in and talk about. You're going to get hit with an attack. I don't want to hear that you're not because you are. Are you prepared? And the response back is, I don't know.

that's bad let's get on it you know like that's let's just not even think about it i actually as an owner of a software company i actually got hit with a brute force attack a couple weeks ago and instead of freaking out we quickly triaged and everything was fine we didn't have any issues no breaches happened nothing like that but i actually afterwards i had this cackle laugh for like five minutes with like tears because i was like we're legit we got hit

because you got to turn it around to be like a positive in a way like oh yeah we're cool enough to be hit like right what did what did we do yeah sweet you know whatever we're doing is must be working our branding keep it going because we're doing well And I think if people started looking at it from that almost comical mindset, there might be the laser to roll through it.

But I am I am very worried about our food supply chain. And I'm not just speaking about the United States. I'm speaking globally because it impacts globally. It's not just here.

There isn't. And there's no real collaboration there. It's getting better. I shouldn't, I'm sorry. I shouldn't say that because a lot of the OT products want to work together in some type of a collaborative environment, but there's still like, you know, this is mine. That's yours kind of thing, which is fine. And whatever, I get it.