The FSA’s Guide to protecting and defending food and drink from deliberate attack, details the steps businesses can protect themselves from tampering to their products. It also listed the types of people that might sabotage the supply chain.
While manufacturers generally have effective practices that protect against accidental contamination, hazard analysis critical control point (HACCP) principles have not been routinely used to detect or mitigate deliberate attacks on a system or process.
Damaging business reputation
Such attacks – including deliberate contamination, electronic intrusion, and fraud – have food safety implications but can harm organisations in other ways, such as damaging business reputation or extorting money, said the FSA.
The FSA identified six types of threats that food and drink firms might experience. These were Economically motivated adulteration, malicious contamination, extortion, espionage, counterfeiting and cyber crime (see box below).
The guide explains the threat assessment critical control point (TACCP) process, outlines steps that can deter an attacker or give early detection of an attack, and uses fictitious case studies to show its application.
It places food business managers in the position of an attacker to anticipate their motivation, capability and opportunity to carry out an attack, to help them devise protection.
‘Common factor behind attacks’
“The common factor behind all such deliberate acts is people,” said the FSA. “These people may be within a food business, may be employees of a supplier to the food business, or may be complete outsiders with no connection to the food business.
“The key issue being their motivation, they may aim to cause harm to human health, business reputation, or make financial gains at the expense of the business. In any of these situations it is in the interests of the food business to protect itself from such attacks.”
The full report is available on the FSA’s website.
Meanwhile, nearly two-thirds of consumers blamed producers for food fraud, according to a report from the National Farmers Union (NFU) Mutual Insurance Society published in September, fuelled by high profile cases of food fraud in the media.
Types of attacks on the food supply chain
Economical motivated adulteration: The intentional adulteration of food for financial advantage. Common cases involve undeclared substitution with alternative ingredients, which causes health concerns due to allergen labelling requirements. Recent cases include the 2013 horsemeat scandal.
Malicious contamination: Food and drink that has been tampered with, with the intent to cause physical damage to consumers. Examples include needles found in green beans, or batteries found inside chocolate Santas.
Extortion: Individuals that contaminate, or threaten to contaminate, food and drink products for financial gain.
Espionage: The theft of intellectual property from one company by another for commercial advantage. They may infiltrate directly or use remote IT systems to steal information.
Counterfeiting: Fraudulently passing off inferior goods as reputable and established brands for financial gain. Organised criminals may try to mimic the food contents closely to delay detection and investigation. Petty criminals may be tempted by a ‘quick killing’ and be less concerned in the safety of the food.
Cyber crime: Often associated with distributed denial of service attacks, where internet connected systems are overloaded by a continuous flood of requests from a malicious source. It also includes identity theft, where fraudsters use the stolen identity to order goods to their premises, but leave the cost with the original company.