Threat Assessment
Click here to complete our Threat Assessment form. One of our agents will contact you to discuss how our solutions can be applied to your organisation.
FMCG Security Threats
Security Threats
Emerging threats to the UK food & drink supply chain.
Emerging threats to the UK food & drink supply chain.
The FMCG sector has been identified by intelligence agencies, because of its widespread delivery capabilities as being at significant risk of deliberate attack. It is estimated that an attack may occur within the next 18 months.
Premeditated contamination at any point in the supply chain could result in catastrophic consequences both socially and economically. It is imperative to understand the types of threat we face, identify critical control points where an attack may occur and subsequently embed countermeasures to instil formidable layers of security that also act as a deterrent.
The remainder of this page addresses the types of threat we face. For solutions please read our Threat Solutions page.
Skripal changed everything…
It cost the Russians less than £2,000 to mount a mainland attack on the UK. The result was devastating with town centres closed, hospitals quarantined, transport and businesses affected, a £10m clean-up bill and three people seriously ill with one fatality. More importantly, it created palpable fear in the population. Every terrorist group in the world now knows how to disrupt the UK easily, if they have a delivery system. The food and water distribution services provide a simple accessible delivery system, most of which is unguarded. It is a matter of great concern to the intelligence services.
This is not a new threat, but it is a significantly enhanced threat since Skripal, and an attack will occur. This is not to minimise the risks from rogue employees, pressure groups and ideologically motivated individuals, but the solution as far as there is one lies in taking adequate precautions based on comprehensive intelligence.
Threats and Vulnerabilities to the supply chain
As emphasised by the U.K. Centre for the Protection of National Infrastructure (CPNI) and the Counter Terrorism Task Force (CTTF), every country and geographic region is exposed to a wide range of threats.
As emphasised by the U.K. Centre for the Protection of National Infrastructure (CPNI) and the Counter Terrorism Task Force (CTTF), every country and geographic region is exposed to a wide range of threats.
The U.K. CPNI and British Standard Institute (BSI) define food defence as “the security of food and drink and their supply chains from all forms of malicious attack including ideologically motivated attacks leading to contamination or supply failure”.
The potential effects of a terrorist attack on the food supply chain are many, the most significant of which are human disease and death. Terrorist acts are also designed to create fear and anxiety in the population and reduce confidence in the government, which can lead to political instability.
Further detailed reading
The following information uses extracts from multiple reliable and qualified sources. The sources are noted further down this section.
Deliberate food contamination
Analysis of data indicates that the most common reason for the deliberate contamination of food was to disrupt business or tourism and cause economic loss rather than injure people. Thus, a distinction should be made between actions aimed at spreading pathogens in large populations and “symbolic” attacks designed to provoke social anxiety and economic loss. Contaminated food products often spread panic in the population. The mad cow disease and avian flu scares modified consumer behaviour in a very significant manner, creating negative effects on the market and massive losses for producers.
Ezell and von Winterfeldt have noted that estimating the probabilities of an attack on the food supply chain is a hard task, requiring knowledge about the motivation, intent and capabilities of attackers. In addition, these probabilities change with the defensive measures that are implemented. For these reasons, we focus our attention on food supply chain vulnerabilities with the goal of identifying them in order to implement preventive measures.
Biological and chemical agents
To estimate the risk posed by terrorist attacks, and more generally, criminal attacks, we consider the threats posed by the availability of various biological and chemical agents and their potential consequences. This is because any attack on the food supply chain requires the introduction of a dangerous agent. The agent can be added during harvest, storage, processing, preparation, retail or food service
Food imports
Widespread monitoring of contamination is complicated by food imports. Research shows that the types of threat at different stages in the supply chain are essentially the same, although the impact and the ability to detect and neutralise the threats can be very different at varying stages in the process. In fact, the impact of a contaminant is greater when the agent is introduced early in the supply chain.
This complicates and delays the localisation of the contamination, especially when the adverse effects are not immediate. Also, a contaminant that is introduced in an early stage of the food supply chain is difficult to identify and isolate, especially if the problem is discovered after processing and delivery. However, some agents can be detected by quality control testing and neutralised during processing. On the other hand, as reported by Lee, et al., the most probable targets in the supply chain are food vendors, which includes food producers, retailers, restaurants and other food service establishments. This is because, even if the overall impact is limited in terms of the concrete consequences, the attacker would obtain a large “return on investment.”
The likelihood of an attack
Documented research also considers the “likelihood” of an attack. The likelihood takes into account the availability and manageability of the agents, the vulnerability of the specific product supply chain, and the possible effects in terms of causalities, economic loss and psychological impact. Specific consideration was given to:
- Processes in terms of their ability to neutralise agents and product accessibility.
- Company policies regarding employees and visits.
- Security measures adopted.
- Quality control mechanisms implemented (e.g., critical control points (HACCP) and (TACCP)).
The consequences of contamination vary according to the specific step in the supply chain that is targeted. An attack that targets a step closer to the consumer has a greater probability of success but affects fewer people. On the other hand, an attack in the early steps of the supply chain affects many more people, but has to evade many controls and countermeasures to be successful.
Transportation and storage
The transportation and storage steps are, in general, more vulnerable than the manufacturing step. Raw materials are more vulnerable than packaged products, but it is difficult to successfully target raw materials because of strong quality controls. Packaged products are more susceptible to contamination during transportation and storage. The risk is high and the probability of detection is very low – until consumers are affected.
Supply chain safety
The absence of major food contamination events leads us to believe that the food supply chain is relatively safe, but we cannot afford to be complacent. All the entities in the food supply chain should develop security plans for managing the risk. The hazard analysis and critical control points (HACCP) approach is an effective technique as it focuses on proactive (preventive) measures instead of reactive measures, which is prudent in any critical infrastructure sector, together with TACCP.
The aftermath of an attack
It is instructive to note that disruptions caused in previous attacks were not caused by the attack itself, but rather by the government’s response to the attack: closing borders, shutting down air traffic and evacuating buildings throughout the country. The aftermath of previous attacks has brought needed attention to the vulnerability of modern supply chains. Supply chain vulnerability reflects sensitivity of the supply chain to disruption.
The impact of terrorism
David Fairnie, Principal Consultant, Supply Chain Security at BSI said: “The direct impact from acts of terrorism and the indirect effects from terrorist organisations exploitation of the supply chain have been, and will continue to be, critically felt across Europe. Terrorist attacks in major cities and against key transportation nodes in the UK, Belgium, France, Germany and the Netherlands have triggered heightened security levels and emergency border controls across the continent, leading to significant commercial impact on our client’s businesses. BSI witnessed significant spikes in customer support requests, for our supply chain security advisory, resilience and business continuity services, after major terrorist events. I believe Supply Chain Terrorism will continue to significantly impact Europe for decades to come.”
In particular, terrorists increasingly targeted industries generally associated with private or corporate supply chains rather than state-owned supply chain infrastructure. Over three years of data, terrorist attacks against the agriculture and food and beverage sectors more than tripled, attacks on the industrial and manufacturing materials and pharmaceuticals sectors more than doubled, and attacks against the metals industry nearly doubled.
Jim Yarbrough – Global Intelligence Program Manager at BSI concluded: “It is a common misconception that terrorism is strictly a national security issue and that counterterrorism is solely the responsibility of governments. However, analysis clearly shows that commercial interests and private organisations are increasingly threatened, extorted, and directly targeted by terrorist organisations all over the world. Corporations must take notice and prepare their organisations accordingly. We know that industry leaders are implementing stronger supply chain security measures and ensuring that their business partners and international suppliers are fully vetted and armed with the information and knowledge that will protect their business. They understand that these measures can go a long way in maintaining their global operations and business continuity.”
Maintaining safety in the food supply chain
So where are we in the fight to maintain the safety and security of the food supply? Food corporations overall are refining their defences in response to new and evolving regulations, but also in response to increasing pressure from insurance carriers. Guidelines, at best, serve only as a baseline, whereas insurance incentives like rate reductions could immediately cause corporate defences to be bolstered. Food leaders increasingly understand that terrorism, like an unintentional contamination event, can rapidly become a serious brand issue. Food corporations are most likely to experience disruption from intentional contamination because of the actions of a disgruntled employee, but an attack from someone with terroristic motivations remains a possibility.
That kind of attack will be a game changer on many levels. Well-placed, the results could be catastrophic.
Given the difficulty of predicting what an “event” could look like, how is a food corporation to be prepared? A few suggestions to achieve this aim:
- Make preventive actions a priority.
- Design vetting programs for all new employees that include a police background check as a requirement for employment.
- Conduct annual police background checks on all employees, including management personnel.
- Initiate active employee location/time monitoring programs of all employees.
- Prioritise point security in areas where concentrated ingredients or products are located.
- Utilise tamper-evident packaging on products used as ingredients for other food products.
- Develop a tamper-evident packaging protocol, isolating a product until an investigation into the nature of the event is complete.
Sources
Sources will be added here shortly.
Biological Threat
A biological attack, or bioterrorism, is the intentional release of viruses, bacteria, or other germs that can sicken or kill people. Bacillus anthracis, the bacteria that causes anthrax, is one of the most likely agents to be used in a biological attack. A biological attack would include the release of a ‘pathogen’ (disease causing agent) or ‘biotoxin’ (poisonous substance produced by…
Read More
a living organism). An attack against people can be used to cause illness, fear, societal disruption, economic damage, loss of confidence in the supply chain, and possible loss of life.
It is useful here to distinguish between two kinds of biological agents:
- Transmissible agents that spread from person to person.
- Agents that may cause adverse effects in exposed individuals but that do not make those individuals contagious to others.
Food, especially ready-to-eat food (vegetables, salad bars, confectionery, packaged food, etc) could be intentionally contaminated with pathogens or toxins. Water supply is less vulnerable because dilution, filtration, and the addition of chlorine can kill most disease-causing organisms.
Unlike a biochemical attack, a biological attack may go undetected for hours, days, or potentially weeks (depending on the agent used) until people display symptoms of disease and perhaps then too late for product recall.
Anthrax
Anthrax is one of the most likely agents to be used because:
- Anthrax spores are easily found in nature, can be produced in a lab, and can last for a long time in the environment.
- Anthrax makes a good weapon because it can be released quietly and without anyone knowing. The microscopic spores could be put into powders, sprays, food, and water. Because they are so small, you may not be able to see, smell, or taste them.
- Anthrax has been used as a weapon before.
Information Security
Aside from the perpetual physical threats, FMCGs face an increasing number of threats relating to information security. Employees who have access to any part of the technical infrastructure of an organisation, in particular those with the ability to influence the economic status of an organisation, such as those working in finance, should be subject to annual checks on their criminal…
Read More
and financial records. This is a discreet process of ongoing risk assessment that instils a layer of security to protect your interests.
The efficiency of supply chains is dependent upon a range of software and hardware working in tandem, processing vital data between supply chains, manufacturing, inventory, logistics and more.
This dependence on technology opens up new avenues for people who want to disrupt supply chains and obtain sensitive information or money. A primary example is the 2017 cyberattack, dubbed NotPetya, that was especially devastating. It targeted Danish company Maersk, the world’s largest shipping container company. The consequences of this ransomware attack were instant and devastating, bringing down the entire global IT network of a company responsible for close to a fifth of the entire planet’s shipping capacity. Although this attack was implemented by external sources, it is not always external factors that can effect your business – the threat can often come from within.
The increased risks associated to cyber-terrorism is part and parcel of the increased technological adoption across supply chains, and it’s imperative to take action to combat the range of information security threats in addition to the more traditional security measures deployed to combat the physical risks of deliberate food contamination.
Preventing threat from within
Without understanding the location, motive and capability of a terrorist cell it is difficult to predict how and where an attack may occur. But we can implement internal measures to prevent an attack by rigorously checking the personal and social status of employees and agency staff.
Our intelligence-led employee background checks will identify if an individual has links to criminal or terrorist influences. It makes sound business sense to safeguard your organisation using preventative rather than reactive measures.
Link to: FMCG Security Updates
FMCG Security Updates
Keep up-to-date with our latest FMCG Security Updates. Our updates apply only to FMCGs and contain information relative to threat, security and solutions.
Associations
