Australian Meat Supply Chains at Greater Risk of Cyberattack After JBS Takeover of Major Pork Producer

June 24, 2021 Updated: June 24, 2021

A proposal by the world’s largest meat processing company JBS to acquire Australian pork producer Rivalea has sparked concerns that the merger could cripple Australia’s meat supply chain if JBS were subjected to a cyber hack, as it was in May.

The proposal, which needs approval from Australia’s Foreign Investment Review Board and the Australian competition watchdog, would see the Brazil-based JBS become one of the country’s largest pork producers.

Matthew Warren, professor of cybersecurity at the Royal Melbourne Institute of Technology, said a successful acquisition would see a significant portion of Australia’s meat supply chain be reliant on one potential target for hackers.

“It means that a single point of attack would be more attractive for cyber attackers as they would know that one attack would have a greater chance of success; it also increases the likelihood of Ransomware attacks,” he told The Epoch Times.

“All supply chains are potentially vulnerable to cyberattacks, including ransomware,” he added. “Supply chains are defined as being critical infrastructure, and if they are attacked, the system disruption would have a big impact on society, for example, meat shortages across Australia.”

Cattle are driven south during the Great Australian Outback Cattle Drive in Birdsville Track, south Australia, on June 1, 2002. (Tony Lewis/Getty Images)
Cattle in Birdsville Track, South Australia, on June 1, 2002. (Tony Lewis/Getty Images)

JBS is already the largest beef and sheep meat producer in Australia, while its acquisition target Rivalea currently accounts for 26 percent of the country’s pork output.

In late May, a ransomware group targeted JBS’s information technology systems worldwide, effectively shutting down sales and lot feeding operations. Incoming cattle were also unable to be inducted while the system was down.

In Australia, six sites were effectively shut down, including meat processing plants in Queensland, Victoria, New South Wales, and Tasmania. Thousands of workers were stood down as well.

The FBI attributed the attack to Russian-linked hacking group REvil, also known as Sodinokibi.

Days later, JBS had managed to recover its system but still decided to pay the group its $11 million ransom as “insurance” to protect customers.

“This was a very difficult decision to make for our company and for me personally,” Andre Nogueira, CEO of JBS SA’s U.S. division, told the Wall Street Journal.

Warren, however, believes ransoms “should never be paid.”

“There is no guarantee paying the ransom will release the system and could make organisations more vulnerable to future attacks,” he said.

Cyberattacks have become an increasing concern, with governments diverting increased funding to bolster security around the sector.

In May 2020, major logistics firm Toll Group was subject to a month-long ransomware attack by Russian-based hackers.

While in May this year, the Russian-based Nobelium—who was behind the SolarWinds cyberattack—began a new campaign targeting over 150 government agencies, think tanks, and non-government organisations.

U.S. fuel pipeline operator Colonial Pipeline also had to shut its entire network—the source of nearly half the U.S. East Coast’s fuel supply—after a ransomware attack.

Epoch Times Photo
Holding tanks are seen in an aerial photograph at Colonial Pipeline’s Dorsey Junction Station in Woodbine, Md., on May 10, 2021. (Drone Base/Reuters)

Joseph Siracusa, adjunct professor of the history of international diplomacy at Curtin University, said governments were struggling to defend against cyberattacks because of the difficulties of attributing the source of the attacks.

“What we haven’t figured out yet is how to defend against it,” he told The Epoch Times. “You know, we could turn off the lights in downtown Moscow right now or turn off the electric toilets in Beijing if we want to, but then they could do the same thing to us.”

“Will U.S. President Biden hold Russian President Putin accountable for these cyberattacks? And the answer is: He can’t because he can’t prove that Putin had his hand in it,” he added.

“Do you hold the government accountable for the criminal behaviour of its citizens? And the answer is: You’d like to,” he said. “But in the real world, you can’t.”

Warren said businesses needed to step up protection against ransomware attacks, including update systems, backup data regularly, use multi-factor authentication, and implement access controls.

“But many organisations have not undertaken these steps and make themselves vulnerable,” he said.

The Epoch Times has contacted JBS for comment, but the company has not responded in time for publication.