On May 24, 2023, members of the IT-ISAC’s Food and Agriculture Special Interest Group (SIG) launched the Food and Ag-ISAC in partnership with the IT-ISAC. In our first year, the Food and Ag-ISAC has made great strides in implementing our vision to build a farm-to-table ISAC that represents the food and agriculture industry while partnering with government and academia.
The Food and Ag-ISAC serves as a cost-effective force multiplier to the security teams of our member companies. Member companies defend better by defending together. Our ISACs share threat intelligence with each other, collaborate during bi-weekly meetings, and engage across various communication platforms to strengthen our industry. This increases situational awareness of the sector’s threat environment and enables us to identify actions to protect against these threats. We then can share this collective knowledge with the industry at large.
As we celebrate our first anniversary, we have taken a look back at some of our key accomplishments, including:
Rapid membership growth: Since launch, we have nearly doubled our membership and welcomed members headquartered in North America, Europe, and Australia. Our members include large multinational corporations, small- and medium-sized enterprises, and farmer cooperatives. Each new member increases our reach within the community and adds to our capabilities, expertise, and situational awareness.
Expansion of our Adversary Attack Playbooks: The Food and Ag-ISAC partners with the IT-ISAC to build and update our repository of adversary attack playbooks. Our members have access to these playbooks that track tactics, techniques, procedures, and indicators for nearly 200 threat actors.
Creation of our Predictive Adversary Scoring System: We have developed and made available to members a system that enables them to predict which industries threat actors are most likely to attack. This better enables members to focus on the subset of actors most likely to attack the Food and Agriculture industry.
Launch of the University Partnership Program: The Food and Ag-ISAC University Partnership Program drives improved collaboration between the industry and leading universities on a range of security issues impacting America’s food and ag sector. Our current partners include Iowa State University of Science and Technology, the University of Nebraska, Purdue University and PARI, and Virginia Tech and VT-ARC.
Expanded our Industry Association Partner Program: The Food and Ag-ISAC is committed to driving improved security throughout the industry, not just within Food and Ag-ISAC membership. Our partnership with industry associations is one way we accomplish this. The industry partner program enables us to distribute threat intelligence and effective security practices well beyond our membership. We also participate in webinars and conferences to help raise awareness of the threat environment, helping companies understand and manage risk.
Public Policy Thought Leadership: The Food and Ag-ISAC is uniquely positioned to provide industry expertise to policymakers. Our member representatives protect the technology infrastructure that propels and enables the global just-in-time delivery food supply chain. We give voice to this community of experts, informing policymakers in industry, government, and academia. As one example, the Food and Ag-ISAC submitted comments on regulations announced by the FAR Council that require certain government contractors, including food and ag companies, to report cyber incidents to the government.
Developing and Sharing the First Industry Ransomware Report: In April, we released the industry’s first-ever ransomware report—Farm to Table Ransomware Realties. This report focused exclusively on the food and ag industry and identified 165 ransomware incidents in 2023 impacting the sector – of nearly 3,000 ransomware incidents tracked across the critical infrastructure community.
Releasing our Cybersecurity Guide for Small and Medium-Sized Enterprises: This guide provides 10 low- and no-cost tips for small and medium food and ag companies to improve their security posture. The free resource is available online and has been co-branded with member companies and association partners, and distributed widely throughout the industry.
Establishing Meaningful Engagement with Government: A healthy, respectful, and mutually-beneficial partnership between industry and government is essential if the industry is to confront current security challenges successfully. The Food and Ag-ISAC provides a focal point for industry-government engagement on cybersecurity and resiliency discussions. Our relationships with the United States Department of Agriculture (USDA), the Food and Drug Administration (FDA), The Department of Homeland Security, and the Cybersecurity & Infrastructure Security Agency (CISA) have produced meaningful collaboration on a range of issues. In addition, we have established direct engagement with the Joint Cyber Defense Collaborative (JCDC), the primary entity within the U.S. government for sharing threat intelligence relevant to the industry.
Leading the Industry’s Engagement in Cyber Storm IX: Cyber Storm is a national-level exercise sponsored by CISA to test our collective response to national cyber incidents. In April 2024, the Food and Ag-ISAC participated in the exercise – culminating over a year’s worth of work to recruit players, plan the exercise, and develop scenarios. For the first time in the history of the exercise series, the core Cyber Storm scenario focused on the food and ag industry, providing us with a way to test our policies, procedures, and engagement with members. This also helped policymakers better understand dependencies within the food and ag industry and interdependencies across other critical infrastructure sectors.
Membership in the National Council of ISACs: In December 2023, less than seven months after our formation, the Food and Ag-ISAC became the newest member of the National Council of ISACs (NCI): an organization that consists of ISACs across the critical infrastructure sectors. Acceptance to this peer organization is a significant milestone for the Food and Ag-ISAC, as it demonstrates our operational maturity, indicates that the NCI views the Food and Ag-ISAC to be the forum for threat intelligence sharing for its respective industry, and enables the Food and Ag-ISAC to share and receive threat intelligence across critical infrastructures.
I am immensely proud of our team and our members for what we have accomplished, and I thank each one of our members for their support and engagement throughout our first year and the years to come.
We defend better by defending together!
If you are interested in helping defend the food supply chain as we celebrate our first year and enter our second, please contact us at membership@foodandag-isac.org.
Comentarios