Coordination across the agricultural, food safety, cybersecurity, and emerging cognitive security landscape must become a top priority and be seamlessly integrated across the international and national biodefense enterprise. In previous articles, the authors discussed the importance of cybersecurity in the food industry, and in our last article,1 we explored the new area of cognitive security and how it applies to this sector.

The cognitive domain of the food supply system is not well understood. Today, it largely focuses on marketing, brand issues, and public perceptions related to product recalls. Little focus is given to the accuracy and authenticity of external information, creating an opportunity for adversaries to inject false and potentially dangerous disinformation into social media and traditional news sources. Food companies depend on accurate and logical analysis and guidance by government and third parties; historically, the U.S. government has provided a portion of it. The cognitive domain becomes relevant if either government or private information providers become victims of malign influence—one form of a cognitive attack.

Case History: Decision-Making During COVID-19

The COVID-19 pandemic is an example of governments (federal and state) and businesses making unintentional mistakes—wrong decisions based on incomplete data. The downrange effects of the totality of wrong decisions deleteriously affected U.S. agriculture and food security preparedness, as well as the nation's ability to mitigate and respond to other emergencies.

Personnel are required for dealing with emergencies, but sick people cannot respond. This often results in stilted and uncoordinated actions that further lead to miscues and failures in the biological and physical realms. During COVID-19, the lack of an integrated approach of managing cyber and information considerations in planning further exacerbated the deluge of disinformation and heightened risk, rather than dissipating it.

The food and agriculture sector accounts for 20 percent of the national economy.2 During the COVID-19 pandemic, "…many food crop productions were reduced due to limited labor availability, leading to food insecurity."3 This was and is an unacceptable, yet predictable, outcome. The important element to emphasize here is that, as a whole, the mistakes made were not intentional, nor foisted upon us by an adversary. In other words, these were unforced errors in decision-making. Examining the problems through the lens of an adversary, what can we learn if an adversary would choose to make a wide or coordinated attack on the systems responsible for the food supply?

During the COVID-19 pandemic, supply chains were disrupted in part due to government-mandated travel and transportation restrictions. Food was often "dumped and wasted" because of labor shortages. Commodity shortages occurred because of "lower food production and large food waste," and food prices "increased dramatically."3 The result was an overall increase in systemic food insecurity. These disruptions were, to a degree, also exacerbated by the spread of misinformation and disinformation about the causes, spread, and mitigation of COVID-19. It should be noted that what was witnessed were not large-scale, organized, malign national campaigns, but rather disinformation on a smaller and more disorganized scale. The totality of disruptions—real and imagined—and resulting closures also affected global agriculture supply chains, thereby increasing food insecurity across the world. U.S. adversaries have taken note of the effectiveness of these loosely planned and organized disinformation campaigns, and are expected to continue to refine and improve them for future use.

Efforts to mitigate the effects of the disruptions were likewise hindered by inaccurate information on even the most basic of safety issues, such as guidance on the use of personal protective equipment (PPE). PPE was in short supply at the start of the pandemic. This resulted in the hoarding of PPE by the government, which initially did not ensure that adequate priority was given for providing PPE to agriculture and food security workers. Rumor and disinformation fed panic, which resulted in further hoarding by the public, limiting even more the availability of PPE.

What we know now was wrong decision-making by the government and businesses also impacted the safe movement of perishable food along the supply chain and, ultimately, to consumers. Avoidable food shortages caused significant downstream economic effects, such as when dine-in restaurants were closed unnecessarily and/or unable to access food as readily as prior to the pandemic. The economic impacts on retail food remained persistent even after infection rates declined. Many restaurants did not economically survive the COVID-19 pandemic. Those that did were forced to deal with significantly higher food and labor costs, in some cases severely affecting the bottom line. Higher food costs continue to be a problem.

Effects on U.S. Food and Agriculture

One account summarized the COVID-19 effect on food and agriculture as follows: "The food insecurity issues made us realize the importance of innovation, government support, and effective management of food stocks to address the multifaceted issues in the way of food security."3 If properly informed planning and decision-making had been prioritized during pre-pandemic training and exercises, then perhaps these issues could have been identified and addressed proactively.

That these issues spanned across the agricultural supply chains to the tables of U.S. citizens was obvious in the early weeks and months of the pandemic. In response, President Donald Trump signed Executive Order 13917 on April 28, 2020, "Delegating Authority Under the Defense Production Act With Respect to Food Supply Chain Resources During the National Emergency Caused by the Outbreak of COVID-19."4 Despite this relatively rapid signing of the Executive Order, damages in productivity within the food and agriculture sectors were widespread over the six weeks that had passed since the World Health Organization had declared COVID-19 a pandemic on March 11, 2020.5

Attempting to address the requirements of Executive Order 13917 exposed additional serious flaws in the government's understanding of the agriculture and food sectors. The Executive Order required the Department of Agriculture (USDA) to "monitor and manage an agricultural workforce through a full planting, growing, and harvest season," and "achieve 'normal' production and delivery while coping with disruptions caused by supply chain alterations as well as employee illness and absence, all to be achieved without worsening the disease's spread."6 It further required the Centers for Disease Control and Prevention (CDC) and the Occupational Safety and Health Administration (OSHA) to assist USDA in establishing guidance for workers and employers for establishing a safe environment in the midst of the pandemic.

The food industry had never dealt with anything like the Executive Order requirements, which turned out to be mostly aspirational and did little to achieve the stated goals, for a variety of reasons. The public health situation was made worse by the fact that many assumptions held by the government were based on incomplete or outright faulty information, which subsequently caused wrong decisions to be made. Guidelines and quasi-requirements were being established on the fly by government officials who had little understanding of the domains they were regulating.

Infection rates of COVID-19 continued to increase, since food processing facilities were only one place where workers congregated. Other locations, such as shared housing facilities, were much more impactful on infection rates. The government never fully recognized the importance of this fact, instead focusing resources on altering food production facilities. Neither the Executive Order nor corporate efforts could provide effective solutions. Sporadic shutdowns of processing facilities continued over the early stages of COVID-19, not out of choice on the part of the companies, but rather as a reflection of available personnel. CDC recommendations, including distancing of personnel, proved counterproductive in that they drove up costs but did not slow the progress of the disease. When it finally became available, the COVID-19 vaccine also had little impact on the spread of the disease. Rates of COVID-19 infection eventually subsided with time, not because of any government or company effort, but rather because most food processing personnel had, over time, been infected and as a result developed naturally acquired, so-called "herd immunity." In the meantime, billions of dollars were needlessly spent because of wrong decisions.

Supply Chain Weaknesses Exposed

Despite large capital expenditures and best efforts to improve the capabilities and processes for social distancing, and even improvements in the physical plants and ventilation systems, the initial pandemic period left food processing and supply chains in a dire situation. It also exposed serious flaws in the government's understanding of the subtleties of the food and agricultural supply chains. Adding to the confusion, guidance vacillated from treating the situation as a crisis at times, while tacitly promoting a "business-as-usual" approach. This vacillation led to a further crisis of trust in government institutions. The lack of clarity and coherent logic undermined the government's credibility, making it easier to fill business and government decision-making processes with mis- and disinformation. The COVID-19 crisis showed the need for a holistic strategy in which the entirety of the nation, including the government and business sector, are appropriately prepared, trained, and rehearsed in the event of a large-scale, well-orchestrated cognitive attack. All sectors, as well as consumers, can provide a more informed and integrated response in high-stakes, informationally ambiguous emergency situations.

This challenge of fragile supply chains in the face of confusing (or at worst, contradicting) guidance, and the lack of interagency cooperation require immediate rectification, both by government and business. Until then, food and agriculture companies will need to learn how to operate on their own during emergencies, regardless of their origins. The current and future cognitive threat environment is evolving faster than the government can develop threat mitigation solutions. Major cognitive attacks within the food and agriculture sectors are possible at any time. If and when they come, they will likely not intend to harass or slow operations—but rather, destroy them. Trust will be the target. Why hack into increasingly robust cyber-based systems, when you can instead make people believe the food supply is unsafe?

The Time to Prevent the Next Crisis is Now

Companies now and in the future will need to carefully consider how they will deal with official guidance during a cognitive crisis, if it appears the guidance might be based on faulty or maliciously influenced information. Cognitive attacks can and are being aimed at government organizations (federal, state, and local), as well as businesses. Dependency on government is increasingly risky during times of emergency. Delayed or wrong solution decisions that entail unnecessary cost increases should be assigned a zero-failure acceptability status. Right decision-making in the face of daily business or times of emergency must be the first priority across the entirety of the business enterprises that service the food supply.

Failure must never be an option. Our society cannot afford another emergency on the scale of or larger than COVID-19. A robust approach to protecting and fostering correct decision-making impacts food safety—not just inside the company, but ultimately consumers, who might be the first target in a cognitive attack. Trust in the safety, security, and integrity of the food supply chain must never be allowed to erode as it did during the COVID-19 pandemic. The impact of a potential future emergency would be far worse if decision-making were as faulty as it was during the pandemic. That cannot be allowed to happen, and the time for planning to handle the new threat realities is now.

Decision-making in the face of cognitive security threats must begin by developing a common understanding of the systems, processes, and organizations that are responsible for ensuring agricultural and food security; identifying critical gaps that have been informed by recent global and national events; and developing and implementing a plan to address the shortfalls. It must include a coming together of multiple agencies and sectors to recognize and mitigate these cross-sector risks. Our adversaries are targeting our vulnerabilities. U.S. agri-businesses can, and should, play a significant role in developing solutions. The question is: Will we mitigate those risks in time?

References

  1. Norton, R.A., C.A. Young, D.M. Gerstein, M. Sachs, A. Whiskeyman, and G.S. Weaver. "Cognitive Security, a Growing Concern for Food Safety: Part 1." Food Safety Magazine October/November 2024. https://www.food-safety.com/articles/9827-cognitive-security-a-growing-concern-for-food-safety-part-1.
  2. U.S. Department of Homeland Security. "Threats to Food and Agricultural Resources." 2021 Public-Private Analytic Exchange Program. 2021. https://www.dhs.gov/sites/default/files/publications/threats_to_food_and_agriculture_resources.pdf.
  3. Mahmood, H., M. Furgan, G. Meraj, and M.S. Hassan. "The effects of COVID-19 on agriculture supply chain, food security, and environment: A review." PeerJ 12 (April 23, 2024). https://pmc.ncbi.nlm.nih.gov/articles/PMC11048076/.
  4. Executive Office of the President. "Executive Order 13917: Delegating Authority Under the Defense Production Act With Respect to Food Supply Chain Resources During the National Emergency Caused by the Outbreak of COVID-19." Federal Register. April 28, 2020. https://www.federalregister.gov/documents/2020/05/01/2020-09536/delegating-authority-under-the-defense-production-act-with-respect-to-food-supply-chain-resources.
  5. Centers for Disease Control and Prevention. "CDC Museum COVID-19 Timeline." https://www.cdc.gov/museum/timeline/covid19.html.
  6. Duer, B. "Understanding Executive Order 13917—Delegating Defense Production Act Authority to USDA for Food Supply Chain Resources." PennState Law. May 5, 2020. https://aglaw.psu.edu/ag-law-in-the-spotlight/understanding-executive-order-13917-delegating-defense-production-act-authority-to-usda-for-food-supply-chain-resources/.

Daniel M. Gerstein, Ph.D. is a Senior Policy Researcher at the RAND Corporation, a nonprofit, nonpartisan research institution, as well as a Professor of Policy Analysis at Pardee RAND Graduate School. He formerly served as the Under Secretary (acting) and Deputy Under Secretary in the Science and Technology Directorate of the Department of Homeland Security from 2011–2014.

Robert Norton, Ph.D. is a Professor and National Security Liaison in the Office of the Vice President of Research and Economic Development at Auburn University. He specializes in national security matters and open-source intelligence, and coordinates research efforts related to food, agriculture, and veterinary defense.

Cris A. Young, D.V.M., M.P.H., Diplomate A.C.V.P.M. is a Professor of Practice at Auburn University's College of Veterinary Medicine and an Adjunct Professor at the College of Veterinary Medicine at the University of Georgia's Department of Pathology. He received his D.V.M. from Auburn University's College of Veterinary Medicine in 1994. He completed his M.P.H. at Western Kentucky University in 2005 and is a Diplomate of the American College of Veterinary Preventive Medicine. 

Marcus (Marc) H. Sachs, P.E. is the Senior Vice President and Chief Engineer at the Center for Internet Security. He is a retired U.S. Army Officer and was a White House appointee in the George W. Bush administration. His private sector experience includes serving as the Deputy Director of SRI International's Computer Science laboratory, as the Vice President for National Security Policy at Verizon Communications, as the Senior Vice President and Chief Security Officer of the North American Electric Reliability Corporation (NERC), and as the Chief Security Officer of Pattern Computer. He was also the Director of the SANS Internet Storm Center and has co-authored several books on information security. He holds degrees in civil engineering, computer science, and technology commercialization, and is a licensed Professional Engineer.

Dr. Andrew Whiskeyman, COL USA (ret.) is the Chair of the Cyber Strategy Department and Associate Professor at the National Defense University's College of Information and Cyberspace. He also teaches as adjunct faculty with Syracuse University's Maxwell School of Citizenship and Public Affairs, and the Air University's Global College of Professional Military Education (GCPME). Dr. Whiskeyman is a Goodpaster Scholars Fellow and a Senior Non-Resident Fellow with the Global National Security Institute. The views expressed are his own, and not necessarily the views of any organization of which he is a part.