Securing Food Systems with a Defense Mindset with Brian Schleifer

💡 What can the food industry learn from 25+ years of defense cybersecurity experience? In this episode of the Bites and Bytes Podcast, host Kristin Demoranville talks with Brian Schleifer, a cybersecurity expert with a career spanning the U.S. Air Force, Department of Defense systems, and advanced cyber-physical risk management.  Together, they unpack how the principles of defense cybersecurity, from risk modeling to system resilience, can help protect the food and agriculture sector, one of the most vulnerable critical infrastructures. This episode explores: ✅  What precision agriculture and defense systems have in common ✅  Why autonomous tractors and food processing systems are prime targets ✅  The reality of protecting proprietary food data and recipes ✅  Cyber-physical risks in modern farming and food production Whether you work in OT, IT, food safety, risk management, or supply chain, this episode is packed with real talk and relatable analogies (plus homemade tortillas and schnitzel get shoutouts).  Tune in to hear why safety and security must go hand in hand — and what it really means to secure the systems that feed the world. ⚠️Disclaimer: The views expressed by Brian Schleifer are his own and do not represent the Department of Defense, his employer, or any government entity. _______________________________________________ 🎙️ Guest Information: Brian Schleifer, MBA LinkedIn: https://www.linkedin.com/in/brian-schleifer/ People Add Value Experience (P.A.V.E.) Podcast: Hosted by Brian, the People Add Value Experience (P.A.V.E.) podcast explores how individuals contribute to adding value across various aspects of life. Topics include fostering and adoption, professional development, and small business insights.​ Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/people-add-value-experience/id1691150774 Watch on YouTube: https://www.youtube.com/@P.A.V.E. _______________________________________________ 🎯 Episode Key Highlights 00:17:00)  – Caterpillar as a Cybersecurity Model for Ag & Food Systems (00:19:50) – The Solar Flare That Took Out GPS on Tractors (00:24:50) – Is Food Data Secret? Yes — Here’s Why It Matters (00:14:41) – What Food & Ag Can Learn from the Defense Sector (00:21:01) – What a Strategic Attack on Food Infrastructure Might Look Like (00:29:43) – Leadership Failure & Lessons from the Peanut Corporation Disaster (00:37:54) – Why Food Cybersecurity Must Be Treated Like Safety (00:38:04) – Cyber PHAs: Planning for the “What Ifs” in Food Systems (00:45:20) – The Case for Sector-Specific Cyber Frameworks (00:52:00) – When Donuts Got Hacked: The Krispy Kreme Incident (00:52:21) – McDonald’s Onions & Public Awareness of Food Supply Risk (00:53:00) – Ukraine’s War Rippled Through the Wheat Market (00:54:30) – Fiber-Optic Drones and the Future of Cyber-Physical Warfare (00:56:10) – Meet Brian’s Podcast: People Add Value Experience (P.A.V.E.) _______________________________________________ Show Notes: 📚 Books & Documentaries Mentioned: Salt Sugar Fat by Michael Moss – A behind-the-scenes look at how processed food is engineered for maximum appeal — mentioned in Brian’s discussion about food memory and food science. https://a.co/d/byO516w The Power of Habit by Charles Duhigg – Referenced during the conversation on safety culture, behavioral change, and leadership accountability. https://a.co/d/9YwlmM6 Mindset by Dr. Carol Dweck – brought up in the context of continuous learning and a growth mindset in cybersecurity and industry adaptation. https://a.co/d/9aherBX Poisoned (Netflix documentary featuring Dr. Darren Dettweiler) – Recommended by Kristin as a must-watch on food safety failures, systemic vulnerabilities, and public health. https://www.netflix.com/title/81460481 Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg – Brian mentioned the NotPetya cyberattack and its impact on global shipping and food supply chains. https://a.co/d/eWmJH8Y 🧠 Key Terms & Concepts: Risk Management Framework (RMF) – NIST SP 800-37 Referenced in Brian’s experience assessing and implementing cybersecurity controls in defense systems. STPA-SEC – System-Theoretic Process Analysis for Security (MIT) A systems thinking approach to security based on safety analysis is used by Brian in his academic and professional work. CMMC – Cybersecurity Maturity Model Certification Brought up during the discussion on compliance and upcoming requirements for government contractors and vendors. Cyber-Physical Systems Overview – NIST Used to frame how digital systems interact with the physical world — particularly in agriculture, food processing, and defense. IEC 62443 – Industrial Cybersecurity Standard A referenced framework used across OT/ICS environments to manage and mitigate industrial cybersecurity risk. NIST SP 800-171 Cited when talking about supply chain risk, CMMC alignment, and government-facing compliance. Cyber PHA – Process Hazard Analysis for Cybersecurity Kristin mentioned it as a structured, scenario-based approach to evaluating cyber and safety risks together. OSHA – Occupational Safety and Health Administration Discussed in comparison to cybersecurity maturity. Brian questioned when formal safety began in industry and compared that moment in history to where cybersecurity is now — on the cusp of needing the same level of attention and resource allocation. Glenda Snodgrass – Cybersecurity Training & Talks Brian mentioned seeing her speak and appreciated how she used real examples—both good and bad—of how to answer security controls effectively. ⚠️ Real-World Incidents & Case Studies: Peanut Corporation of America – CDC Overview – Discussed as a case where lack of oversight and bad leadership led to a deadly food safety crisis. Boar’s Head recall and plant shutdown – USDA FSIS – Cited as an example of how safety and cybersecurity intersect and impact real communities. JBS ransomware attack – BBC – Used to illustrate food supply chain vulnerabilities to cyber incidents. Caterpillar vulnerability disclosure – Referenced in Brian’s praise of Caterpillar’s proactive cybersecurity maturity. John Deere Right to Repair agreement – BBC – Discussed as a milestone in agricultural autonomy and cybersecurity implications for farmers. Solar Flare & GPS Disruption in Precision Ag – NASA Overview – Referenced by Kristin when discussing how non-cyber events (like solar flares) affect precision farming and GPS reliance. Krispy Kreme Hack Kristin mentioned this as a food-related cyber incident that gained attention. The event highlighted third-party risk in the food sector and how public perception shapes urgency. McDonald’s E. coli Outbreak (2024) – CDC Overview Kristin mentioned this outbreak was tied to slivered onions on McDonald’s Quarter Pounders. It resulted in over 100 illnesses and one death, highlighting the risk of contamination in fast food supply chains and the importance of upstream safety controls. NotPetya Cyberattack – Wired Brian referenced this attack when discussing the global ripple effects of cyber incidents. NotPetya began as a targeted attack on Ukraine but quickly spread, shutting down shipping giant Maersk and affecting food and seafood shipments worldwide. NotPetya & Maersk Supply Chain Impact – Control Engineering An in-depth look at how NotPetya disrupted global logistics, causing massive economic losses and underscoring the vulnerability of supply chains that include critical goods like food. Cyberattacks on Ukraine’s Power Grid - Reuters Instances where cyber warfare targeted critical infrastructure, leading to significant blackouts and highlighting the vulnerabilities in national energy systems, are discussed. Impact on Ukraine’s Food Supply – EU Council Mentioned how the conflict has disrupted agricultural production and exports, exacerbating global food security concerns. Deployment of Fiber-Optic-Controlled Drones in the Ukraine Conflict – RFE/RL Mentioned in the context of technological advancements in warfare, drones controlled via fiber optics are utilized to evade electronic jamming. Disruption of the Global Wheat Market Due to the Ukraine Conflict – ScienceDirect Discussed as a significant consequence of the war, where the invasion led to a surge in wheat prices, exacerbating global food insecurity, especially in import-dependent countries 🏛️ Organizations & Events: Purdue University – Brian is completing his PhD on embedded system cybersecurity, bridging multiple critical sectors. Industrial Control Systems (ICS) Cybersecurity Conference – The event where Kristin and Brian first connected; focused on OT, ICS, and critical infrastructure cybersecurity. _______________________________________________ 💡 Animal Agriculture Alliance’s 2025 Stakeholders Summit If you enjoyed our episode on agroterrorism and cyber threats to farms, featuring the Animal Agriculture Alliance, here’s another opportunity to explore critical conversations about our food system.  And if you haven’t listened yet, check it out here: 🎙 Episode Link: Agroterrorism & Cyber Threats – How Farms Are Under Attack 📢 Listen on Apple Podcasts | Spotify The 2025 Stakeholders Summit, happening April 30 – May 2 in Arlington, VA, will bring together industry leaders from farms, food processing, retail, and more to discuss sustainability and the future of animal agriculture.  This year’s theme, “Food for Thought: Dishing on Sustainability,” focuses on collaboration and innovation to shape the future of food production. Reserve your seat at the table—register by April 25! 🔗 Learn more and register: 2025 Stakeholders Summit 🔗 About the Animal Agriculture Alliance: AnimalAgAlliance.org _______________________________________________ 🎤 Bites and Bytes Podcast Info: Website: Explore all our episodes, articles, and more on our official Website.  Visit Now Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry.  Read Our Blog Audience Survey: We value your feedback!  Help us make the podcast even better.  Take the Survey Schedule a Call with Kristin: Want to share your thoughts?  Schedule a meeting with Kristin!  Schedule Now Socials:  TikTok; Instagram; LinkedIn

There are no comments yet.

Please log in to write the first comment.