NIS2 and Food Industry: Why Food Companies Need to Control Their IT Assets

In June 2021, JBS, the world’s largest meat processor, fell victim to a REvil ransomware attack that shut down processing plants in the US, Canada, and Australia. The company paid an $11 million ransom. During the downtime, the food supply chain was compromised: meat prices rose, supermarkets rationed products, and a national shortage was feared.

The food industry is more technology-dependent than it appears. And NIS2 recognizes this.

Why NIS2 applies to the food sector

NIS2 classifies food production, processing, and distribution as an important entity (Annex II). This includes food processing companies, distribution chains, digitalized agricultural cooperatives, and food logistics companies.

• Asset management: inventory of all IT and OT systems supporting production and distribution
• Incident management: mandatory notification identifying affected assets
• Operational continuity: recovery plans to maintain the food supply chain
• Fines up to 7 million euros or 1.4% of turnover for important entities

Real incidents in the food sector

• JBS (global), 2021: REvil ransomware halted meat production worldwide. The attack hit production control, weighing, labeling, and distribution logistics systems. Ransom paid: $11 million.
• Schreiber Foods (USA), 2021: A ransomware attack shut down all dairy processing plants for several days. The company, which processes 10% of Wisconsin’s milk, had to dispose of thousands of liters because cold chain monitoring systems went offline.
• KP Snacks (UK), 2022: The Conti group attacked the British snack manufacturer, halting production and distribution for weeks. Supermarkets received notices of indefinite KP product supply disruption.

Why exhaustive asset control is essential

• The cold chain depends on IT sensors. Temperature sensors monitoring cold rooms, refrigerated transport, and warehouses are IT assets. If they fail unnoticed, you may have a food safety problem before you have a cybersecurity problem.
• Production lines are automated. PLCs controlling packaging, automatic weighing systems, date labelers — a failure can generate mislabeled products or cross-contamination.
• Food traceability requires IT traceability. During a food alert, you need to trace which batches went through which production lines. This requires production systems to be inventoried and linked to batches.
• Assets are distributed across factories, warehouses, and fleet. A typical food company has processing plants, distribution centers, refrigerated transport fleets, and retail points. Each location has its own IT assets.

What you need to control

• Cold chain sensors: Temperature, humidity in cold rooms, transport, and warehouses
• Production systems: Packaging line PLCs, weighing systems, automatic labelers
• HACCP systems: Critical control point monitoring devices
• Warehouse infrastructure: WMS, scanners, label printers, barcode readers
• Distribution fleet: GPS, truck temperature sensors, driver tablets
• Corporate IT: ERP servers, quality workstations, traceability systems

Metrica Control lets you track every asset in your food production chain: from the cold room temperature sensor to the packaging line PLC. With full traceability for NIS2 audits and food safety.