Food security is national security. The COVID-19 pandemic reinforced the criticality of food security and the relationships between the Department of Homeland Security and the U.S. Department of Agriculture within the 16 national critical infrastructure sectors. The pandemic exposed key dependencies that caused the shutdown of food supply chains as the workforce illness rapidly spread globally and across the U.S., causing the shuttering of processing plants, the culling of herds, and the inherent shortages in retail availability of foodstuffs.

The food supply chain is a complex, interdependent "system of systems," where governments, the private sector, and individuals interact with the technologies, requirements, and procedures in each stage of the farm-to-fork process. Food safety is dependent upon timely, "fact-based, rational decisions (FBRDs)." Increasingly, these FBRDs are made by humans assisted by computers and artificial intelligence (AI) systems. Rational decision-making has come under assault by sophisticated adversaries using advanced technologies that disrupt, corrupt, and manipulate our critical infrastructure systems, including putting the safety and security of the food supply system at risk, as well as brand quality and the bottom line.

We think of biosecurity as a desired end state where harmful pathogens, parasites, and pests in the food supply chain are being continually monitored for and excluded. We also view food safety, or the prevention of food contamination, as a critical element within the post-harvest food processing phase's contribution to overall biosecurity.

Unfortunately, deliberate attacks present additional risks that could impact biosecurity, including poisoning or adulterating food products or using cyberattacks that target control or process systems. This is where human decision-making (the FBRDs) intersects with biosecurity. Collectively, "cognitive security"or protecting the human decision-making process—needs to be a consideration for industry, government, and academia as a critical element of food security.

What is Cognitive Security?

The Information Professionals Association1 states that cognitive security focuses on:

  1. The exploitation of cognitive biases in large public groups
  2. Social influence as an end unto itself
  3. Formality and quantitative measurement.2

In other words, cognitive security protects decision processes, helping decision-makers develop patterns of thought that rely more on logic than emotion and use healthy skepticism to identify and mitigate biased data sources and flawed logic (i.e., reasoning).

A more practical business definition for agriculture and the food industry defines cognitive security as a set of processes that protect decision-makers and decision-making at all levels of the food chain, in times when all are being targeted by malign influencers (i.e., adversaries). Cognitive security in the context of biosecurity and food safety thereby promotes rational decision-making and error prevention, with the aim of protecting food products, brands, corporate bottom lines, and the rightly perceived continued integrity and safety of the food supply by the public. Ultimately, protecting the food supply is a national security issue.

What Does Cognitive Security Have to Do with Food Safety?

Food corporations are familiar with the need for brand quality maintenance. Brands can be affected by real events, such as when a contaminated food product inadvertently makes it into the marketplace. Brand quality can also be affected by tampering incidents, rumors, and hoaxes. For this reason (among others), food corporations monitor social media. Many corporations engage teams of media experts to quickly respond to negative, false, conspiratorial, and brand-harmful postings.

Food safety programs provide the surety of evidence that the food product has not been adulterated or contaminated, whether accidentally or intentionally. In this sense, the end product—namely, the food we eat—is the result of the sum of robust biosecurity, which stretches from pre-harvest through post-harvest to the consumer, a technologically updated version of the farm-to-fork concept. Decision-makers in the farm-to-fork chain depend on digital tools (e.g., machine learning and AI for big data applications and scraping social media) and sensors to provide accurate information upon which decisions are made—and those vital information systems must be cognitively secure. Collectively, these tools form the structure of a "biosecurity dome" that helps protect the food supply (Figure 1).

FIGURE 1.  The Biosecurity Dome Protecting the Food Supply
The Biosecurity Dome Protecting the Food Supply

Cognitive Attacks: New Kinds of Threats, Threat Surfaces, and Attack Vectors

Cognitive attacks are not new. Manipulating an enemy's mind prior to battle is at least as old as history itself. The idea of food-related manipulation goes back to the biblical story of the Garden of Eden, where the serpent's deception and food went hand-in-hand. Yet, in the current age, the protocol of a safe and secure food supply system has often been focused on either the exclusion of pathogens and adulterants (food safety) or one's ability to access food sources (food security).

The cognitive domain of the food supply is not well understood and has focused largely on marketing, brand issues, and perceptions related to recalls. As a result, a thorough understanding of food safety is critically important and must, therefore, now include an understanding of the evolving threats that attack human perceptions and understandings about food—the cognitive domain.

In today's individualized information environment, one of the potentially impactful threats to the nation's food supply is cognitive manipulation. The challenges encompass not merely the cognition of myth, media hype, or misinformation about food (e.g., "Can I eat butter?" or "Are eggs healthy?"), but something far more insidious.

Offensive cognitive actions are targeted campaigns designed to undermine the concepts of food safety. Food may in fact be safe to eat, but an adversary convinces people not to eat food, using time-tested cognitive manipulation, or cognitive victimization techniques alongside new media, generative AI, and/or collective cognitive bias, thus causing artificial food security issues.

Canned Products: A Hypothetical Adversarial Offensive Cognitive Crisis Campaign Scenario

Let us examine a possible scenario. A cognitive target story is created by an adversary actor about an individual getting sick and dying after eating a particular canned product. The story is published by a popular media outlet and cites a researcher at a think tank who mentions possible repercussions. The ensuing media hype leads to a proactive, widespread drop in sales, possibly even a voluntary product recall, as the company wants to maintain a good brand image.

Simultaneously, a second story is released concerning another individual dying after eating another company's canned product. Pundits speculate. The think tank speculation shifts to possible dangers in the canning process. Others suggest that perhaps a cyberattack on canning plants is causing food to not be heated to the correct temperature, thereby creating conditions for widespread botulism poisoning. More voluntary recalls ensue.

As companies proactively recall their products, production lines are temporarily shut down while investigations are ongoing. The Centers for Disease Control and Prevention (CDC) and the U.S. Food and Drug Administration (FDA) step in to quell the ensuing public panic. Yet, given that we are in the post-COVID-19 era, both agencies are experiencing a trust deficit by large segments of the population, further fueling additional public panic and speculation about motives, safety, and availability of untainted food.

The public speculating moves to TikTok, where false stories are proliferating, such as how the FDA and U.S. Department of Agriculture (USDA) are colluding with big agriculture to remove food staples and push consumers toward bioengineered products. Add to this marketing crisis claims by proxies working for adversarial nations and their ability to use thousands of bots3 to spread the lies, and one can begin to understand the potential trust (and profit) impact that could result from an adversarial offensive cognitive crisis campaign.

Hypothetical Scenario Aftermath

In the event of such a campaign, significant ancillary economic impacts are likely, and the trust deficit is likely to cascade. The resulting recalls and panic put pressure on the fresh food industry and cause spikes in food prices and panicked buying of commodities. The sales of refrigerators and freezers cause more panicked buying, and food shortages are reported nationwide.

All the while, no food safety problem exists, yet millions of tons of perfectly good food sit in warehouses or are destroyed, while perhaps millions of people struggle with maintaining their personal food supply.

While this may seem like an improbable scenario, a gentle reminder to the reader are the shortages of toilet paper that occurred during the COVID-19 consumer panic in 2020. That cognitive crisis involved the sourcing of the economic luxury product toilet paper, which in many parts of the world is not as available as in western societies. It might not be pleasant or convenient, but one could adapt to the temporary or even prolonged loss of toilet paper. Not so with the loss of food.

The way forward begins with understanding the risks—including the threats, vulnerabilities, and consequences—to our food supply chains. This understanding begins with establishing a common framework or lexicon for discussing and addressing these issues. Collectively, cognitive security needs to be a consideration for industry, government, and academia as a newly perceived (but critical) element of food security. Cognitive security must also become a critical element in overall biosecurity, where offensive cognitive attacks could do additional kinds of damage.

Global Food Production and Processing Biosecurity Lexicon

Below is provided a non-exhaustive glossary of terms associated with food biosecurity. Awareness of these terms, in addition to being educational, will aid in understanding throughout this column series.

  • Biosecurity: A desired end state in food production and the food supply where harmful pathogens, parasites, and pests are continually monitored for and excluded, whether on a farm, feedlot, or ranch, or in a food processing facility, distribution site, or retail outlet.
  • Food safety: A desired end state in food production and processing that utilizes technologies, processes, and comprehensive security postures to prevent food contamination, whether of natural origin, accidentally acquired, or intentional. Food safety is a critical element within the post-harvest food processing phase's contribution to overall biosecurity.
  • Cognitive security (food supply): Cognitive security in the context of biosecurity and food safety promotes rational decision-making and prevents error, with the aim of protecting food products, brands, corporate bottom lines, and the rightly perceived continued integrity and safety of the food supply by the public. A desired end state made possible by a set of technologies, processes, and comprehensive security postures that protect decision-makers and decision-making processes at all levels of the food chain targeted by malign influencers (i.e., adversaries).
  • Cognitive security domain (food supply): The full spectrum of defensive technologies, processes, and comprehensive security postures that provide protection against adversary-based cognitive risks—including the threats, vulnerabilities, and consequences—that degrade rational decision-making and erode public trust in the food supply. These threats come from intentional adversarial actions, attacks, strategies, and tactics that degrade rational decision-making and erode public trust.
  • Offensive cognitive crisis campaign (food supply): A larger, sophisticated, and sustained series of adversarial cognitive attacks on decision-makers associated with the food supply or public. Adversarial origins could include nation-states, transnational or national criminal organizations, or technologically sophisticated lone actors. It is also often referred to as a cognitive assault. It is important to note that this campaign could result in a cognitive crisis, in which an impactful cognitive attack targeting decision-making has occurred. A cognitive crisis could occur among decision-makers within any phase of the food chain or can manifest within the consumer public, hindering mitigation and response to the crisis.

In understanding these definitions, we can talk about the risk to the food supply in terms of threats, vulnerabilities, and consequences:

  • Threat(Department of Homeland Security definition): Natural or human-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.
  • Food system threat actor(s): Malign lone actor(s), group(s), criminal organization(s) (domestic or transnational), nation-state(s), and/or its proxies, seeking to damage directly or indirectly the food production, processing, and distribution chain; the food supply; or individual food product(s).
  • Cognitive domain (food supply): The totality of technologies, strategies, and tactics used to protect food and agriculture-related rational decision-making through knowledge, comprehension, application, analysis, synthesis, and evaluation.
  • Cognitive manipulation (vulnerabilities and consequences): The deliberate act by an adversary to manipulate fact-based, rational decisions (FBRDs) and perceptions by targeting decision-makers and/or consumers.
  • Cognitive victimization (vulnerabilities and consequences): The successful manipulation of FBRDs and/or alteration of perceptions in a FBRD process, a system, or a food product(s), targeted by an adversary.
  • Food system adversary(ies): Malign lone actor(s), group(s), criminal organization(s) (domestic or transnational), nation-state(s), and/or its proxies, seeking to damage directly or indirectly the food production, processing, and distribution chain; the food supply; or individual food product(s).

Part 2 of this column series, to be published in the December 2024/January 2025 issue, will explore food safety and business decision-making in the face of cognitive security threats. Stay tuned!

Note

The views expressed in this article are solely that of the authors, and do not provide or imply any endorsement of included statements, claims, and conclusions from any organizations or affiliations associated with the authors.

Acknowledgment

Special thanks to Mr. Jason Lancaster and Mr. David Bragg for their expert review of the manuscript. Both Mr. Lancaster and Mr. Bragg will be co-authors on future articles in this series.

References

  1. Information Professionals Association (IPA). "Bringing Together Experts in Cognitive Security." 2024. https://information-professionals.org.
  2. IPA. The Journal of Cognitive Security. https://cogsecjournal.com.
  3. "What are Bots, Botnets, and Zombies?" WebRoot. https://www.webroot.com/us/en/resources/tips-articles/what-are-bots-botnets-and-zombies#.

Robert Norton, Ph.D.is a Professor and National Security Liaison in the Office of the Vice President of Research and Economic Development at Auburn University. He specializes in national security matters and open-source intelligence, and coordinates research efforts related to food, agriculture, and veterinary defense. 

Cris A. Young, D.V.M., M.P.H., Diplomate A.C.V.P.M. is a Professor of Practice at Auburn University's College of Veterinary Medicine and an Adjunct Professor at the College of Veterinary Medicine at the University of Georgia's Department of Pathology. He received his D.V.M. from Auburn University's College of Veterinary Medicine in 1994. He completed his M.P.H. at Western Kentucky University in 2005 and is a Diplomate of the American College of Veterinary Preventive Medicine.  

Daniel M. Gerstein, Ph.D. is a Senior Policy Researcher at the RAND Corporation, a nonprofit, nonpartisan research institution, as well as a Professor of Policy Analysis at Pardee RAND Graduate School. He formerly served as the Under Secretary (acting) and Deputy Under Secretary in the Science and Technology Directorate of the Department of Homeland Security from 2011–2014.

Marcus (Marc) Sachs, P.E. is the Senior Vice President and Chief Engineer at the Center for Internet Security. He is a retired U.S. Army Officer and was a White House appointee in the George W. Bush administration. His private sector experience includes serving as the Deputy Director of SRI International's Computer Science laboratory, as the Vice President for National Security Policy at Verizon Communications, as the Senior Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC), and as the Chief Security Officer of Pattern Computer. He was also the Director of the SANS Internet Storm Center and has co-authored several books on information security. He holds degrees in civil engineering, computer science, and technology commercialization, and is a licensed Professional Engineer. 

Andrew Whiskeyman, Ph.D., COL USA (Ret.) is an Associate Professor at the National Defense University's College of Information and Cyberspace and an Associate Research Scientist with the University of Maryland's Applied Research Laboratory for Intelligence and Security (ARLIS). He teaches as adjunct faculty with Syracuse University's Maxwell School of Citizenship and Public Affairs and the Air University's Global College of Professional Military Education (GCPME). Dr. Whiskeyman is a Goodpaster Scholars Fellow and a Senior Non-Resident Fellow with the Global National Security Institute. The views expressed in this article are his own, and not necessarily the views of any organization of which he is a part.

Greg S. Weaver, Ph.D. is an Associate Professor and Co-Director of the Interdepartmental Graduate Program in Sociology at Auburn University's McCrary Institute. His research interests include lethal violence, substance use, and domestic/international threat groups. Since 2009, he has been a member of the reserve unit of the Lee County Sheriff's Office in Alabama. Dr. Weaver also holds certifications from the DoD/DSCU Ministry of Defense Advisors Certification Program and the CARVER Target Analysis and Vulnerability Assessment Training Program.