Welcome, members of the IDFA’s Dairy Technology and Innovation Network

Through IDFA’s Dairy Technology & Innovation Network (DTIN), we’re hoping to move the industry forward by building knowledge, heightening awareness, and offering our members the tools and resources to strengthen their critical infrastructure through technology, grow their business through innovation and embrace disruption as consumer needs change.
Our goal with DTIN is to create a home where Dairy Technology leaders can connect with each other, share best practices, tools and solutions with each other, along with gaining access to outside resources who can provide insights and technical assistance. With that in mind, we’d like to hear from YOU, better understand your specific needs and make sure that the DTIN is responsive to them.
Below you will find links to our community resources, member information, and other documents. Please contact with any questions pertaining to the resources made available.
Alerts
From the Food and Ag-ISAC:
In light of the current geopolitical climate between the U.S. and Iran, the Food and Ag-ISAC urges its members and partners to prepare for a potential increase in cyber threats coming from the region. While it is not a certainty that Iran will launch cyberattacks as part of its response, it has done so in the past during similar times of conflict.
The line between hacktivists and state-sponsored threat actors can be blurry, and Iran is a formidable adversary, hosting several prominent threat actors. Iran’s geopolitical objectives range from disruptive and destructive attacks, cyber espionage, and financially motivated cyberattacks in collaboration with ransomware actors.
The Food and Ag-ISAC maintains a library of Adversary Attack Playbooks on multiple Iranian threat actors, outlining tactics, techniques, and procedures (TTPs) and indicators of
compromise (IoCs) for each. Among the more proficient state-sponsored threat groups are:
- Charming Kitten (APT35, Phosphorous) is a sophisticated adversary known for extensive spear-phishing campaigns against US political entities, military, and commercial facilities. The group also carries out cyber espionage to assist Iran in its geopolitical goals.
- APT33 (Elfin) is known for impactful attacks on other US and Western critical infrastructure, typically in the energy and aviation sectors. APT33 uses spearphishing with malicious attachments and leverages password spraying to target accounts with weak authentication. They have been known to leverage zero-day vulnerabilities in several different IT products.
- MuddyWater (APT37, Seedworm) targets a broad range of sectors, including government, defense, energy, telecommunications, and finance, primarily in the Middle East, Asia, Africa, Europe, and North America. They develop custom malware to assist in their operations, and typically leverage publicly known vulnerabilities and open-source tools to gain initial access and maintain persistence.
- OilRig (APT34) specializes in cyber espionage and intelligence gathering. While the threat actor has historically targeted critical infrastructure in the Middle East, their operations have extended to other regions, including the U.S. The group leverages spearphishing attacks, including LinkedIn phishing, to gain initial access and develops custom malware and exploits publicly known vulnerabilities. Notably, OilRig is known for leveraging compromised organizations to launch supply chain attacks against its primary targets.
- Pioneer Kitten (Fox Kitten, UNC757) is an Iranian group assessed to be linked to the Iranian government and known for targeting U.S. critical infrastructure across sectors like defense, education, finance, and healthcare. They are particularly notable for their focus on network infrastructure, exploiting VPN vulnerabilities (particularly in Pulse Secure, Citrix, and F5 devices) to establish persistent footholds. They have also been documented collaborating with ransomware affiliates and selling network access to other threat actors, making them a unique hybrid of espionage and financially motivated activity.
Many Iranian hacktivists groups are believed to have direct or indirect ties to the Islamic Revolutionary Guard Corps (IRGC) or other government entities. Iranian hacktivists are increasingly sophisticated and often overlap strategically with the goals of state-sponsored objectives. They leverage a variety of tactics, including the exploitation of vulnerable systems, targeted spearphishing, and data collection. They are also known to compromise OT environments and carry out disruptive and destructive attacks against networks.
For example, Cyber Av3engers (Sandcat / IRGC-affiliated actors) have emerged as a significant threat to industrial control systems and operational technology environments. It tends to focus on ICS/SCADA-facing devices exposed to the internet, often exploiting default credentials and known vulnerabilities in industrial equipment. In addition, Pioneer Kitten has been implicated in attacks against the healthcare sector and in targeting the U.S. satellite and defense industry.
Iranian hacktivists have historically targeted the U.S. as a result of geopolitical conflicts. These attacks are seen across industries in the U.S., Israel, and other Western nations. Past performance is not always an indicator of future behavior, and we have not yet seen signs of increased targeting by Iranian actors; however, organizations are encouraged to review their security posture and ensure they are prepared for potential attacks by Iranian-sponsored and aligned actors.
Previous adversaries and statements published by the Food and Ag-ISAC during last summer’s Middle East conflict can be found here (June 13, 2025), here (June 23, 2025), and here (July 10, 2025).
From the Food and Ag-ISAC:
Please find below a situational report on the United Natural Foods (UNFI) Cyber Attack.
Sources:
- https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/
- https://www.businessinsider.com/food-distributor-unfi-outage-hits-grocery-chains-whole-foods-2025-6 (PAID)
- https://www.reddit.com/r/wholefoods/comments/1l67fb8/unfi_update/
- (8-K Filling) – https://www.streetinsider.com/SEC+Filings/Form+8-K+UNITED+NATURAL+FOODS+For%3A+Jun+05/24912411.html#:~:text=CURRENT%20REPORT,reported)%3A%20June%205%2C%202025
Summary:
United Natural Foods (UNFI), is North America’s largest publicly traded wholesale distributor of natural and organic foods. On June 5th, the company disclosed that they were dealing with a cyber incident that required the company to proactively take some systems offline. While details of the cyber incident have not been publicly disclosed, the impact of the cyber incident has caused a temporary disruption of UNFI’s business operations and ability to fulfill and distribute customer orders.
UNFI operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada
These locations include:
- Supermarket chains
- E-commerce providers
- Natural product superstores
- Independent retailers
- Food service customers
The disruption means that grocery stores and other clients relying on UNFI for their inventory experienced delays or inability to place orders, potentially leading to:
- Empty shelves for specific products, especially natural and organic items.
- Loss of sales for retailers.
- Logistical challenges as retailers scramble to find alternative supply sources.
- Impact on smaller, independent grocers who may be more reliant on UNFI’s specialized product offerings.
Some reports have claimed UNFI’s warehouse systems were down, preventing order selectors, loaders, and drivers from carrying out their typical operations with their normal technology solutions. It has been reported that the company may be processing orders manually with paper records while they work to restore critical systems.
Reports from Reddit users, including those working for Whole Foods (a major UNFI client), indicated that orders were being based on top-selling items rather than actual stock needs, and some independent grocers were unable to place orders, expecting significant sales impact. Some internal communications indicated systems could be down for the entire week.
Response and Recovery Efforts:
In response to the cyberattack, UNFI has:
- Activated its incident response plan.
- Implemented containment measures by taking affected systems offline.
- Notified relevant law enforcement authorities.
- Hired external cybersecurity experts to assist with the investigation and remediation.
- Implemented workarounds to continue servicing customers where possible and maintain business continuity.
- They are actively working to assess, mitigate, and remediate the incident and restore systems.
As of the latest reports, UNFI has not disclosed any details about a potential data breach resulting from this cyberattack. The focus of their public statements has been on operational disruption rather than data compromise.
If you have any questions, please contact Jonathan Braley, [email protected], or Kaitlyn Palatucci, [email protected], at the Food & Ag ISAC.
From the Food and Ag-ISAC:
For those of you following the Blue Yonder attack. New research was released on several zero-day vulnerabilities possibly exploited by the Termite Ransomware group.
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://vulnera.com/newswire/termite-ransomware-group-suspected-behind-zero-day-exploits-in-cleo-software/
The ransomware group known as ‘Termite’ is believed to be responsible for a string of attacks exploiting a zero-day vulnerability in Cleo’s LexiCom, VLTransfer, and Harmony file transfer software. The group recently claimed credit for a similar attack on supply chain vendor Blue Yonder, affecting several organizations, including Starbucks.
Cleo is in the process of developing a patch for the flaw, but no fix is currently available. This makes the vulnerability a zero-day that is actively being exploited. The attacks are reported to have started on December 3, and have affected at least 10 victims across multiple industries, including consumer products, trucking and shipping, and the food industry.
Cleo software is used by more than 4,200 customers from various industries such as logistics and transportation, manufacturing, and wholesale distribution. Some recognizable clients include Brother, New Balance, Duraflame, TaylorMade, Barilla America, and Mohawk Global.
The vulnerability that Termite is exploiting has been identified as CVE-2024-50623, an unauthenticated remote code execution (RCE) flaw in versions of Cleo Harmony, VLTrader, and LexiCom prior to 5.8.0.21. Cleo disclosed the vulnerability in October and advised customers to immediately upgrade affected products to the fixed version 5.8.0.21. However, the patch seems to have been insufficient, as all previously affected versions of Cleo software, including the patched 5.8.0.21, remain vulnerable to the same CVE, according to Huntress.
From CISA, NSA and FBI:
FOR WIDE DISSEMINATION
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign. The authoring agencies are releasing a guide to highlight this threat and provide network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.
From USDA OHS NSD and CISA:
FOR WIDE DISSEMINATION
Update 9:45 a.m., EDT, July 21, 2024:
- Microsoft released a recovery tool that uses a USB drive to boot and repair affected systems.
- Microsoft also published a blog post that provides links to various remediation solutions and outlines their actions in response to the outage, which include working with CrowdStrike to expedite restoring services to disrupted systems.
- In the blog post, Microsoft estimates the outage affected 8.5 million Windows devices. Microsoft notes that this number makes up less than one percent of all Windows machines.
Update 12:30 p.m., EDT, July 20, 2024: `1234568
- CrowdStrike continues to provide updated guidance on yesterday’s widespread IT outage, including remediation steps for specific environments.
- CrowdStrike released technical details that provide:
- A technical summary of the outage and the impact.
- Information on how the update to the CrowdStrike Falcon sensor configuration file, Channel File 291, caused the logic error that led to the outage.
- A discussion of the root cause analysis CrowdStrike is undertaking to determine how the logic error occurred.
- Cyber threat actors continue to leverage the outage to conduct malicious activity, including phishing attempts. CISA continues to work closely with CrowdStrike and other private sector and government partners to actively monitor any emerging malicious activity.
- According to a new CrowdStrike blog, threat actors have been distributing a malicious ZIP archive file. This activity appears to be targeting Latin America-based CrowdStrike customers. The blog provides indicators of compromise and recommendations.
Update 7:30 p.m., EDT, July 19, 2024:
- The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS.
- For additional information:
- Threat actors continue to use the widespread IT outage for phishing and other malicious activity. CISA urges organizations to ensure they have robust cybersecurity measures to protect their users, assets, and data against this activity.
CISA continues to monitor the situation and will update this Alert to provide continued support.
Initial Alert (11:30 a.m., EDT, July 19, 2024):
CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with CrowdStrike and federal, state, local, tribal and territorial (SLTT) partners, as well as critical infrastructure and international partners to assess impacts and support remediation efforts. CrowdStrike has confirmed the outage:
- Impacts Windows 10 and later systems.
- Does not impact Mac and Linux hosts.
- Is due to the CrowdStrike Falcon content update and not to malicious cyber activity.
According to CrowdStrike, the issue has been identified, isolated and a fix has been deployed. CrowdStrike customer organizations should reference CrowdStrike guidance and their customer portal to resolve the issue.
Of note, CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.
Our partners at the Food & Ag ISAC also released the attached information.
05/01/2024 – Pro-Russian Hacktivists Targeting HMI Vulnerabilities in OT Networks
TLP: CLEAR
via the Food and Ag-ISAC
Summary:
Threat actors continue to target operational technology as a means to disrupt critical infrastructure networks, or to deliver malware as a just-in-case measure for increasing global conflicts. Earlier this year we reported on IRGC-Affiliated Cyber Actors targeting Israeli produced programmable logic controllers (PLCs) to disrupt the water sector. We also highlighted reports of Chinese (PRC) state-Sponsored actors compromising and maintaining persistent access to U.S. critical infrastructure with strategic and destructive malware.
Research is showing that threat actors continue to target critical infrastructure organizations by exploiting vulnerabilities in operational technology networks and industrial control systems. This advisory highlights pro-Russian hacktivists attacks against human machine interface (HMI) devices to breach and impact organizations in U.S. and European Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors.
Operational technology is commonly used across the food and agriculture sector, and organizations are encouraged to implement best practices to defend these systems from foreign adversaries. We have joined this alert to raise awareness of these types of attacks and to share best practices to prevent them. Food and agriculture companies who see such incidents are encouraged to share this with us so that we can help identify trends and engage with members and partners to help reduce risk across the sector. Impacted organizations can report findings directly to the Food and Ag-ISAC by sending an email to [email protected].
Mitigation:
The alert highlighted several best practices organizations can use to defend against attacks against HMI devices:
Harden HMIs
- Disconnect all HMIs, such as the touchscreens used to monitor or make changes to the system, or programmable logic controllers (PLCs), from the public-facing internet. If remote access is necessary, implement a firewall and/or virtual private network (VPN) with a strong password and multifactor authentication to control device access.
- Immediately change all default and weak passwords on HMIs and use a strong, unique password. Ensure the factory default password is not in use. Open the remote settings panel to confirm the old password is no longer shown.
- Keep VNC updated with the latest version available and ensure all systems and software are up to date with patches and necessary security updates.
- Establish an allowlist that permits only authorized device IP addresses. The allowlist can be refined to specific times of the day to further obstruct malicious threat actor activity; organizations are encouraged to establish alerting for monitoring access attempts.
- Note: An allowlist is not a complete security solution by itself, but may increase the level of effort necessary for a threat actor to compromise a device.
Strengthen Security Posture
- Implement multifactor authentication for all access to the OT network.
- Log remote logins to HMIs, taking note of any failed attempts and unusual times.
- Practice and maintain the ability to operate systems manually.
- Create backups of the engineering logic, configurations, and firmware of HMIs to enable fast recovery. Familiarize your organization with factory resets and backup deployment.
- Check the integrity of PLC ladder logic (LAD) or other PLC programming languages and diagrams to ensure they operate, especially if an intrusion has been identified.
- Update and safeguard network diagrams to reflect both the IT and OT networks. Operators should apply the principles of least privilege and need to know for individuals’ access to network diagrams. Maintain awareness of internal and external solicitation efforts (both malicious and benign) to obtain network architectures and restrict mapping to trusted personnel. Consider using encryption, authentication, and authorization techniques to secure your network diagram files, and implement access control and audit logs to monitor and restrict who can view or modify your network diagrams.
- Be aware of cyber/physical-enabled threats. Adversaries may attempt to obtain network credentials by various physical means, including official visits, tradeshow and conference conversations, and through social media platforms.
- Take inventory and determine the end of life status of all HMIs. Replace end of life HMIs as soon as feasible.
- Implement software and hardware limits to the manipulation of physical processes, limiting the impact of a successful compromise.
Resources
Food & Ag ISAC
The Food and Ag-ISAC provides threat intelligence, analysis and effective security practices that help food and agriculture companies detect attacks, respond to incidents and share indicators so they can better protect themselves and manage risks to their companies and the sector.
The Food and Ag-ISAC is part of the IT-ISAC. Founded in 2000, the Information Technology-Information Sharing and Analysis Center (IT-ISAC) is a non-profit organization that augments member companies’ internal capabilities by providing them access to curated cyber threat analysis, an intelligence management platform, and a trusted forum to engage with senior analysts from peer companies.
The ISAC produces a weekly report with current news, intelligence, vulnerabilities & updates and ransomware events. That report is shared with DTIN members every Wednesday.
You can find more information on them at www.foodandag-isac.org .
As part of IDFA’s partnership with the Food & Ag ISAC, we are making a resource available to the dairy industry: Food and Ag Cybersecurity: A Guide for Small & Medium Enterprises. The guide details cost-effective steps that small and medium-sized companies can take to help protect themselves. No company, no matter the size, is immune from cyber risk. Implementing these practices will not guarantee protection from a breach, but they can help to reduce the likelihood of being breached. These practices will also increase your ability to respond effectively and successfully should an attack or breach occur.
SEC Rule on Cybersecurity Incident Disclosure
On July 26, 2023 the SEC (Securities and Exchange Commission) released its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. The rules require registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The final rules are effective September 5, 2023, with incident disclosure requirements beginning on December 18, 2023 and all registrants must provide disclosures beginning with annual reports for fiscal years ending on or after December 15, 2023.
SEC’s Announcement of Final Rule
Fact Sheet on Final Rule
Final Rule
Cybersecurity and Infrastructure Security Agency (CISA)
CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.
CISA also strongly recommends organizations take the following foundational measures:
- Fix known security flaws in software.
- Implement multifactor authentication.
- Take steps to halt bad practices, including the use of end-of-life software products and systems that rely on known/default/unchangeable passwords.
- Sign up for CISA’s Cyber Hygiene Vulnerability Scanning service.
- Get your Stuff Off Search (S.O.S.).
- Review their Shields Up webpage to find recommended actions on protecting their most critical assets.
CISA Multi-Factor Authentication (MFA) Fact Sheet
CISA Traffic Light Protocol (TLP) Definitions and Usage
Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Proposed Reporting Rule
In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enactment of CIRCIA requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. The federal register published CISA’s Notice of Proposed Rulemaking for a 90-day open comment period that runs from April 4 to July 3. This marks a major step in bolstering America’s cybersecurity.
Federal Bureau of Investigation (FBI)
Business email compromise (BEC) is a type of cybercrime where the scammer uses email to trick someone into sending money, divulging confidential company info or install malware. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. BEC scams are on the rise due to increased remote work. As part of its Internet Crime Complaint Center (IC3), the FBI provides a website with information on Business email Compromise and how to report it.
National Institute of Standards and Technology (NIST)
Cybersecurity Framework
Digital Identity Guidelines
White House National Policy Framework for Artificial Intelligence
In March 2026, the White House released its legislative recommendations in a National Policy Framework for Artificial Intelligence, outlining areas of federal AI regulation for Congress to focus on. The Framework is organized into 7 areas:
- Protecting Children and Empowering Parents
- Safeguarding and Strengthening American Communities
- Respecting Intellectual Property Rights and Supporting Creators
- Preventing Censorship and Protecting Free Speech
- Enabling Innovation and Ensuring American AI Dominance
- Educating Americans and Developing an AI-Ready Workforce
- Establishing a Federal Policy Framework, Preempting Cumbersome State AI Laws
Discussion List
As part of the network you have access to a discussion platform/email list that the community can use to reach out and ask questions, discuss issues, suggest articles, etc. Just send an email to staff here at IDFA (Rob Carpenter, [email protected] , Tom Wojno, [email protected] ) and we will be happy to send it out to the group. The email will be sent to [email protected] and it will be distributed to everyone in the community. (please be sure to whitelist emails sent to the email list and emails coming from idfa.org so they don’t end up in your spam folders) IDFA staff moderate the submissions to avoid spam senders, sales emails, and any antitrust issues. If you wish to send a question to the group, but would like to remain anonymous, simply let us know and we will be happy to send it out to the group in an anonymous manner.
Meetings
We are looking to engage the group on topics for future webinars and discussions. To that end, please reach out to Rob Carpenter to raise any topics you may want covered or suggested speaker recommendations. One discussion we are looking to have includes updating the group on current projects in each of your teams respective workflow. If you’d like to volunteer to walk us through some of your upcoming workflow projects, please let us know.
We invite you to share what projects you are working on and any questions or assistance that you might like to get from the group. If there are topics that you would like discussed and would like to share them with the group beforehand. Just send them to Rob ([email protected]) and we will get them distributed.
Zoom Information for March 26th:
IDFA’s Dairy Technology and Innovation Network
Mar 26, 2026 02:00 PM Eastern Time (US and Canada)
Meeting URL: https://us06web.zoom.us/j/88371895309?pwd=8qIQuW7IeCY0axaAp2xRxaJU64ny3G.1
Meeting ID: 883 7189 5309
Passcode: 906081
Join by Telephone:
+1 646 931 3860 US
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 346 248 7799 US (Houston)
+1 720 707 2699 US (Denver)
+1 253 215 8782 US (Tacoma)
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The meeting began with Rob welcoming participants and giving a description of the IDFA Dairy Technology Innovation Network (DTIN), which encourages participants to share projects, topics, and concerns, with discussions facilitated by attendees rather than a set agenda or speakers.
The group started a discussion focused on the how several members of the group are in the process of working to centralize cybersecurity policies across plants, warehouses, and corporate facilities. Several mentioned the security challenges related to having the IT at the different facilities managed by different people and firms.
The participants discussed ERP system upgrades, with one evaluating a migration from Navision 2015 to Business Central, working with RSM as a potential vendor. Another shared that his organization is also re-evaluating their 16-year-old ERP platform, though they are considering Infor rather than Business Central. Rob noted that several IDFA members have mentioned ERP upgrade projects recently, suggesting this may be a common trend due to economic instability and the desire to improve system efficiency. One member evaluated Infor, NetSuite, and Business Central before selecting Microsoft Dynamics, primarily due to team familiarity with the system. The question was raised about whether traditional ERPs like Dynamics and SAP might be approaching obsolescence, noting that best-of-breed solutions with AI capabilities might become more popular.
There was a brief discussion on ongoing server and hardware upgrades, with one member of the group sharing that Dell’s pricing for a production server stack increased by $8,000 due to memory scarcity, with expected 10% monthly price increases throughout the year. They also discussed supply chain issues affecting memory and hard drive availability, with Western Digital reporting 24-month allocation for hard drives.
Members of the group shared insights on AI and machine learning consulting firms, with one seeking recommendations for assessing his company’s readiness. One member shared a successful project using a WhatsApp-based AI chatbot for farm staff communication. The conversation ended with one member mentioning their progress with Ignition for OEE tracking and anther discussing their organization’s use of Fix for maintenance and Ignition for silo levels.
Tom from ABB shared an industrial AI analytics software report titled “Green Quadrant: Industrial AI Analytics Software (2025)”.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The meeting began with Rob welcoming participants and giving a description of the IDFA Dairy Technology Innovation Network (DTIN), which encourages participants to share projects, topics, and concerns, with discussions facilitated by attendees rather than a set agenda or speakers.
Rob asked the group about the recent Verizon outage, inquiring about its impact on attendees and their business operations. The group indicated that there was no major impact to the outage for various reasons from not using Verizon, to not being able to rely on cell connectivity due to rural location, to only using cell service for backup connectivity and since there was no primary loss of service there was no need to impact on service. Some indicated that they should conduct a review of their backup connectivity solutions to confirm how the systems are functioning. Rob inquired about the systems they used for fleet management and monitoring, and the group indicated that while a cell outage in their systems would eliminate live monitoring and communications, routes are downloaded to truck/delivery systems prior to departure and any logging and delivery information would be uploaded on their return.
Some members of the group did indicate that some of their operations are being monitored by third party vendors, and they use cell networks to directly connect, but they were unsure if there was any impact and what the ramification for those vendors would be.
A couple of the participants are exploring solutions like Starlink for backup connectivity, but there are concerns with the speed and upfront costs making it prohibitively expensive.
Rob inquired about password managers, both for internal systems and end-user recommendations. The group discussed password management solutions, with one recommending Team Password Manager for IT teams and KeePass for individual users. Several recommend Bitwarden and PasswordState as alternatives. Overall, the group recommended using systems that can be installed on premise for IT Team password management.
Members of the group shared their organizations’ IT modernization efforts, with several having plans to move away from VMware to Hyper-V due to cost concerns. A couple are looking Micorsoft Business Central as an ERP upgrade. Participants are continuing work to move from file servers to Sharepoint.
One participant was excited about their companies partnering with Google to use Gemini AI to evaluate the custom code present in their ERP system to evaluate the purpose of that code in planning for a more effective ERP upgrade solution and simplification.
The group discussed AI implementation in business processes, sharing their experience using Microsoft 365 Copilot for training and automation. One participant mentioned the use Zscaler’s new features and AI governance tools to help with monitoring AI usage.
Finally, they briefly touched on the upcoming Dairy Forum conference, with about 20 group members registered to attend.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The meeting began with Rob welcoming everyone and explained the purpose of the Dairy Technology Innovation Network, which focuses on IT and technology-related issues in the dairy industry.
The group discussed warehouse management systems, with a participant stating that they use SAP with customizations and an LGV system integrated to their SAP platform, having switched from a smaller point solution about 9-10 years ago for strategic reasons. Another member inquired about other warehouse management solutions, revealing they use J.D. Edwards for ERP and are exploring Oracle and Next World options, primarily focusing on inventory tracking software rather than automation hardware.
The group then discussed security challenges and solutions for business travel to China, Russia, and other concerning countries. An attendee explained their current approach of providing loaner devices and separate email/VPN access but noted issues with accessing contacts and documents. Someone mentioned the FBI advised using Faraday bags for stopovers, though concerns remain about device confiscation in China. A participant suggested leaving devices in storage during travel, while another recommended exploring AWS workspace as a secure virtual desktop solution. Another attendee advised against Russian travel and suggested using burner devices in China, which another confirmed is their current practice. The group discussed other challenges with international data security, particularly regarding China’s requirements for accessing encrypted devices and data.
The group explored the possibility of implementing a forum system to improve group communications between meetings, with most members preferring Teams integration over other platforms.
The team discussed Dairy Tech’s future format, with consensus that keeping it in-person was preferable to virtual attendance, though they discussed potential connections to other events like Dairy Forum.
The conversation ended with an update that the group will not have a meeting in December due to holiday scheduling conflicts.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The Dairy Technology and Innovation Network (DTIN) meeting began with Rob welcoming attendees and introducing the network’s purpose of sharing best practices and addressing industry issues monthly. He explained that summaries of the calls are distributed to all DTIN members and that the AI features of the platform are used for notetaking. Jonathan Braley from the Food and Ag ISAC was introduced as a partner providing cybersecurity and threat intelligence to DTIN members, and John was invited to present on current cybersecurity threats.
The Food and Ag ISAC has shared their slides with the group.
John Braley, director of the Food and Ag ISAC, presented an overview of ransomware threats in the food and agriculture sector. He highlighted that ransomware groups accounted for 53% of adversaries targeting the sector, emphasizing the opportunistic nature of these attacks. Braley discussed the challenges of defending against ransomware, including the rise of double extortion tactics and the potential theft of sensitive intellectual property. He also touched on the ISAC’s efforts to collaborate with various stakeholders, including CISA, FBI, USDA, trade associations, and academia, to enhance threat intelligence and information sharing in the sector.
Jonathan explained that the data on attacks represents companies listed on data leak websites, likely indicating successful breaches. He noted that the actual number of attacks is likely higher, as many incidents go unreported. Jonathan discussed the increasing trend of ransomware attacks across sectors, with a significant spike in January and February 2024, partially attributed to the Clop ransomware group’s activities. He also highlighted the importance of zero-day vulnerabilities in these attacks and the need for better defense strategies against frequent attackers like Akira and Qilin.
Jonathan explained the nature of zero-day vulnerabilities and their exploitation by threat actors, emphasizing the difficulty in preventing attacks when vulnerabilities are unknown. He highlighted the sophistication of groups like Clop and their ability to scan for and exploit vulnerabilities quickly, which poses a significant concern. Jonathan also discussed the common tactics used by ransomware groups, including phishing and social engineering, and mentioned the rise of English-speaking adversaries targeting IT helpdesks. He concluded by describing the trend of ransomware groups exploiting critical vulnerabilities and the challenges faced by organizations in patching these vulnerabilities in a timely manner.
The group discussed the challenges and processes around vulnerability disclosure in cybersecurity. Jonathan explained that while responsible disclosure practices exist, with 60-90 day windows for vendors to patch issues before public disclosure, some researchers still publish vulnerabilities immediately, potentially enabling malicious actors. He noted that while there are no current laws regulating vulnerability disclosure, some countries like China have mandatory reporting requirements to their governments.
Jonathan presented a detailed overview of various ransomware groups targeting the food and agriculture sector, highlighting their tactics, vulnerabilities exploited, and recent activities. He emphasized the importance of patch management and staying informed about critical vulnerabilities to mitigate risks. Jonathan also discussed upcoming resources, including the Q3 ransomware report, cybersecurity guides for small businesses, and a GPS paper on vulnerabilities in the agriculture sector. Rob announced an upcoming podcast episode on cybersecurity for Cybersecurity Month, featuring guests from the Food and Ag ISAC and Hilmar. The conversation ended with a reminder about the Dairy Tech event in two weeks.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The Dairy Technology and Innovation Network meeting began with Rob introducing the group’s purpose and discussing the use of Zoom’s AI note-taker for anonymized summaries. He mentioned a recent Infor webinar featuring Eagle Foods’ AI journey and reminded attendees about the upcoming Dairy Tech conference on October 29-30 in Columbus, Ohio, themed around supply chain resiliency.
Bob Price, new to the forum, introduced himself as having 35 years of experience in the dairy industry, focusing on processing plant design and shared his excitement about a current project involving a large fluid milk producer. He discussed a dairy plant’s upgrade from manual to automated mix-proof valving systems, which has resulted in improved shelf life of pasteurized milk and reduced downtime. The automation project, which began 10-15 years ago, initially faced resistance due to cost concerns but has since proven cost-effective through labor savings and extended product shelf life. He explained that the automated system is networked and monitored through control integrators who handle programming, HMI screens, and data collection, with the system spanning from raw milk receiving to filling. Another attendee inquired about the integration with IT systems, noting their own journey from swing valves to smart valves over 18 years.
The group then discussed Oracle’s recent enforcement of Java licensing, with members advising the group to conduct a full inventory of Java usage without sharing it with Oracle. They agreed that most Java instances were through third-party vendors, and it was recommended that they could use the open Java version. Rob noted that Oracle had owned Java for decades and asked why now? Attendees replied that Oracle was now enforcing a new licensing model, leading to discussions about transitioning to open-source alternatives.
A member of the group inquired about MontblancAI, a new company founded in 2022 related to manufacturing and AI, and no one had prior knowledge of them.
An attendee inquired about cybersecurity measures with some participants mentioning they are using Microsoft Defender for Endpoint and Palo Alto’s device security platform and Cisco’s Identity Services Engine. The group discussed cybersecurity solutions, with some sharing information about vendors like Clarity and Dragos for OT security and another mentioned using Palo Alto for OT security in their organization.
A new participant in the group asked about the pros and cons of local versus cloud storage for AI-powered camera monitoring on dairy farms, with a focus on security and cost-effectiveness. The group suggested a tiered architecture approach, using cloud storage for long-term data retention, while keeping frequently accessed data closer to the farms.
The group discussed ongoing challenges with IT vendors, particularly regarding Broadcom’s acquisition of VMware and associated legal issues. A member reported that their organization is transitioning to Nutanix but has faced delays, and another offered to connect them with a subject matter expert who could provide guidance on navigating vendor transitions.
Rob brought up Cybersecurity Month Planning and Updates and the group discussed InfraGuard membership, with a member explaining it offers resources for training, research, and security tips, though some attendees noted applications are currently closed. Several members shared their plans for Cybersecurity Month in October, including with some conducting site visits for training, organizing a tabletop exercises, and implementing weekly awareness campaigns.
Rob announced the next meeting in October will feature Jon Braley from the Food and Ag ISAC presenting cybersecurity trends and updates.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
Rob welcomed attendees to the meeting, and encouraged participants to share questions, innovations, or updates from their companies.
The discussion focused on a member of the group’s question cybersecurity roles in industrial control systems (ICS) and operational technology (OT). Another attendee explained that while IT cybersecurity is crucial for OT security, OT environments cannot be protected in the same way as IT systems due to limitations in monitoring and defending endpoints like PLCs and HMIs. They emphasized the importance of understanding attack paths into IT systems and working closely with IT teams, while also having deep OT experience. When asked about hiring for such roles, they recommended looking for candidates with both strong IT cybersecurity backgrounds and OT experience, as finding someone with both skills is challenging but ideal.
The group discussed security considerations for OT and IT networks, with multiple participants agreeing that hiring someone with OT experience and then training them on IT cybersecurity would be more effective than the reverse. They discussed network architecture, with an attendee explaining that while IT and OT networks may not be completely air-gapped, securing the IT side is crucial as threat actors who breach IT can often find ways into OT systems. Another attendee shared that their company maintains transparency between IT and OT teams through monthly meetings to discuss projects that might impact OT systems. The group discussed the importance of transparency and partnership between IT and OT teams, with one member emphasizing a shift towards treating OT as a customer rather than a combatant. They explored challenges in vendor risk management, particularly regarding audits and security requirements, and highlighting the need for tailored approaches based on vendor risk levels. There were a couple of IDFA’s Gold Business Partners on the call and they of shared insights from their respective companies, describing their approach with their own cybersecurity teams and cloud-based infrastructure.
A member of the group asked about the use of network mapping software, noting that Fluke no longer makes their previous mapping tablet. They also explored email security solutions, with several participants explaining that Abnormal’s AI capabilities complement existing email providers like Microsoft Exchange, while another shared that Abnormal was effective in detecting Microsoft tenant-to-tenant communications that bypass standard spam filters due to Direct Send functionality.
The group discussed email security and quarantine processes. One participant emphasized the importance of proactive educational campaigns and enforcement of security training. Several attendees explained that their organizations do not allow users to self-manage quarantines, instead reviewing and releasing emails on behalf of users. They described their process of reviewing quarantined emails, creating personal whitelists for trusted senders, and handling bulk releases for accounting teams. The discussion highlighted the balance between maintaining security and ensuring legitimate emails are not blocked.
The group discussed a couple of AI initiatives, with a member sharing that they are using retrieval augmented generative AI for content and data analysis, though he noted limitations with large language models for visual data analysis. An attendee inquired about AI agent creation, and another member advised to wait 6-18 months for vendor solutions to mature.
A member of the group requested help connecting with Meta regarding WhatsApp business account setup issues.
The conversation ended with Rob announcing the upcoming Dairy Tech meeting in Columbus, Ohio, October 29-30, reminding attendees to register by the next day for early discount pricing.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The Dairy Technology Information Network (DTIN) group held their monthly meeting, with Rob hosting and noting that while some members were absent due to summer schedules, the meeting served as a great networking opportunity. Rob explained that while they typically focus on specific topics like cybersecurity or AI, this meeting would be more informal with participants bringing up their own items for discussion.
Related to the recent SharePoint vulnerabilities in the news, the group discussed SharePoint usage and migration to the cloud, with all participants confirming they have moved their SharePoint operations to the cloud. Several participants commented that SharePoint underlies Microsoft Teams and is primarily used as a document repository and collaboration tool, though some organizations still use it for workflows that have been migrated to Power Automate. The discussion revealed that while SharePoint provides security benefits over file shares, it often becomes a “dumping ground” when not properly governed, and some organizations have seen decreased usage after migrating from on-premises to cloud-based systems.
The group discussed challenges with file storage and team creation in their organization. They noted that while employees can access various tools like Excel and Teams, team creation requires IT service desk approval to control sprawl. The group also addressed issues with file storage, particularly problems with email attachments and OneDrive, and discussed efforts to educate users on best practices for saving files in SharePoint or Teams.
The group discussed recent cyberattacks attributed to Chinese state actors, focusing on IP theft and espionage. A member of the network shared insights from a visit to Quantico, emphasizing the need to be aware of China’s state capabilities. They also touched on executive protection policies and a Wells Fargo executive being prevented from leaving China.
Rob inquired about the impact of color changes in food products due to government regulations, but the group confirmed it had not affected their operations yet.
The group discussed email security solutions, with a attendee sharing that their organization uses Microsoft Defender for 365 and Abnormal Security for business email compromise, while recently switching from KnowBe4 to ProofPoint for additional features. Rob mentioned that IDFA uses Spam Titan as a spam filter due to their more open system requirements. Others mentioned using Cisco IronPort for email security but is exploring alternatives for business email compromise protection due to rising costs and limited functionality. The discussion concluded with a participant highlighting the importance of device compliance and conditional access for protecting against man-in-the-middle attacks, noting that their implementation has successfully prevented credential theft through Evil Nginx attacks.
The group discussed various cybersecurity tools and threats, including Microsoft’s Direct Send being used for phishing attacks and the importance of app control for protecting outdated Windows servers. An attendee shared his experience with Beyond Trust Endpoint Privilege Management and mentioned that Cato Networks is being considered for SD-WAN implementation due to its remote browser isolation capabilities. The team also discussed the rising costs of attending cybersecurity conferences like Black Hat and Def Con, noting that vendor sponsorship has helped offset the expenses.
The team discussed their progress on upgrading Windows systems, with most having completed Windows XP migrations and now focusing on Windows 10 to 11 upgrades. A member of the group reported a 50% success rate for Windows 11 upgrades due to compatibility issues and lack of drive space, while another mentioned similar challenges with office compatibility and Adobe software. The group noted that the October 14th end-of-support deadline for Windows 10 is approaching, with some considering extended support options, and an attendee raised concerns about unsupported Exchange Server 2016 systems. Rob highlighted that printer drivers and accessories often cause upgrade failures, particularly with Windows 11’s stricter hardware requirements.
Rob invited suggestions for webinar topics, focusing on technology and operational subjects that could benefit attendees. On member proposed a webinar on post-quantum cryptography and quantum readiness, emphasizing the importance of preparing for future cryptographic challenges. Another suggested a topic on best practices for handling data breach with “What NOT to do when you have a cyber incident” being a focus. A member highlighted the importance of having clear authority for disconnecting networks during cyber incidents, referencing United Natural Grocers’ experience. The discussion touched on ransomware attacks, noting that while stigma has decreased, transparency in communications remains crucial. Mobile device management, allowing employees to choose between company or personal phones, was discussed with some saying that they only use company provided phones referencing rules in CA and others saying they allow use of personal phones while requiring Intune or other management.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
The DTIN meeting began with Rob welcoming attendees and explaining the purpose of the group, which brings together technology professionals in the dairy industry to discuss common issues and share solutions. He encouraged attendees to share any issues, questions, or exciting topics they wanted to discuss, emphasizing the collaborative nature of the meeting.
A member of the group discussed IT resiliency initiatives, which account for 80% of their future activities, including upgrading obsolete hardware and implementing new VPN solutions to manage third-party access at their new facility. The team is working on process efficiency improvements and AI solutions, with SAP Signavio being one of the tools used for business process analysis. Another member inquired about their approach to remote access for OEMs, and the response was they are moving to a new solution using Palo Alto Prisma access firewalls.
The group discussed third-party access solutions, focusing on Beyond Trust, CyberArk, and Delinea, with a participant highlighting their interest in Beyond Trust’s web-based features and just-in-time access capabilities. Another participant shared his experience using Beyond Trust for three years, noting that while it provided good security, the setup was cumbersome and the interface was less preferred by vendors, leading them to switch to ZScaler for both VPN and privileged remote access solutions. The discussion revealed that ZScaler lacks the automated access request feature that Beyond Trust offers, though it was mentioned this functionality was in development for ZScaler.
Participants discussed cloud-based OT network security solutions, with a member explaining their current setup uses ZScaler for secure access and EWON for OT connectivity, which routes through firewalls for monitoring. An attendee raised concerns about after-hours support access and latency issues with European OEMs, which the original member confirmed that they haven’t experienced significant problems. A member of the group noted that while hardware-based OT solutions don’t scale well, they plan to use the same solution for both IT and OT networks, and vendors will likely need to adopt the required security measures to continue doing business with them.
A member explained the current state of IT and OT integration at their company, noting that while the two departments remain somewhat separate, there is increasing collaboration, particularly for data sharing and reporting purposes. Another attendee shared that their company is exploring business process improvement options and expressed interest in learning about other companies’ experiences with this. A participant suggested considering business process mining software, specifically mentioning Abbyy as a potential vendor, and advised navigating HR and legal considerations regarding privacy.
A member then shared their experience attending the FBI CISO Academy in Quantico, where they learned about the FBI’s role in cybersecurity and their capabilities in handling cyber incidents. They recommended that others reach out to their local FBI field office and join InfraGard, a partnership between the FBI and the private sector, to enhance cybersecurity collaboration. They also highlighted the FBI’s expertise in recovering stolen funds and decrypting data, and encouraged attendees to include the FBI in their incident response plans.
The group discussed potential funding cuts to the ISAC program, which could impact state and local governments, though CISA committed to providing threat intelligence regardless of membership status. A member shared insights about the threat actor Scattered Spider, highlighting their use of deep fakes and Dragon Force ransomware, and announced an upcoming proof of value with Trusona for identity verification and SIM swapping protection.
The group discussed security concerns related to international travel, particularly in China, where a member of the group shared their experience working at a former employer and the need to be cautious about sharing information due to China’s government-centric approach. Another member added insights from an FBI China analyst briefing, highlighting that China’s primary goal is network infiltration rather than just IP theft, with a specific target of reclaiming Taiwan by 2027. The discussion concluded with concerns about hardware security, including Lenovo products, and the risks of using technology like Deep Seek, with a member noting that even offline use could be compromised.
Rob mentioned the upcoming Dairy Tech conference scheduled for October 29-30 in Columbus, Ohio. Tom outlined the agenda, which covers building the supply chain of the future, and highlighted the support from sponsors like Infor, Ecolab, and RSM.
Rob ended the meeting and announced that future meetings will target to be held on the third Thursday of each month at 2 PM Eastern time.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
Rob introduced the IDFA Dairy Technology Innovation Network, and its aim to connect technology and innovation professionals in the dairy sector to discuss and solve industry problems. He then introduced Jonathan Braley, representing the Food and Agriculture ISAC, who provided an overview of their organization, which collaborates with IT ISAC to address cybersecurity threats in the food and agriculture sector. Jonathan mentioned their recent quarterly ransomware report and ongoing efforts to expand partnerships and share threat intelligence with trade associations and universities.
The Food and Ag ISAC has shared their slides with the group.
Ransomware Trends in Food Agriculture
Jonathan presented an analysis of ransomware attacks on food and agriculture companies, noting a significant increase in attacks since 2020, with a particular surge in Q4 2024 and continuing into 2025. He explained that the data is collected through various open-source feeds, partner shares, and manual analysis of dark web sites, though the dataset is not perfect. Jonathan emphasized that companies need to stop paying ransoms and share threat information more effectively to combat the growing problem, highlighting the role of groups like Klop exploiting zero-day vulnerabilities. Attendees inquired about further drill-down data, such as company size and location, which Jonathan acknowledged could be improved and might be addressed in future renditions.
Jonathan explained that while ransomware attacks across all sectors have increased significantly in Q1 2025 compared to Q1 2024, the percentage of attacks targeting the food and agriculture sector has remained relatively consistent at around 5.5%. He noted that critical manufacturing has been the most heavily targeted sector, accounting for about 20-25% of attacks, while the food and agriculture sector ranks sixth out of 13 tracked sectors. Jonathan also discussed the challenges faced by critical manufacturing, including legacy equipment, patch management difficulties, and the sector’s perceived financial value to attackers.
Ransomware Groups and Zero-Day Exploits
Jonathan discussed the activities of various ransomware groups, particularly Klop, which has been highly active in the food and agriculture sector, exploiting zero-day vulnerabilities. He noted that Klop’s modus operandi involves testing vulnerabilities before large-scale attacks, and there is speculation about their sources, including potential links to Russian intelligence services. Participants questioned the implications of ransomware groups gaining access to zero-day vulnerabilities, discussing whether this indicates consolidation within the cybercriminal ecosystem or the involvement of external actors. They also touched on the recent high number of zero-day vulnerabilities disclosed by Microsoft and the potential future use of quantum computing in finding such vulnerabilities.
Ransomware Groups and Their Tactics
Jonathan discussed various ransomware attacks and groups, highlighting their tactics, targets, and impact. He mentioned the Klop transfer attack affecting 2,100 victims and the Akira group’s opportunistic nature, targeting multiple sectors with attacks on VPNs and RDP connections. Jonathan also described the activities of other groups like Links, which targets SMBs, and Safepay, a newer group with ties to Lockbit 3.0, emphasizing the use of phishing, credential theft, and exploitation of vulnerabilities.
Ransomware Threats in Food Sector
Jonathan presented a report on ransomware attacks in the food and agriculture sector, noting that while the sector represents about 10% of victims, ransomware remains a significant concern due to its profitability and the sector’s critical infrastructure. He highlighted that ransomware groups are increasingly partnering with other criminal organizations and targeting critical manufacturing and food sectors due to their just-in-time supply chains and valuable intellectual property. Jonathan also discussed their ransomware tracker dashboard, which shows that the US accounts for the majority of reported attacks (54%), though he noted this may not fully represent global targeting patterns. He mentioned they are working on updating their threat scoring system and developing low-cost cybersecurity guidance for small and medium-sized businesses in the sector.
Cybersecurity Collaboration and Government Withdrawal
The group discussed the relationship between IDFA and the ISAC, with Rob explaining that while ISAC provides limited information to IDFA members, IDFA members can join the ISAC directly for more comprehensive access. Attendees shared concerns about decreasing government involvement in cybersecurity, particularly noting the withdrawal of DHS and CISA representatives from Arizona Infragard calls, leading to a discussion about the importance of building self-sufficiency in threat intelligence sharing among private sector organizations. The conversation concluded with Jonathan mentioning the Sector Coordinating Council as a valuable resource for food industry cybersecurity, and Rob noting that USDA continues to provide valuable information that CISA may not share.
Cybersecurity Threats and Solutions
The group discussed several cybersecurity threats, including malicious solar panel inverters and attacks on SAP Netweaver systems. Attendees reported an increase in wire fraud attempts using lookalike domains, which others confirmed is a widespread issue. The team explored solutions for domain takedowns, with a participant mentioning their transition to Proofpoint for better UDRP takedown success rates. They also discussed identity verification products like Trusona for associate verification and the potential for more secure supply chain communication through EDI and other digital integrations.
Supply Chain Fraud Prevention Strategies
The group discussed supply chain fraud issues, particularly focusing on cases where criminals posed as a member company to make fraudulent purchases and steal freight shipments. An attendee shared examples of these attacks, noting they often involve stolen shipments being redirected overseas, and mentioned that while some companies have reported these crimes to law enforcement, the threshold for investigation is typically high at around $10 million. The discussion concluded with Rob announcing he would send out a meeting summary and continue to schedule monthly meetings, while also requesting participants to share any relevant publications they follow for industry information.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
Rob Carpenter introduced the DTIN network as a platform for technology professionals in the dairy industry to collaborate, solve problems, and share insights. The meeting was conducted via Microsoft Teams.
Generative AI
Rob introduced Bill Blase, VP of IT at Aurora Organic Dairy, to share practical his insights on using generative AI tools to enhance business operations. Bill discussed the potential of generative AI in business, focusing on its application in content generation and data analysis. He emphasized the importance of understanding the technology, despite its complexity, and shared his experience in implementing AI solutions in his previous role at Emerson. Bill also encouraged the audience to experiment with Chat GPT, a free generative AI tool, to better understand its capabilities. He highlighted the potential of generative AI for data analysis, suggesting it could be a valuable tool for organizations.
Bill explained how to use SharePoint Copilot, a new tool that allows businesses to create an AI-powered chatbot using their own content. He describes how HR policies can be stored in SharePoint and then consumed by the chatbot, enabling employees to easily access company-specific information. Bill highlighted that only one or two licenses are needed for SharePoint administrators, and other employees can access the chatbot through Microsoft Teams. He also mentions that the system respects user permissions, providing confidential information only to authorized personnel. Bill then shared how his organization uses this technology for knowledge transfer, recording meetings and using Office 365 Copilot to generate meeting notes, which are then added to the SharePoint site for the chatbot to consume. He emphasized its affordability and ease of use, even for smaller organizations.
Bill discussed the use of AI tools for content and data management. He emphasized the efficiency of AI in generating goals and objectives, and the potential for his entire organization to become a community of editors. He also highlighted the limitations of current tools for data analysis and suggested using Chat GPT for Business due to its legal protection and ability to handle complex data analysis. He stressed the importance of data format and structure for effective use of generative AI tools.
Bill stated the advantages of creating an agnostic solution for generative AI with data. He explains that major tech companies are constantly improving their large language models, allowing users to switch between different AI services as needed. Bill highlighted the flexibility this approach offers, enabling organizations to use the most suitable and cost-effective AI tool for their needs. He mentioned examples like ChatGPT, Claude, and Gemini, and discussed their pricing and capabilities. Bill also touched on Microsoft’s AI tools, such as SharePoint Copilot and Copilot for Visio, noting their strengths and limitations. He advises that the choice between different AI tools for data analysis depends on the latest releases and their specific capabilities at any given time.
Cybersecurity Concerns
Jason Bredimus raised concerns about fraudulent lookalike domains targeting suppliers and customers, particularly those registered with Namecheap. He shared efforts to address this issue, including reporting to the FBI and exploring domain monitoring and takedown services. Jason forwarded the threat information and offered that members of the group can reach out to him for more information or to share additional intel, especially Name Cheap fraudulent registrations. Here is the alert information on the threat:
Subject: [TLP CLEAR] Domain Impersonations with NameCheap
Traffic Light Protocol (TLP): CLEAR – Information can be distributed without restriction, considered public and can be freely shared.
Some member organizations have been impersonated recently in fraudulent activity that targets suppliers and freight brokers for theft of goods. The attacks we are seeing are similar to attacks from last year, but the threat actors have changed some tactics and targets.
How the scam works
- Threat actor registers a lookalike domain (e.g., yourcompanynameinc.com) and creates an MX record to impersonate the company. Our impersonators seem to prefer namecheap.com and zoho.com for domain and email services, respectively.
- Threat actor targets a small supplier, sends a large purchase request by email including actual contact information of the impersonated company. In some cases, the phone number supplied is not the impersonated company’s – likely a burner number used by the threat actor.
- Threat actor targets a freight broker, arranges transport from the supplier by email including actual contact information of the impersonated company. Again, in some cases, the phone number supplied is not the impersonated company’s.
- Destination is a self-storage warehouse, where the threat actor loads product and moves it for fencing or other activity. Sometimes more than one hop using multiple defrauded freight brokers. Sometimes the destination is an address of a business adjacent to an alley used for shipping.
Additional observations
- We’ve seen them operating in markets outside the target companies’ usual; e.g., raw manufacturing materials for a food supplier.
- Targeted suppliers and freight brokers are often small and very happy to land a large purchase or relationship with a new customer, so may be less inclined to skepticism.
- Threat actors move rapidly; they will create a new lookalike domain within hours after you get the one they’re using shut down.
- Threat actors seem to favor namecheap.com for registration and zoho.com for email services, although these may vary (e.g., Wild West Domains and TUCOWS are popular registrars for this activity as well).
- When a domain they’re using is shut down, we have seen them pivot to an email account on proton.me, gmail, or another web-based email provider, citing “technical difficulties.”
- Foreign nationals may be involved and threat actors have made personal threats to individuals who filed complaints.
Please share back any similar attacks. We are specifically looking for look-alike domains that are registered with NameCheap to provide to the FBI.
Dairy Tech Conference
Rob Carpenter and Tom Wojno discussed the upcoming Dairy Tech Conference scheduled for October 29-30, 2025, in Columbus, OH. They highlighted the success of using AI to generate a summary report from breakout sessions at the previous conference and plan to continue this approach.
Scheduling and Topics for Future Meetings
Rob Carpenter invited feedback on the frequency and format of future meetings and encouraged participants to suggest topics or guest speakers.
For this meeting were joined by Jonathan Braley and our partners at the Food and Ag ISAC. They gave a Cybersecurity briefing and we will have questions and discussion. The ISAC’s slides for the briefing are available for download.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
Rob welcomed everyone and mentioned October is cybersecurity month. He then introduced Jonathan Bradley from the Food and Ag ISAC, who was to give a briefing on cybersecurity trends. Jonathan outlined his team’s role in informing members about threats and sharing experiences from working with food and agriculture companies since 2017. The agenda included a high-level cybersecurity overview and a chance for questions.
The ISAC presented Information on the ongoing issue of ransomware attacks against the food and agriculture sector, highlighting specific trends and threat actors. They noted that the sector was not more targeted than others, but still faced a significant threat with dozens of attacks per month. They also highlighted the strains that have hit the food and agriculture sector, including Play, Ransom Hub, Lockbit, and Black Basta. The ISAC discussed the impact of law enforcement actions against ransomware groups on cybercrime trends and introduced the Predictive Adversary Scoring System (PASS), a tool used to identify and prioritize threat actors. They also discussed the findings of a report on adversaries targeting the food and agriculture sector, noting the high percentage of ransomware groups among adversaries.
The ISAC discussed the various cyber threats faced by organizations, including phishing, business email compromise, and AI-powered schemes. They emphasized the importance of safeguarding against these threats and highlighted the increasing use of AI to write more convincing phishing emails and the use of malware for financial fraud. The ISAC also noted a rise in hacktivist attacks and the blurring of lines between nation-state and hacktivist groups. They shared a report detailing the tactics used by 49 threat actors to breach organizations, including the use of existing tools and custom malware to bypass traditional defenses. The conversation ended with a discussion on the challenges posed by persistent malware and data encryption.
The group discussed the decision-making process behind paying or not paying ransomware demands. The ISAC shared that paying ransomware often results in the recovery of data, as it’s in the attackers’ interest to prove their capability. However, this doesn’t guarantee future attacks, as the same security vulnerabilities could be exploited again. Rob questioned whether not paying ransomware would deter future attacks, to which the ISAC responded that it’s uncertain but potentially beneficial. They also discussed the possibility of ransomware groups sharing information about companies that have paid or not paid, which could influence future attacks.
The ISAC discussed the Cyberstorm exercise, a national tabletop exercise conducted by the government every two years to assess organizations’ preparedness for cyber-attacks. The exercise has evolved over time, focusing on different industries and themes, with a particular emphasis on the food and agriculture sector. The ISAC encouraged participation, suggesting it as an annual tabletop exercise, and explained the different ways to participate. They also mentioned the upcoming Cyberstorm 10 exercise, planned for 2026, and offered to connect interested parties with past participants for further insights.
The ISAC discussed a report from CISA and Australia’s Cybersecurity Center on operational technology best practices, emphasizing the importance of prioritizing safety, understanding the business, valuing operational technology data, segmenting networks, managing the supply chain, and recognizing the importance of people in OT security. They highlighted recent threats to operational technology, particularly in the food and beverage industry, and introduced the Food and Agriculture Information Sharing and Analysis Center (ISAC) to foster collaboration and information sharing among private sector companies. Operations also mentioned the development of public reports to aid small businesses in enhancing their cybersecurity and upcoming webinars, including one on October 31st, where they would be collaborating with USDA and CISA to provide a threat overview for the food and agriculture sector.
The team discussed the issue of ‘subscription bombing’, where a threat actor signs up an email address for numerous newsletters, causing a flood of emails. A member of the group shared a similar issue they were experiencing with their broad report emailer address. Another member raised the question about whether others were experiencing the same issue, as they had seen it affect a dozen employees. The team was curious about the reasons behind this attack and whether other threat actors were using the same method. The group discussed a potential cyber security issue where multiple people from the same industry received suspicious emails within minutes. Rob encouraged anyone experiencing similar issues to reach out to him for assistance. A member also mentioned a local group they’ve been in touch with.
The conversation ended with a member of the group sharing an initiative for Cybersecurity Month, where they are putting together gift boxes for employees who have made significant contributions to cybersecurity. Rob expressed gratitude towards the team and acknowledged the hard work of everyone. Rob also encouraged the team to reach out to him or John for any questions or additional information. He ended the conversation by wishing everyone a good day and a good weekend.
Thank you to everyone who attended the meeting and participated in the discussion. This meeting we focused on the topic of OT Security.
This summary was generated with the assistance of an AI note-taker but has been edited for anonymity and accuracy. If there are inaccuracies or other edits that you feel need to be corrected, please reach out to us.
Rob initiated a discussion on OT security, inviting participants to share their experiences and challenges. One member shared that they are opening a new site, and their OT security is based on parallel firewalls, but they are facing issues with more OEMs and external access. He also mentioned that they are setting up temporary solutions while the factory is being built but are investigating more long-term solutions. Another member indicated that they are also looking for a vendor privilege access management solution.
A member discussed the security measures taken for their OT systems, including the use of cellular technology for external network access, the use of Palo Alto for firewalling, and the creation of a separate Windows domain for OT. He also mentioned the recommendation from Dragos to ensure PLC switches are always in run mode and the implementation of VMware’s micro segmentation for SCADA and HMI systems. A member raised a concern about the potential for bridging between remote access and internal networks, which others confirmed as a potential issue. Also mentioned was the introduction of read-only access to HMI screens via Microsoft’s Azure app proxy for OT engineers to view on their mobile devices.
The group discussed the challenges of securing automated warehouses, particularly in the dairy industry. A member highlighted the difficulty of upgrading legacy systems and the high cost of replacing old PLCs. He also noted that vendors are starting to take security more seriously, with Rockwell being a notable example. Another member pointed out that OEMs are often not well-equipped to handle the systems or data side of their products, leading to potential security issues. Additionally, a member added that OEMs are struggling to standardize their products due to the diverse range of customer platforms and services used. The team concluded that there is no one-size-fits-all solution to these challenges, and that each situation requires a tailored approach.
The DTIN discussed the challenges of integrating security standards into vendor agreements, particularly with equipment providers who are not software organizations. They noted that some vendors are unwilling to meet these standards, leading to potential security risks. The group also discussed the use of third-party risk management to enforce security compliance, with mixed results. They agreed that while some vendors are resistant to these measures, others are willing to adapt. The conversation also touched on the issue of equipment providers using cellular devices to bypass security measures, which was seen as a growing concern.
A supplier member discussed the ongoing challenges faced by OEMs in the food and beverage industry, particularly in terms of FDA compliance and integration with DCS systems. He highlighted the complexity of collaborating with OEMs, and the need for a unified approach to address these issues. He also mentioned the difficulty of switching from Rockwell controls to other systems, citing the need for compliance with FDA protocols and the challenge of maintaining high-speed efficiency while ensuring compliance.
The group discussed the increasing importance of OT security, particularly in the food and ag industry. It was mentioned that Rockwell Automation’s acquisition of Verve Industrial Protection was driven by the need to pay attention to security, following major incidents like the Colonial pipeline attack. It was also noted that major software security vendors like Palo Alto are starting to pay attention to OT security. Rob asked about the broader impact of this trend, and a member confirmed that it is becoming a hot topic in the public-private partnership he is a part of, the Arizona Cyber Threat Response Alliance.
The DTIN discussed the challenges of communication between IT and OT teams, with the suggestion that they need to create partnerships and support each other. They also discussed the importance of securing OT systems, noting that having extensive knowledge of how to use a computer system doesn’t mean one knows how to secure it. A member mentioned the company Dragos, which specializes in OT security and incident response, as a potential resource for best practices. Others agreed with the differences between IT and OT infrastructure. The team also discussed the need for specialized expertise in handling rare OT incidents, such as those involving physical damage.
There was a discussion about the need and challenges of finding old equipment for firmware recovery, referencing a past issue with JBS. Members shared their experiences of purchasing old equipment for spare parts and the need for standardization in gateways. A member proposed standardizing on a trusted gateway that could be monitored, suggesting this could enhance security. Rob recalled the issues faced by alarm companies when the Gen. 3 cellular network was discontinued, leading to the need for bridge devices. The team also discussed the potential costs associated with cellular services for these devices.
Rob asked the group for any additional challenges or topics that they might want to discuss. Members expressed their interest in expanding the group’s scope to include other areas of technology, not just IT. Rob agreed to this and mentioned that future meetings could be focused on specific areas like engineering. A new member introduced himself and shared his experience from a retail background, highlighting challenges related to digital signage and customer dwell time. He also mentioned their interest in a cloud-based 0 Trust exchange through Zscaler.
The team discussed potential cybersecurity threats to the dairy industry, and it was suggested IDFA could survey members to identify commonly used systems in the industry that could be targeted by cyber-attacks and if any systems were common enough to make the entire dairy industry vulnerable.
The group also discussed the challenges of working with forced partner of choice in their industry, which can be restrictive and limit their options. A member highlighted the issue of having to work with an integrator they don’t like, and the problem of having a better integrator in one region but being unable to use them due to vendor restrictions.
Thank you to everyone who attended the meeting and participated in the discussion.
This meeting was a networking meeting and discussion where we invited the group to share any of your upcoming projects and ask any questions of the group that you might be having challenges with, have had success handling or just want other opinions on.
For an opening, we started the discussion with the pre-announced topic of the recent Crowdstrike outage. We were happy to learn that only a couple of companies had experienced any downtime and that Crowdstrike was not one of the systems used by many attendees. Although Crowdstrike made a major mistake with the release of the update, most felt that their ownership of the mistake and the way they expedited the mitigation was positive.
We had a discussion around the timing of applying updates to systems and the challenge of balancing between the need to get security patches done quickly, while platform or functionality updates may be handled in a more scheduled way. Keeping in mind that the production facilities operate 24/7 in many cases and the updates may need to be limited to shift changes and scheduled maintenance windows. It was felt that it was important for teams to take advantage of the different classification of updates (security, functionality, etc.) when vendors provide them and encourage vendors who do not currently classify their updates to start.
It was mentioned that although the Crowdstrike event did not affect the dairy industry, as compared to the airline industry for example, there may be some tools that are used by the dairy industry that could in the same situation could cause a major impact.
There were two areas that everyone felt were very important to help mitigate any incidents like this should they occur. The first was having a solid business continuity plan and then to test that plan against how teams react. Many plans have focused on cybersecurity incidents, but this event showed that plans need to go beyond that.
The second area is to have a good communication plan. The plan needs to address not only when you are affected by a particular incident, but also, in the case of an event that is highly publicized in the mainstream media, when it does NOT affect you. The plan needs to not only go up and across the management team, but also may need to go out to other teams like sales and the rest of the supply chain who may be fielding customer questions.
The next topic that was raised by an attendee was whether anyone else was having issues with contracts and pricing related to VMware and the merger/acquisition with Broadcom. Many in the group who use VMware are at various timings related to their contract terms. Concerns were raised with dramatic increases in pricing some were seeing and with turnover in the VMware sales teams, resulting in poor customer advocacy. There was a discussion about the situation amongst attendees expressing their concerns and relating their experiences.
The last topic raised was about OT security and about Vendor Access Management and the different solutions that teams are using and their opinions of them. Several systems were mentioned and discussed. One of the big concerns was trying to avoid 50 different vendors who prefer to use 50 different access methods and systems and the ramifications of that and managing staff turnover at the vendors and the problems that it causes.
As we were closing it was suggested that based on the conversation that OT Security would be a good topic for us to explore at our next meeting.
Thank you to everyone who attended the meeting and participated in the discussion.
For this meeting we had a preview of the upcoming DairyTech Conference on October 23-24, 2024 in Denver, CO and then followed that with a sharing session amongst the attendees.
Tom Wojno of IDFA opened the meeting with the announcement of the DairyTech Conference and then went through a preview of the agenda. A Powerpoint slide show was used during the meeting, but now, thanks to the suggestions from the meeting and work from the IDFA and Ever.Ag teams, that information out of date. A updated agenda can be found on the conference website at dairytechconference.com. Many of the suggestions from the meeting have been incorporated into the agenda. We are also happy to announce that registration for the conference is now open.
Building on attendee input from previous conferences, this year’s DairyTech will have a single overarching topic of AI with every session exploring aspects of that topic. The agenda was well received with many expressing that it was very pragmatic.
Several attendees gave positive feedback regarding Tom Edwards as the keynote. They expressed that although he is a generative AI guy, he can also speak to the analytical and data side. One person noted that he is also a futurist and was wondering of the impact that would have on any proposed closing speaker which is also a planned futurist.
Other attendees enquired about whether the conference was going to cover AI governance and use policies, both within an organization and with their suppliers. It was agreed that it is something that is appealing, if not in a session itself, as a topic within a session or multiple sessions.
A great deal of time was spent of the idea of breakout rooms. Many attendees were interested in the idea and were curious as to how they would work. It was mentioned that they would be a good networking opportunity as many companies were not sure what/how to use AI and suppliers were also not sure what products and services companies were looking for. Both sides would be able gain insight from the discussion.
Suggestions were made as to how to organize the breakouts, for example, by areas of topic like Generative, Security, HR, Technical Tools. This would allow the attendees to drill down on a topic of interest,
The was also discussion about potential sites for attendee tours with the Shamrock facility near Denver being mentioned. The team at the University of Colorado at Boulder was also mentioned as a potential source for speakers and information as they have a large AI department.
Tom thanked everyone for their input and the discussion moved on to attendees sharing their current projects. Since AI was top of mind from the previous discussion, several people shared where they were in their AI efforts. Most have been focused around Microsoft’s CoPilot. For people that were unfamiliar with it there was a discussion about how CoPilot is not just the search and assistant function that everyone is seeing on their desktop or in advertising. Microsoft is adding CoPilot to many of its product offerings in differing ways. They are all branded as CoPilot and some pieces are integrated with other CoPilots, while are others are only connected to a specific Microsoft Business Platform. Many also felt that Microsoft’s licensing and pricing structure was confusing and still evolving.
There was also a discussion of how usage of AI tools is being tracked and controlled. Matt Wilkinson with Great Lakes Cheese uses a tool called Cisco Umbrella to track site usage. One of the categories that Cisco provides is AI Tools. Matt has kindly allowed us to shared the output of this tool with the group and it can be found at the bottom of the notes. It is surprising that there are over 70 sites on the list.
As always, the DTIN discussion was very energetic and thoughtful. If you have any questions about the DTIN feel free to reach out to Rob Carpenter, [email protected], or Tom Wojno, [email protected].
We are also always interested in receiving topics and ideas for our upcoming meetings, if you have an issue you would like to discuss, a recent project you would like to share with the group, or simply something you would like to learn more about just send the thought our way.
AI Usage sample report from Cisco Umbrella provided by Matt Wilkinson of Great Lakes Cheese.
Thank you for everyone attending the meeting and participating in the discussion.
Our partners with the Food & Ag ISAC joined us and helped lead the meeting which focused on three areas: a Ransomware Report, Cyber Storm IX, and the new CIRCIA cyber incident reporting proposed rule. The slides for the meeting are available online.
For the first part of the discussion Jonathan Braley of the ISAC introduced us to their newly release report, Farm-To-Table Ransomware Realities: Exploring the 2023 Ransomware Landscape and Insights for 2024, highlighted some of its findings and answered member questions.
We then moved on for a discussion of Cyber Storm, the Cybersecurity and Infrastructure Security Agency (CISA)’s biennial exercise series, the most extensive government-sponsored cybersecurity exercise of its kind. Cyber Storm IX just concluded in April. Jon Braley took us through what is Cyber Storm, how it works, and the benefits to government, industry and individual companies. Several members that participated in Cyber Storm, notably Jason Bredimus of Shamrock Farms, shared their experience with Cyber Storm and the benefits for their companies. Cyber Storm occurs every two years, with the next one in 2026. Planning for it has not yet started but will soon and several members expressed interest in participating and asked IDFA to keep them informed of progress. Both Rob with IDFA and Jon with the ISAC promised to send out information as soon as it was available.
The final topic for discussion was the new proposed rule required by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) which was enacted in 2022. The proposed rule was released for comment in April and Scott Algeier and Bob Dix of the Food & Ag ISAC gave a briefing of the rule and fielded questions.
Here are some bullet points on what was discussed:
- This is the first regulation being introduced by CISA and thus turns it into a regulatory agency.
- This rule is currently in the comment period. Comments are due to CISA by July 3rd and the Food & Ag ISAC will be submitting comments.
- The rule will then go through an 18 month review period where comments are considered, and any changes made. The final regulation is due out in October of 2025, and will go into effect in late 2025 or early 2026.
- The rule requires that organizations that experience cyber incidents or make ransomware payments submit reports to the government about those incidents.
- The reporting is required for organizations across all sectors, not just Food & Ag. Any company that is a small business according to the Small Business Administration (SBA)’s standards is exempt from the rule, however, organizations in certain sectors, notably banking, transportation, and any company that provides IT services, hardware or software are not exempt and must report incidents regardless of size.
- There are two type of situations that require reporting. Any ransomware payment or any cyber incident which is considered a Substantial Cyber Incident according to the rule.
- Substantial Cyber Incident must be reported within 72 hours.
- Ransomware payments need to be reported within 24 hours of the payment being made.
You can find more detailed information in the attached slide deck or by reaching out to the Food & Ag ISAC and you can go to CISA’s website at https://www.cisa.gov/circia
If you have any questions about the DTIN feel free to reach out to Rob Carpenter, [email protected], or Tom Wojno, [email protected].
We are also always interested in receiving topics and ideas for our upcoming meetings, if you have an issue you would like to discuss, a recent project you would like to share with the group, or simply something you would like to learn more about just send the thought our way.
Thank you to all who were able to attend the meeting on AI from February. As mentioned in the meeting, the attached summary has been generated by Zoom’s AI Companion Summary feature. I have only lightly edited it to make it anonymous and to maintain it as an example of AI generated content. As this summary was AI generated it comes with Zoom’s own disclaimer, “AI-generated content may be inaccurate or misleading. Always check for accuracy.”
If you have any questions feel free to reach out to Rob Carpenter, [email protected], or Tom Wojno, [email protected].
We are also always interested in receiving topics and ideas for our upcoming meetings, if you have an issue you would like to discuss, a recent project you would like to share with the group, or simply something you would like to learn more about just send the thought our way.
Meeting summary for IDFA Dairy Technology and Innovation Network Meeting with a Focus on AI (02/07/2024)
Quick recap
The meeting revolved around the topic of AI implementation in various companies. The participants discussed the advantages and potential risks of AI, with a focus on its application in predictive maintenance, process optimization, and HR. They also addressed the necessity for policies and protections for both the technology and employees. The group emphasized the importance of education and understanding the technology, as well as the need for interdepartmental communication. They concluded the meeting by planning to further discuss and promote AI training and education.
Summary
IDFA Open Discussion on AI and Merging Groups
Rob Carpenter, IDFA welcomed everyone to the meeting and asked for patience as a few more people were still connecting. He requested participants to rename themselves on the platform to clearly indicate their name and company. Tom Wojno, IDFA emphasized the importance of the meeting and the opportunity for different groups to merge and discuss overlapping issues. Rob then proceeded to facilitate the open discussion, encouraging everyone to share, ask questions, and feel free to delve into details. He also mentioned that they had invited the Hr Leaders group to join the discussion as they had many questions about AI. Rob further clarified that these sessions were typically not recorded to foster open conversation.
AI Implementation in Manufacturing and Process Optimization
Rob Carpenter, IDFA from IDFA initiated a discussion about the implementation of AI in their respective companies. One member shared that they are utilizing AI in their software applications for predictive maintenance in manufacturing facilities. Tom Wojno, IDFA emphasized the importance of finding the right balance in AI implementation and adapting to the changes it brings. Another member further expanded on the potential of AI in process optimization and reducing waste. A dairy company member also mentioned their use of AI, specifically for predictive maintenance, with a positive return on investment. Many members indicated that they were just beginning to explore AI implementation.
AI Implementation and Concerns in IT and HR
A HR Leaders member discussed the implementation of AI in their IT space, specifically in writing code and developing content for presentations. He also mentioned its use in HR to identify and target potential candidates. Tom Wojno, IDFA raised the possibility of AI reducing the need for additional staff, which the member agreed could be the case. Rob Carpenter, IDFA inquired about the source material for the AI and potential copyright issues, which the member acknowledged required further discussion. Another member asked about the specific tool they were using, which the member confirmed was provided by Blue Door Consulting. One member raised concerns about confidentiality and security, emphasizing the importance of guardrails for using the tool. The IT staff at that company clarified they had not blocked the use of the AI tool and communicated expectations to employees. Tom Wojno, IDFA concluded by emphasizing the importance of policies and protections for both the technology and employees.
Technology Implementation and AI Training Roadmap
Tom Wojno, IDFA shared a roadmap for evaluating, securing, and implementing a new technology within the employee base. An HR Leader emphasized the importance of being cautious and detailed-oriented when implementing new technologies. One member discussed their company’s approach to training their workforce about security and the hype around artificial intelligence. He also mentioned the company’s focus on identifying key individuals to gain expertise in the field and exploring how to leverage large language model capabilities within their organization. They highlighted that more and more business applications are incorporating AI and encouraged the team to engage with these tools to understand their AI roadmaps.
AI, Data Breaches, and Trust in Partnerships
A member expressed his concerns about using AI for processing sensitive information due to the risk of data breaches. He suggested hosting their own systems for document processing and emphasized the importance of trust in partnerships. Tom Wojno, IDFA agreed on the need for rigorous controls when outsourcing technology services. They also discussed the use of AI in manufacturing processes, with Rob Carpenter, IDFA highlighting the potential for AI to aid in generating marketing materials and code. An HR Leader brought up the issue of privacy, particularly from an HR perspective.
Technology Risks and Benefits Discussion
The discussion revolved around the risks and benefits of implementing new technologies, particularly AI, in their businesses. An HR Leader expressed concerns about the potential risks to their people and business, while Tom encouraged the group to share their thoughts on managing risk with new technologies. A member emphasized the importance of education and understanding the technology, suggesting that fear of the unknown should be replaced with education. Another member added that reading end-user license agreements could help assess potential risks. The group concluded that IT guidance and a thorough understanding of the technology are crucial.
AI Implementation and Operational Implications
The team discussed the implementation and potential benefits of AI within their operations. A member emphasized their focus on operational technology and manufacturing yield optimization, recognizing the investment required for these technologies. Rob from IDFA then queried about customer-facing AI implementations, receiving a silence indicating no such actions have been taken yet. Tom from IDFA further asked about the intersection between HR and IT in implementing AI, with a HR Leader noting the need for interdepartmental communication due to the broad implications of AI. The IT staff at the same compny added that their current discussions are primarily about risk management and compliance, rather than HR AI tools.
Team Structure and AI Education
Tom Wojno, IDFA invited feedback on the structure of teams for various projects, emphasizing the importance of considering different aspects like risk, legal, IT, HR, and finance. A member shared their approach, which involves a steering committee that educates and informs the organization about different topics, including AI. The steering committee then identifies team members to form a pilot team to understand the capabilities of the technology. They also mentioned that they are working with an outside group to help with education and training. The discussion concluded with other members asking about the composition of the steering committee.
AI Policy and Training: A Necessity
The team discussed the need for a policy regarding AI, specifically ChatGPT. A member suggested that his company could share their existing policy as a starting point. An HR Leader emphasized the importance of having such a policy, especially for smaller organizations with multiple priorities. A member agreed to consult his HR department about sharing their policy. The team also agreed to further discuss and promote AI training and education.
Next steps
An HR Leader will connect the team with their IT director for more information on AI and its source materials.
Another member will talk with the HR department about sharing their AI policy and will loop back to Rob Carpenter if able to share it with the group
Thank you to all of you who were able to attend our last meeting. We had a great discussion with the group sharing some of their challenges and solutions to different problems.
Most of the discussion focused on the area of convergence between the OT and IT teams and how different companies are handling the transition. Some opting for a full merger of the teams, while other focus on increasing communication and tightening security. As new plants and international business units are acquired or brought online, many companies are taking the opportunity to make changes at those new facilities and integrate the new teams. Some of the integration is the result of the ongoing shortage of talent on both the IT and the OT side, necessitating cross training and re-tasking.
SriRaj Kantamneni from Schrieber joined us for the first time and informally gave us an update on Schreiber Digital Labs (SDL). This is a project where they effectively turn some of their IT support center work into a profit center; taking their internal software development that they accomplished for Schrieber’s own needs and turning it into a solution that they can then market to other companies.
Thank you to all of you who were able to attend last month’s meeting. The July 25th virtual meeting was an introduction to the team at the new Food and Ag ISAC.
For those of who are unaware, Information Sharing and Analysis Centers, or ISACs, are member-driven organizations who collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs are usually formed around different industry sectors and the sector ISACs collaborate with each other via the National Council of ISACs.
The new Food and Ag-ISAC provides threat intelligence, analysis and effective security practices that help food and agriculture companies detect attacks, respond to incidents and share indicators so they can better protect themselves and manage risks to their companies and the sector.
The Food and Ag-ISAC is part of the IT-ISAC. Founded in 2000, the Information Technology ISAC is a non-profit organization that augments member companies’ internal capabilities by providing them access to curated cyber threat analysis, an intelligence management platform, and a trusted forum to engage with senior analysts from peer companies.
Speaking to us from the Food and Ag-ISAC was Jonathan Braley their Operations Manager.
Jonathan introduced the ISAC, what their mission was and what they do, providing threat analysis and sharing intelligence with their members, the industry, and government when appropriate. They engage policymakers, other critical infrastructure sectors and government agencies like CISA.
He shared some of the realities that companies now face in the area of cybersecurity, including some of the incidents that have occurred at dairy companies recently. Additionally, he elaborated on the new challenges that are faced with connecting operational technology to networks as manufacturing processes become more automated and real time information on business operations is in more demand.
Jonathan concluded by sharing the range of reports, tools and playbooks that the ISAC offers to assist their members.
Jonathan’s provided his slides for reference.
You can find more information on them at www.foodandag-isac.org. They provided an informational flyer and you can reach out to them at [email protected] for any questions or details. You can also reach out to either Tom or Rob and we can arrange an introduction.
The March 30th virtual meeting was well attended and very active, centering around the topic of “What’s Working Today, What’s Not and What Will Work Tomorrow”. Thank you all for being so forthcoming and open with the projects you are working on or have recently completed, challenges you are facing and technology advancements you’re incorporating into your businesses. Below is a high level recap of some of the topics discussed:
- One project recently completed was the implementation of a Software-Defined Access (SD-Access) system for Network Access control. The project went well with Cybersecurity and penetration testing. Questions were asked and discussed about its ability to segment the operational side of the business. One interesting note was that they chose to roll out the new system at a new facility to take advantage of the build process to implement and test the change. Others in the group that are in the process or starting a similar project are doing the same either at newly constructed or renovated facilities. Everyone seemed to agree that that timing was beneficial to the project.
- Another project shared was a 3 year migration of a company to a new ERP system on the SAP platform. They shared that some of the reasons for the choice of SAP was the team’s familiarity with it, bringing experience from previous employment, and that SAP already has a solid dairy component that didn’t need to be built out. The company has a large IT staff and remained focused throughout the project on accounting for what the change meant for their own staff making sure that staff were either trained on the new system or were moved into areas where their talents would be best utilized, rather than swapping out staff for people familiar with the new platform.
- There were discussions around how to present projects that affect an entire business as more than just IT projects. It is sometimes best to have the CEO or other top executives introduce the project, rather than the CIO/CTO, so that scale of the project and its importance matters from a much broader business perspective as opposed to just an IT project. It was suggested that even the internal name of a project can affect employees perception of it. We also discussed the need to involve employees in the development process of IT projects. A member shared that when they built a custom app for the collection of data by their trucks as they made pickups, they involved a truck driver both in the development and testing stages and their involvement was invaluable.
- In the “what’s not working category”, many people expressed that they are still having issues with supply chain and inflating cost of goods. The unpredictability of these problems, with parts not available when needed or the cost of parts rising well beyond the initial spec or budget was the most acute issue raised. These issues can have an outsized effect on large projects when they occur in the middle of a tight timeline or when they are one part of several interconnected projects.
- Staffing also remains an issue with members losing staff due to retirement and having trouble recruiting replacements. With many members having locations in more rural areas, remote work has become more prevalent with IT staffs specifically in the design arenas. In some cases members have turned to outside firms to supplement their staff only to find that those firms had the same resource problems and had to reevaluate their offerings.
- Looking into the future the question was asked if any of the members have or are considering projects related to AI and if any of them are experiencing pushback from staff or other executives because of the recent attention of ChatGPT and Bing launches. Several mentioned that they had initiatives using ChatGPT in the IT support areas, but pointed out that they have removed its ability to draw from information on the internet and restricted it to only their own information. Others are using AI in the areas of Preventive Maintenance and Predictive Analytics.
We closed the meeting with a reminder about our Dairy Tech Conference.
The DTIN hosted IDFA members for an exclusive, two-part webinar conversation with IDFA Member Schreiber Foods on Monday, April 11 at 1:00 PM ET. The first part of the webinar featured Schreiber Foods Senior Vice President of Information Services & Chief Information Officer Tom Andreoli and Director of Information Security Ryan Wessels with a high-level walk through the details of their cyber event. Andreoli and Wessels presented their top recommendations on how the industry can best prepare for and insulate against cyber threats in the future. The second part of the webinar was a more technical walk-through of the event for IDFA member information and technology staff.
In addition to their insights and advice, the team at Schreiber shared these lessons learned:
- This will happen to you.
- Have a Communications Plan, both internal and external. Make that plan Process not Person dependent.
- Empowerment. Make sure that your team has the ability to act.
- Put Incident Response Partners in place and make sure the team knows who they are and how to contact them.
- Implement End-Point Detection and Response systems.
- Make sure you have Immutable Backups.
- Keep up to date with Patching and Monitoring Legacy Systems.
For those that could not make it, IDFA’s DTIN brought the group together to have a discussion with HackerOne where they introduced the attendees to a concept called the Attack Resistance Gap. It is the gap between the attack surface companies believe they have covered and their actual attack surface. This gap has obvious and serious consequences including:
- An increased risk or data breach
- The potential for brand damage
- Persistent threats against the organization
It is the sum of the following four areas:
- Incomplete Knowledge of Attack Surface
- Testing Frequency < App Updates
- Testing is Shallow or Basic
- Defensive Skills Untested or Unavailable
Please access the slide handouts for a deeper dive into the attack resistance gap and HackerOne’s response.
The community brought up the following as discussion points:
- The new CVEs like Log4J, and how has HackerOne helped organizations identify / mitigate risk of such emerging CVEs.
- How the company fits into the supply chain security.
- How are regulators and best practice bodies thinking about working with independent security researchers.
We encourage the group to reach out to the HackerOne subject matter experts who were part of this discussion. Please reach out to Dave Woolwine or Barry Conklin for follow up.
The Dairy Technology and Innovation Network (DTIN) met on January 6, 2022 at 1:00 PM ET as an introductory meeting. We are convening the group for two purposes (1) create a sense of community for peer-to-peer networking, information sharing, and best practice leveraging (2) cybersecurity is the most acute need for a group like DTIN.
First, introductions were made of the group members. The following topics where specifically listed during the introductions as potential content topics to build out.
- Internal perspective – member facing technologies. Also, understanding what is out there from an innovation perspective from within the dairy industry as we provide opportunities to our members.
- Expansion of infrastructure – specifically broadband access throughout rural areas.
Next, IDFA staff discussed building out content with your input and that of our outside advisors on pointed topics that would be of value to you. These will not be membership wide webinars as this is a group with unique needs and will be facilitated as closed meetings. These meetings will be more conversational and candid.
We do think there is value for outside resources. We have had preliminary conversations with McKinsey & Company on resources that may be of interest to the community. We are talking with the University of Minnesota from an academic perspective. We are having conversations with companies such as HackerOne that audit vulnerabilities. We then opened the discussion to the group for brainstorming where the following topics were mentioned:
- Tactical challenge of security to prepare for a breach.
- IT Security
- Futuristic Perspective: direction for innovation with technology for our organization and our member organization from the cooperative perspective.
- Opportunity to discuss producer/farm level perspective. Help them be innovative and profitable. Stems from data innovation, robotics, futuristic perspective, etc.
- Challenges other organizations are facing and best practices.
- Digital Transformations – software platforms integrations.
- How do you handle security from MES to ERP or ERP to MES to plant floor.
- Low cost but high value innovation – especially during the turbulent times.
- Technology Automation
- HR and workforce angle – bring HR Leaders and DTIN together for a guided conversation to help address all the workforce struggles we are currently facing.
Confidentiality to our members in this community is of the utmost importance to IDFA and we look forward to building the security in this community to have impactful conversations.
Featured Programming

Investment into artificial intelligence (AI) in the food and beverage industry is expected to grow exponentially over the next few years. Already in use by early adopters across the industry, it’s clear that AI is making its presence felt in more ways than one, impacting all aspects of the food supply chain, driving smarter and faster decisions, and improving profitability.
Leading global provider of goat cheese, Amalthea, leverages the power of Infor’s platform technology, as part of Infor CloudSuite Food & Beverage, to improve cheese yield, quality, and consistency, ultimately reducing waste and improving sustainability efforts.

Cyber crimes against food companies have risen significantly in recent years as criminals develop more advanced methods of infiltrating information systems and manufacturing software. At least three high-profile cyber attacks have inflicted significant costs and disruptions on dairy businesses in recent years while at the same time risking personnel safety and food safety.
To address these threats, IDFA and the Food and Agriculture – Information Sharing Analysis Center (Food and Ag-ISAC) hosted a new strategic partnership to bolster the dairy industry’s defenses against cyber criminals.
Contact
If you have any questions, please contact Rob Carpenter, Senior Director, Information Technology, at [email protected] or Tom Wojno, Senior Vice President for Innovation and Member Advancement, at [email protected].
[Old LARAVEL BLOCK: PeopleBlock ]
