Abstract
This paper will discuss the overview of critical infrastructure protection of food and agriculture sector (FA). The content includes the critical infrastructure conception, the FA sector profile, operationalization, risk and how to archive their objectives. The critical infrastructure of the FA sector is mainly base on FA SSP. This document will explain the purpose of the FA and why it’s important in society. It will also underscore the significance of critical infrastructure protection (CIP). Another important area of study is the relationship between agriculture and food distribution. It will also indicate the significance of food security. The research will be supported by the FA’s goals, mission and vision. The data will explore FA from a physical and cybersecurity perspective. Cybersecurity staff should be aware of risk management, national preparedness in relation to critical infrastructure, how to measure effectiveness and find ways to continuously improve.
Keywords: Critical Infrastructure, Food Agriculture Protection
The CIP Overview of Food and Agriculture Sector
Introduction
The Food and Agriculture sector includes: processing and distribution systems and has the ability to feed people and animals both inside and outside the United States. These food and agricultural systems are almost exclusively private and operate in a competitive global market for economic opportunities and improved quality of life for United States citizens and others throughout the world. In addition, U. S. agriculture has a positive global humanitarian impact through export trade and food aid to the affected and poor areas of the world, contributing to world food security. Therefore, the management of FA sector technologies are one of the most important aspects of assuring national security, public health and also significantly impacting the economy.
What’s CIP
“Critical Infrastructure Protection (CIP) is the need to protect a region’s vital infrastructures such as food and agriculture or transportation. Every government in every nation has a responsibility to protect these essential critical infrastructures against natural disasters, terrorist activities and now cyber threats.” (“What is Critical Infrastructure Protection”, 2019). Ensuring the protection of CIP can be very difficult since much of the sector’s operations involve relying on the people within the private sector that own and operate farms. The United States has millions of farms, restaurants, also food manufacturing and distribution-which accounts for about 20% of the American economy. CIP on the networks that control FA operations like supervisory control and data acquisition (SCADA) ensure that this important pillar of American life continues to work adequately at all times.
The FA Sector Profile
Agriculture and Food. Agriculture includes institutions mainly engaged in growing crops, raising animals, harvesting wood, fishing seafood and other animals from farms, pastures or their natural habitats. Food companies convert livestock and agricultural products into intermediate or final consumption products. The difference between industrial groups is that they use raw materials (usually animals or vegetables) and process them into food and beverage products. Food and beverage products produced by these institutions are usually sold to wholesalers or retailers for distribution to consumers.
Food Defense, Food Safety and Food Security. Food defense is to protect food from intentional contamination or adulteration, with the intention of causing public health damage and/or economic chaos. Food safety involves accidental or unintentional contamination of food. Although significant progress has been made in reducing unintentional food pollution, it remains a public health problem. Human error and outside threat agents continue to be the biggest threats to food security in the United States and around the world.
FA Goals, Mission and Vision
Vision. The CIP of the FA sector is a prepared and resilient system of public and private sector partners involved in risk-based decision-making and open communication, communicating with strong disaster preparedness programs, threat prevention strategies and vulnerability reduction activities using a full hazard approach.
Mission. The task of the sector is to prevent damage anywhere in the food system, which poses a serious threat to public health, security, welfare or the national economy.
Goals. Continue to promote a comprehensive federal, slit engineering and private sector capacity to prevent, protect, mitigate, respond to and recover from man-made and natural disasters that threaten the country’s food and agricultural infrastructure. Increased awareness of the departmental situation through enhanced information communication and information-sharing among all departmental partners. An important factor would be to assess all hazard risks, including cybersecurity, to the private sector; also supporting department level response and recovery, improving analytical methods to strengthen prevention and response efforts, and increase the resilience of the private sector.
FA Sector Risk
- Food Contamination and Disruption (Accidental or Intentional): FA promotes strategies for the manufacturing and distribution of food products within the United States and globally. They create standards for all parties to apply in order to ensure the functionality of FA and its operations. This requires sound approaches to business and technology in order to reduce the chance of contamination or disruption.
- Disease and Pests: Unfortunately, when FA policies are not incorporated by private agricultural organizations, they often find themselves needing the FA’s assistance in decreasing the spread of disease and harmful pests throughout their operations.
- Severe Weather (i.e., Droughts, Floods, and Climate Variability): FA provides farmers, manufacturers and distributors with information regarding disaster recovery on an ongoing basis as a way of keeping people informed on the latest security strategies for assisting the FA and private organizations.
- Cybersecurity: security staff should handle SCADA controls, software and hardware maintenance, and also develop policies that addresses common areas in which negligent staff may cause a negative affect on CIP inadvertently.
How to Archive FA Sector Goals
Risk Management. The FA sector has a process to define, identify, collect and store food and agricultural critical infrastructure system information related to risk management. This identification focuses on FA sector systems, which, if damaged, will have significant consequences for national economic security, national animal and public health and safety, public confidence, loss of life or certain combinations of these adverse consequences. Considerable efforts have been made on information-gathering practices and methods that support not only existing government regulation, but also oversight and the operational and logistical functions of the private sector. In addition, there are a number of critical infrastructure identification and information collection efforts, challenges and sensitive and confidential information protection procedures used to guide security and resilience decision-making activities in key infrastructure sectors. Historically, risk assessments have been used to help focus limited resources where they can have the greatest impact. The food safety risk assessment is used to determine the quantity and quality value of the risk of exposure to food that has been identified as contaminated by biological or chemical hazards. Instead, vulnerability assessments identify, quantify and prioritize vulnerabilities in an asset, system or network, and use other departments (like USDA, HHS, DHS) to expand and continue to conduct vulnerability assessments in the FA sector and update them every two years. Private sector owners and operators conduct vulnerability assessments as it is in the best interests of their companies.
Critical Infrastructure and National Preparedness. Like most partnerships, effective communication is the key to success. The federal government acknowledges that effective communication requires two-way, regular information sharing and discussion. In order to ensure a sustainable information-sharing process, the Information Sharing Working Group (ISWG), was established, composed of members from the public and private sectors, to assess capacity gaps and develop solutions in various thematic areas, including Homeland Security Information Network (HSIN), food and agriculture (FA) membership, the emergency notification system and the re-development of the HSIN-FA web page directory for information-sharing processes previously developed for members of the FA sector, which classifies the existing information sharing work. Typically, information used by FA sector partners to effectively manage risks and protect critical national infrastructure will contain sensitive security information, critical business and proprietary data, or confidential information. The latter is protected by EO 12958 and modified in EO 13292. However, one of the challenges in classifying important sector security information is that it cannot be easily shared with key national and industrial sector partners. If more state and industry officials get security permits, this will benefit the security of the FA department. FA’s protection plan for critical facilities is also based on the requirement for a strategic approach to national critical infrastructure security and resilience according to research conducted in 2013, through which the FA sector must be aware of its key systems and subsystems. FA departments work to establish methods and procedures for evaluating these systems, assist in considering potential threats, assess vulnerability, and develop and implement protection measures and mitigation strategies. In addition, these methods and processes are thought to help solve the problem. Because criticality is a result of the function of events and can only be determined when responding to requirements, FA has established a strong relationship among partners to ensure that all systems are resilient to disasters. An integral part of resilience strategies is to encourage protective approaches or risk reduction activities. The formulation and implementation of protective projects is based on the objectives of the FA sector. FA has a set of mature return merchandise authorization (RMA), protection measures and partnerships, including various government initiatives, some of which were developed and implemented by industry partners. Government-sponsored protection projects enable the industry to work better together to solve problems that cannot be solved collectively because of competition. The focus of this document is strategic and is not intended to illustrate response activities; therefore, many examples of protection programs have been provided and referenced to help FA sector partners prepare for and respond to events affecting the sector.
Measuring Effectiveness. The purpose of measuring the effectiveness of FA sector activities is to track the progress made in strengthening the overall security and resilience of the sector over the next four years. At present, the FA sector lacks a comprehensive, all-inclusive mechanism to measure and evaluate the effectiveness of thematic-based regional data and its support programs, activities and initiatives. In order to form an overall view of the security and resilience position of the FA department, the goal is to adopt a piecewise approach by evaluating the progress of each protection scheme and strategy.
Continuous Improvement. The existing protection plans and strategies need to be constantly evaluated and improved. For example, in fiscal year 2015, FA participated in a national exercise called Southern exposure in South Carolina. The exercise focused on mitigation options and response and recovery activities following the release of radioactive material into surrounding areas as a result of nuclear power plant accidents. Its purpose is to assist government regulators and public health agencies in assessing existing food contingency plans, protocols and procedures that may have been in place or are in the process of being revised or being developed.
Conclusion
Since 2010, public and private sector FA partners have taken significant steps to reduce food and agricultural risks, improve coordination and strengthen security and resilience, with many significant achievements. These achievements represent effective and value-added cooperation between the Food and Agriculture Cooperation Council, GNU Compiler Collection (GCC) for use by cybersecurity staff, and programs like Microsoft Analysis Services (SSAS) for the examination of SQL databases and servers; these tools have a direct impact on the success of FA and its collaborating departments. Although some achievements have been made in the close cooperation of many departments, as the security situation continues to change, it is still necessary to constantly evaluate and improve the protection plans and strategies of the FA sector.
References
Food and Agriculture Sector-Specific Plan. (2015, January 1). Retrieved November 5, 2915, from https://www.dhs.gov/sites/default/files/publications/nipp-ssp-food-ag-2015-508.pdf.
What is Critical Infrastructure Protection CIP? (2019, October 30). Retrieved November 5, 2019, from https://www.forcepoint.com/cyber-edu/critical-infrastructure-protection-cip.