Fresh food supply chains have seen improvements in infrastructure, technology and ways of working between trading partners, but continue to remain a significant challenge within logistics today.
As demonstrated by the Coronavirus disease (COVID-19) crisis, the balance between efficiency, flexibility and resiliency is difficult to get right. That’s because the fresh food supply chains are extremely fragile to outside shocks. Crisis response to supply constraints, product safety and waste has been a continued focus, and many in the industry have pursued digital solutions to improve traceability, visibility, temperature monitoring and speed.
While these approaches have driven areas of step change improvement, they also increase the need for a focus on cybersecurity. Leaders in the future of the digital fresh supply chain will need to clearly assess their risks, create a culture of cybersecurity throughout their organizations and collaborate with trading partners to combat threats throughout the value chain.
Understand the value at risk
Maintaining product integrity from farm to plate has always been a primary concern in the industry. Across the fresh value chain, there are high levels of fragmentation and varying levels of sophistication, which make managing risk a challenge. As more of these interactions move to the digital realm, the supply chains will be exposed to cybersecurity threats. Potential risks include combating attacks to operational technology that threatens production or food safety, data corruption that can enable food fraud and malicious system attacks leading to financial loss and potential loss of brand equity. These risks exist today, but will increasingly manifest in the future as more digital capabilities are adopted over a wider scale throughout the value chain.
The first step is evaluating the value at risk, ranging from consumer safety, product loss, disruption of operations or financial loss. Quantification of risk, while critical, is not straightforward. The one question to address is – how much risk the organization can afford and still be able to recover to normalcy i.e. acceptable risk threshold. Then tie this to potential exposure points in your value chain, particularly third parties and the level of data and systems access to which they are exposed. By assessing both the likelihood, magnitude and potential sources of cybersecurity risk, companies can develop a strategy to better manage these threats. This risk assessment again needs to be concurrent to shaping future technology use cases within fresh value chains.
Create a culture of cybersecurity
During the impact of COVID-19, with more of the workforce working remotely from home, potential exposure routes have increased. Despite the unique dynamics of this crisis, individual employees have always been the primary frontlines in ensuring cybersecurity. Monitoring VPN traffic and systems activity needs to be complemented with enhanced process governance for the entire organization and third-party players – farmers, freight companies, distributors - to understand threats of cybersecurity to fresh supply chains.
Recent cyberattacks have already elevated cybersecurity risk management to C-levels and the board. But, as fresh value chain partners further integrate from a technology standpoint, it needs to become a supply chain and vendor management priority as much as it is business systems priority. Creating this culture from top to bottom is critical to ensuring the safety of fresh supply chains.
Collaborating on solutions
Improving cybersecurity within fresh will require collaboration between technology and operations, both internally and with trading partners.
First, as value chain leaders look internally, their long-term systems investments should be made both with an eye toward data quality, security as well as operational effectiveness. Designing future state visibility, tracking and collaboration systems will need cybersecurity as a core element vs. an afterthought.
Second, when making infrastructure investments such as industrial control systems, third-party providers’ cybersecurity readiness should be a key evaluation criterion. Internet of Things (IoT) solutions is making significant improvements through advanced temperature sensors and real-time monitoring, but these systems are only as valuable as they are reliable in the event of a cybersecurity threat.
While designing for the future, leaders should recognize they are only as resilient as the weakest link in their supply chain’s digital ecosystem. Many areas of the industry are recognizing the need for collaboration on digital to ensure success, such as with the Produce Traceability Initiative being driven by various industry associations in North America. Efforts between trading partners to increase visibility need to consider integrity of the system to minimize risks of data corruption and fraud that will sabotage these benefits.
Blockchain is one potential solution that has been experimented with by key players, including the Walmart/IBM pilot in various fresh categories. Regardless of whether the blockchain approach is the long-term solution from a technology standpoint, its vision of data permanence and openness is one the industry can continue to embrace in its ways of working. Growers, packers, manufacturers, distributors, retailers and their logistics partners need to collaborate to identify and address cybersecurity risks across the supply chain.
Digital solutions offer significant promise for improving the safety, freshness and efficiency of temperature-controlled supply chains, but need to be closely managed to ensure cybersecurity does not threaten resiliency. Addressing these challenges effectively requires holistically evaluating potential threats, creating a culture of cybersecurity and collaborating across the supply chain to execute in a secure manner. As we look ahead, disciplined cybersecurity risk management will be a foundational in unlocking value of digital supply chains for fresh food players.