Ep. 022 - Food Industry Challenges: A Legal Perspective with Mike Delaney

00:00:25 Kristin Demoranville

Welcome to the bites and Bites podcast. I'm your host, Kristen Demoranville. And today I'm excited to have a special guest and also a good friend, Mike Delaney. Mike is a seasoned corporate lawyer and a trusted ally in cyber security. Together, we'll tackle some challenges in the food industry. We'll share some insights from our experiences.

00:00:42 Kristin Demoranville

Working together discuss the risks and strategies for securing the food supply chain. Let's jump in.

00:00:52 Kristin Demoranville

Hi Mike, thanks for being here with all of us. I am going to jump straight into favorite food and favorite food memory and then.

00:01:00 Kristin Demoranville

We'll go introductions to go.

00:01:02 Mike Delaney

At the moment I,

00:01:04 Mike Delaney

Think this actually spurs from a very jealous thought, my son right now.

00:01:08 Mike Delaney

Is actually studying down in Australia and it's planning a trip to.

00:01:11 Mike Delaney

Backpack through Southeast Asia and we've been looking at all the different options.

00:01:15 Mike Delaney

That Thailand had caught it.

00:01:16 Mike Delaney

Cut has set me down the type path just this week I made a Thai Curry at home, so I'm.

00:01:20 Mike Delaney

Kind of in that Thai Curry.

00:01:22 Kristin Demoranville

That's my house. That's great. I have Curry at least once a week. But mines Indian so that Thai Curry is excellent when you have it in Thailand. It's entirely different, by the way. You know mine was.

00:01:31 Mike Delaney

I made it home, so I'm sure that my son will have a little.

00:01:35 Kristin Demoranville

Yes, probably. And your favorite food memory, you.

00:01:39 Mike Delaney

Know there are.

00:01:39 Mike Delaney

So many you mean food broad. You know, it's one of those things that proves us all together. But like from from my perspective, I have to picture. So we were in Australia, I took my kids to Austria 1 winter, we went to Munich and to Innsbruck, skiing and.

00:01:53 Mike Delaney

We're sitting in Innsbruck.

00:01:54 Mike Delaney

And and out to our local Austrian place overlooking the river.

00:01:58 Mike Delaney

And it was.

00:01:59 Mike Delaney

As well as family moments where you just brought together around really good food, we're eating local tirolian specialties and it was just it was one of those once in a life kind of situations. And there's probably lots of those food just as always it it almost brings the memory a lot if you.

00:02:13 Mike Delaney

Have it again like that.

00:02:14 Mike Delaney

Hmm.

00:02:15 Mike Delaney

Together here. So that was one of.

00:02:16 Kristin Demoranville

My favorite I think that works too like flavors different flavors.

00:02:19 Kristin Demoranville

Like if I.

00:02:20 Kristin Demoranville

Have licorice. It makes me think of my grandfather because he's Swedish, especially if it's black licorice and certain smells of coffee. Certain types of coffee gets me with.

00:02:28 Kristin Demoranville

Some people and then.

00:02:29 Kristin Demoranville

Obviously different. Other smells like baked.

00:02:32 Kristin Demoranville

Some it just triggers that memory and I think that's part of what makes you so special is how it food is.

00:02:38 Mike Delaney

Memory memories are good and bad, but like, you know, like like I have a favorite type of wine or like a 7:00, you know, thought that I really have a sanity for it. But I had it for the first time with a good body, right? Anyway. And my adult memory when I was on a trip to Auckland.

00:02:52 Mike Delaney

We're sitting in a harbor restaurant overlooking the water, and we had several blocks from mobile, New Zealand and forever. That's kind of.

00:03:00 Mike Delaney

Drink. And when I drink it, I think.

00:03:01 Mike Delaney

About those amazing views.

00:03:02 Kristin Demoranville

And so, not to mention, that's a great place to get that wine. It's it's like their wine, like, that's brilliant. I'm not so much a selling on long trucker cause it can lean on banana forward and I'm allergic to bananas. So if I get a whiff of that, I get all weirded out. But if there's ones that are.

00:03:05

What happened?

00:03:16 Kristin Demoranville

Like pineapple forward?

00:03:17 Kristin Demoranville

I'm like Guilford I found with those. Yeah, that's that's amazing.

00:03:20 Kristin Demoranville

Those memories are great. I can actually almost visualize.

00:03:23 Kristin Demoranville

The scheme one too.

00:03:24 Kristin Demoranville

It was. I could just see that.

00:03:26 Kristin Demoranville

That was great. Yeah. Thanks for sliding jackets. Got.

00:03:28 Mike Delaney

Little heaters and it was just.

00:03:29 Mike Delaney

As well as school plus.

00:03:30 Kristin Demoranville

I love how that part of the world just keeps on going even when it's cold, like they don't care. They're like, put a heater up, light a fire and lock could be said for some restaurants to continue keeping their outdoor seating in the winter and autumn time frames. Thanks for that. Mike, do you want?

00:03:43 Mike Delaney

To introduce yourself, you know, actually Christopher and I know each other from a number of years working together.

00:03:50 Mike Delaney

When I was the chief legal officer at CSM bakeries, which was was there that we actually dealt a lot of cyber security issues together. Currently I'm actually a partner with.

00:04:00 Mike Delaney

And also because it might show up when we went to office just about anything I can get my hands on, but I'm a corporate worried about it. And so, you know, power tracks and triage too. I think it's like.

00:04:06

It shouldn't.

00:04:11 Kristin Demoranville

Maybe a little therapy as well.

00:04:13 Mike Delaney

Sometimes I'm the therapist, sometimes I'm.

00:04:15 Mike Delaney

Needs the therapy, but.

00:04:17

At.

00:04:18 Mike Delaney

So while I was at CSM.

00:04:20 Mike Delaney

I I dealt with risk management, adults, legal, HR worked with Kristen directly on some cybersecurity matters for the prior to arriving at CSM and for T and I was the general Counsel with two different logistics companies. One it was from the business called Miracles, big temperature warehousing business and another which was outside of food that was more.

00:04:40 Mike Delaney

Excellent service ports. It was Caterpillar spinoff entity and began my career practicing law for so I did that for about 1415. Me sold myself out of a job and we sold CSM. So if you're in back in the well practice and actually haven't.

00:04:52 Mike Delaney

Found.

00:04:52 Mike Delaney

It would have probably.

00:04:54 Kristin Demoranville

More of a work life balance for you too, because I feel like sometimes things just got wild 24 by 7.

00:05:00 Kristin Demoranville

And A food production company.

00:05:02 Mike Delaney

We, you know, as as one of our colleagues about used to say all the time, there's never a dull day at the bakery we don't have and a lot unfortunately, in the computer cybersecurity.

00:05:08

Now.

00:05:14 Kristin Demoranville

Yeah, there's a lot going on, but there's some still some good people are helping out, whatever that company.

00:05:20 Kristin Demoranville

It's like now I do know that and I still consider.

00:05:23 Kristin Demoranville

One of my former.

00:05:24 Kristin Demoranville

Years and by profession, really getting to know that side of the house. And also I was so exposed to the executive side. I mean I was with you guys all the time and on top of being on the factory floor dealing with whatever was going on there, I think that gave me some really interesting insight on the inner workings of how a food company works and expectations.

00:05:44 Kristin Demoranville

And even some of the ramifications. I remember sitting in your office, Mike, and we would just be rifting about this bad stuff. What's this to what's going to happen now?

00:05:53 Kristin Demoranville

The kind of thing or.

00:05:54 Kristin Demoranville

Or you would be educating me on the best course of action for what's going to happen with whatever's.

00:05:59 Kristin Demoranville

Happening and I should let everyone know too that Mike actually was the one that pulled me into my first crisis room for my first official breach that happened at a company. So that was a that was a Good Friday. And I remember that was a long weekend. We were supposed to have. Then everybody checked out. What, 2:00 that afternoon, normally out at the corporate office. And Nope, you and I were stuck there until, I don't know what time and actually.

00:06:19 Kristin Demoranville

That was a that was an easy breach and I have quotations up. Nobody can see. It wasn't ultimately the worst thing in the world. It just kind of stunk for the people who were.

00:06:27 Kristin Demoranville

Involved, but yeah, you never.

00:06:28 Kristin Demoranville

Forget your first breach, right? Yeah.

00:06:32 Mike Delaney

Well, you know, and if you really think about our experience together, that's yes. And what we're doing and and our roles and what other people were doing, we were transforming that business. Yeah. And if you look at kind of the position of where food industry is, the kind of adoption of IT and the adoption of of the dependency on IT.

00:06:51 Mike Delaney

It is, it is, and it's documented that it's, you know, it's behind a lot of it is a much more traditional, much more.

00:07:00 Mike Delaney

Looking custom stuck in old practices and it is only really recently begun, but from any sort of really large companies to accelerate into the IT world and one of the things that you and I did there and we went without catastrophes to go low and that we we were part of the team that took English most of computer systems and were forced to where our fees.

00:07:20 Mike Delaney

Just too quickly into one place. Yeah, a lot of.

00:07:21 Mike Delaney

The companies aren't even there yet.

00:07:23 Mike Delaney

But then you know, and we'll talk further about it. But the once you get those platforms where those ERP's and they start plugging in all of these places where I know you start to create them with the vulnerabilities from my.

00:07:32 Mike Delaney

TV and authoring devices. And I think that's where this push to modernize the food system, which is a necessity, is really it's a two, it's got two sides of the sword we have you know the necessity, the efficiencies and the cost drivers and everything else. Every time you do these things, you increase probabilities.

00:07:52 Mike Delaney

And that's, that's where I think we're going to be continuing to drive through, but that would be where I think she would in itself continues to struggle is, is it's growing into the technology, but yet it is not ready for the challenges that.

00:08:06 Mike Delaney

With in those bad actors that want to do.

00:08:08 Mike Delaney

Naughty things. So.

00:08:10 Kristin Demoranville

Well said. I think also too, there's been so many incidences that I can.

00:08:14 Kristin Demoranville

Pick off the top.

00:08:14 Kristin Demoranville

Of my head about, you know, the companies are gone digital. They've got these digital processes, it's great. Things are running and then they get hacked and now they're screwed because they don't have a good proper business continuity plan. They don't have a good disaster recovery. It's a mess.

00:08:27 Kristin Demoranville

And then they have to move to analog and we kind of experience some of that when we were doing as you mentioned the ERP system upgrade, we were struggling with it and had to go on paper. We have trucks waiting. It was a mess. I want to say I want to go on record again saying that my factory that I was at for that whole launch of disaster was the only one to get trucks out that day. You're all welcome. So because we got it out on paper.

00:08:47 Kristin Demoranville

As we rolled back to analog processes, I still think there's a place for that as a disaster recovery moment, and I'm glad that we followed it that way when a lot of places are finding they can't roll back that anymore, they can't go back to paper because nobody knows.

00:09:00 Kristin Demoranville

How to do it? Because legacy knowledge was lost and This is why people in process, especially learning that and back in the bakery days was you do something they're going to take it apart or they're going to circumvent it or they're going to do whatever they want. I remember I was standing in one of our factories in Buffalo. I will never forget. I was walking through the warehouse and it was it was full. It was.

00:09:20 Kristin Demoranville

Towards the holiday season.

00:09:21 Kristin Demoranville

And there was a scissor left in the.

00:09:23 Kristin Demoranville

Middle of one of the aisles and I kind.

00:09:24 Kristin Demoranville

Of like poked my.

00:09:25 Kristin Demoranville

Head around and I was like, what's going on? Maintenance manager was up there unhooking one of the access points to move it back 10 feet.

00:09:31 Kristin Demoranville

Because nobody did a Wi-Fi heat map scan to find out that the Wi-Fi want to go through bags of flower. And I sat there and I was like, who would have ever thought the Wi-Fi wouldn't go through bags of flower? That seems absurd. Like, why are we having this conversation? But that's the kind of stuff that the food industry is dealing with on a daily basis. They lose access. They can't work, they can't pick orders, they can't get the.

00:09:51 Kristin Demoranville

Ingredients delivered to production. He can't keep moving, so of course, naturally they would circumvent any of my security controls and just go do whatever they wanted because we didn't have it on some of these sites. And this is very.

00:10:02 Kristin Demoranville

We were just discussing this before we started recording. There's not enough people or personnel to be that SME or be that person, and that role on site at all times and because of that, somebody makes themselves the official IT security person and then does things without blessing and potentially becomes an insider threat. I saw that time time again.

00:10:21 Kristin Demoranville

Any factory I've ever stepped into didn't matter if.

00:10:24 Kristin Demoranville

It was food.

00:10:24 Kristin Demoranville

Or not. There was always a few people that just took it upon themselves to circumvent.

00:10:29 Kristin Demoranville

Because it was halting production and safety. If those two things are interrupted, they.

00:10:33 Kristin Demoranville

Don't want it?

00:10:35 Mike Delaney

In my experience, I mean this is not a cyber issue that I experienced circumventing my role Prior to joining. Fatalities resulting from the voidance or the.

00:10:49 Mike Delaney

Safety because they were viewed as hindrance to.

00:10:53 Mike Delaney

The operation getting.

00:10:54 Mike Delaney

Things done so they did. They had these workarounds and things eased.

00:10:57 Mike Delaney

Up where I get worried about.

00:10:59 Mike Delaney

When we start continue.

00:11:00 Mike Delaney

Going to enhance and get more dependent upon computer systems in our technology. If you recall the whole point of putting in our ERP.

00:11:08 Mike Delaney

Still was ordered cash, right? So live the whole life cycle of product. Now you may have opportunities where individuals can go in and do things like you mentioned moving access points, data points, you know, Wi-Fi points. But then there's also the the other risk where it's inflexible and you're not able.

00:11:26 Mike Delaney

To do a work around.

00:11:27 Mike Delaney

And someone makes an intrusion into your system and messes up your supply delivery to your manufacturer, and it seizes up and stops, right?

00:11:39 Mike Delaney

About yeah, we experience when we flip the switch turning on our ERP system. It wasn't ready yet and and where we really saw issues, this warehouse rigid nature of the computer system was like I need you to pick that pallet out. Ohh yeah, I realize it's 10 pallets behind the other ones but move all those and get that one. You can then roll that local because that's.

00:11:59 Mike Delaney

The one that I know.

00:12:00 Mike Delaney

Has the right numbers on it, and if you you can just speculate. All kinds of different ways that actors can infiltrate your system and those chaos that isn't even putting someone in danger or anything else just simply mess it.

00:12:11 Kristin Demoranville

Up just chaos. Just chaos agents.

00:12:14 Mike Delaney

Yeah, itself it it takes so much time and money and they could put the company into bankruptcy.

00:12:14

And fixing payoff.

00:12:20 Mike Delaney

You can't deliver your products, so it's still with risk.

00:12:23 Kristin Demoranville

There's so much, and we're not even touching, like the food safety aspect, because if you got that component in it, then if you have chaos and A food safety problem.

00:12:30 Kristin Demoranville

Or potential food safety problem where there's contamination or any kind of adulteration.

00:12:34 Kristin Demoranville

On the line.

00:12:35 Kristin Demoranville

Or any of that other stuff. Then you've got a catastrophe happening. We narrowly avoided some of those, but I think.

00:12:40 Mike Delaney

We also went.

00:12:41 Kristin Demoranville

Through some of those. And I'm not saying like there was food safety issues necessarily, I'm just saying like every day presented a new set of things and it was always some type of, as you said, fun times, the bakery.

00:12:50 Kristin Demoranville

You know in general and.

00:12:52 Kristin Demoranville

And people think that this doesn't happen.

00:12:54 Mike Delaney

When you think about it like, I mean if you put pick a band name brand company on Laura's calls because you know they had.

00:13:00 Mike Delaney

Reach. Yeah. And that's a company that people will recognize and say. Yeah, I could see why they would attack a massive beer distributing company, you know, brewery, because, you know, they're billions of dollars. They have notoriety. You you can, you can export them because they're worried about bread, reputation, cars. You take my little bakery company now. You and I both know that folks probably eat our food at least once a while.

00:13:20 Mike Delaney

When we were there once a week because we supplied all of the major goodie shops that.

00:13:24 Kristin Demoranville

You know all those favorite roles that all those favorite restaurants? Donuts.

00:13:28 Mike Delaney

And everything else so.

00:13:29 Mike Delaney

But our company was not well known and yet we had a fair share of people attacking us. We would from infiltration where we had people behaving as if, you know, a false presidents and our our CEO, they smooched her IM capacity and that inferred she would send chats to people and they get very casual way you know emails or.

00:13:50 Kristin Demoranville

She got hit. She also got hit with a she got connected to a pineapple in an airport and for those who don't know, the apple, it's a spoofed access point for Wi-Fi. And you can connect to.

00:14:00 Kristin Demoranville

I think you're connected to the airport Wi-Fi, but you're not. This is why you need a VPN, by the way. If you're going to do that, yeah, she connected and they they ripped off her Active Directory, username and password. They walked her out every 5-6 minutes. They were.

00:14:11 Kristin Demoranville

Infiltrating her e-mail.

00:14:12 Kristin Demoranville

It only lasted like a couple of hours, but we were kept saying you need to change your ID and it it took a while for her to.

00:14:18 Kristin Demoranville

Understand why? Because that's not her world. She doesn't.

00:14:20 Kristin Demoranville

Just wants to work.

00:14:21 Kristin Demoranville

About who?

00:14:22 Mike Delaney

You when?

00:14:22 Mike Delaney

Not a a brand name that consumers.

00:14:24

Request but we.

00:14:26 Kristin Demoranville

Supply the ones that people did recognize, and that's why people need to realize the supply chain attacks don't go after the big players. They go after the the small, the medium players we.

00:14:36 Mike Delaney

One of the reports I was reading talking about.

00:14:39 Mike Delaney

Kind of the state of play in in 2023 and 24 pinpointed that exact issue was a lot of folks don't understand how complex the supply chain is in the food. Yeah, they don't. But because you don't see it, it's if you are a consumer, you buy your food at the grocery store or how it arrived there, where it came from. It's really not that relevant, you know you.

00:14:59 Mike Delaney

Rushing through and your kids are crying in the car, you're just trying to get home and make dinner and you don't really think about where the frozen food, you know, not other. Say there's a a number of warehouses around every major metropolitan area warehousing, you know, multiple days where it's true because it was just in time inventory. It's a level.

00:15:16 Mike Delaney

And those organizations have been breached by former employer, was breached more than once to the program, took them off line for well over a month. They had analog as well. They they had anything with push all of their employees in the main office out to their homes because they could at least regulate access there. But they were really warehousing.

00:15:37 Mike Delaney

In transportation and then produce them, but they they.

00:15:40 Mike Delaney

Were, you know, right in the middle of whether or not you're getting your.

00:15:43 Kristin Demoranville

Yeah. And it's just chaos. It causes chaos, cause disruption is actually, I think, sometimes worse than the financial ransomware, you know, just the straight up. Give me your money or I won't give.

00:15:53 Mike Delaney

You your stuff back. Well, statistically, least the recent recently or ransomware attacks or probably like 70% of what people were saying. Yeah. And I think that that that quick.

00:16:03 Mike Delaney

And you know those bad actors? They're criminal.

00:16:06 Mike Delaney

And and before we started recording even, they're talking about, you know, one of my bigger fears now isn't so much the the bad guys. They're always going to be a staying at play that we have to worry about. There will probably be a point where we can even ensure for it better than kind of we are doing now. There are there are there are solutions or at least ways to mitigate. We're I'm getting more concerned is when.

00:16:26 Mike Delaney

Food security becomes part of a Cold War effort, World Whirlwind war.

00:16:33 Mike Delaney

We are, as you know, a bad actor state. Let's pick on Russia because we know they're quite active, it's, you know.

00:16:39 Mike Delaney

Politically, right. I mean you want to.

00:16:41 Mike Delaney

You know, read blogs, not that attentive responses or, you know, Russian bot. If they took advantage of the vulnerabilities of our food supply chain to not even do anything super nefarious like kind of poison when it just mess it up and then start an information campaign.

00:17:01 Mike Delaney

I really think that that is where we're going to see a lot, because really that unfortunately a lot of it's true, right on, you know, it must be true. Yeah. So I I'm really worried that that may be an area where we start to see and we're not.

00:17:16 Mike Delaney

We're not all on.

00:17:17 Mike Delaney

Board with that yet and we still have a.

00:17:19 Mike Delaney

Lot of friction.

00:17:20 Mike Delaney

Business community that another example of of attempts to approach this and regulate it and living was 23 in the EPA or 22 had come out and put on some mandates on or at least some some effort to prescript approach.

00:17:35 Mike Delaney

To dealing with water security, yeah, each circuit basically. Basically cohoba they said where where he we think you're overstepping and then the EPA is just like, you know what, we're having his head, what he's talking about. This is happening now. That's what I said that the law is going to always whack where it's going to be dealt with is in the trenches.

00:17:37

And and.

00:17:55 Mike Delaney

When you're called in because there's a breach or who called in, like, how do we have the legal side?

00:18:00 Mike Delaney

Risk side of it but that.

00:18:01 Mike Delaney

Day is going to be.

00:18:02 Mike Delaney

Much slower. Yeah, the the.

00:18:04 Kristin Demoranville

Water situation is is quite frustrating. I have some professional friends in the water sector and they're just shaking their heads at this point. However, I do think that there'll be cyber security regulations and water within the next two to four years. It depending on what happens with our political situation.

00:18:20 Kristin Demoranville

But if water grows, then the food industry and agriculture will go next, in theory. So I'm here for it. Let's bring it on. But I want it to be proper.

00:18:29 Kristin Demoranville

And well, peer reviewed and well constructed. I don't want to just have have a simulated exercise every three years. I that's not good enough. That is certainly not good enough. If this is coming into as you fear cyber warfare, we're going to need to do every more than every three years. We're going to need to do it pretty regularly and.

00:18:46 Kristin Demoranville

That's something that's really frustrating.

00:19:00 Kristin Demoranville

We've announcement everyone, if you're interested in ICS OT cybersecurity, whether you're a student, an industry newcomer or a seasoned pro besides ICS, OT is the place to be. Join us on February 10th in Tampa, FL for a day packed with practical learning, real connections and insights into securing.

00:19:19 Kristin Demoranville

Vertical infrastructure. This event is designed for everyone, no matter where you are.

00:19:24 Kristin Demoranville

In your career, besides events are known for bringing people together, and this is the first besides focused on ICS OT security and for all the women in OT and ICS cybersecurity. Don't miss the women and ICSI cybersecurity reception that evening, ready to be part of something impactful. Visit bsidesics.org for tickets.

00:19:44 Kristin Demoranville

Speaking opportunities and more also if you are planning on attending US four in Tampa, it's the day before check out the website and hopefully I'll see you there.

00:20:00 Kristin Demoranville

I'm really glad you hit on the disinformation misinformation kind of conversation because this is something that is an active part of cyber warfare. I do have a tip for everybody. I do know one of the Co founders of disarm, which is a framework that helps deal with this, and it's great if you get a chance to look at, I'll put in the show notes. But one of the things that was said recently to me about this was if something you read on the Internet.

00:20:19 Kristin Demoranville

Causes you to have an emotional reaction. You need to distrust to the mediately whether it's positive or negative, because that means that it's more than likely you are being influenced in some regard.

00:20:29 Kristin Demoranville

We need to stop that, but we have to start looking at things differently because we're in a different world now. We can't just go down to our neighbor and get a recipe for brownies. We just go on the Internet, right? But should we trust that particular recipe? Maybe they put too many eggs in it. Then you have more like cake. Like that's not going to work. Or maybe it does. Maybe that's what you want. So I.

00:20:45 Kristin Demoranville

Think because we've.

00:20:46 Kristin Demoranville

Lost community and a trusted community. Now we kind of have to rebuild what that looks like.

00:20:50

MHM.

00:20:50 Kristin Demoranville

So I'm glad you brought that up, because I think that's something that I feel that the food industry as a whole is gonna have to deal with really heavily, especially since you have consumers.

00:20:58 Kristin Demoranville

Involved you have.

00:21:00 Kristin Demoranville

This tracking now traceability is a huge thing in the food industry. It's huge. Now what does that mean for data? Where is that going? Who's protecting it? How much are we tracking? The consumer? Is the consumer going to be able to follow the seed that made their bread all the way through the chain accessible? We're going to give them access to I.

00:21:16 Mike Delaney

Mean that's, you know, and and and and.

00:21:18 Mike Delaney

The question that I have and then.

00:21:20 Mike Delaney

You know, like and I'll defer to those that are much more savvy in technology, but you know there's been discussion about, you know, rely on blockchain, all sorts of technologies to help map.

00:21:29 Mike Delaney

Forward to tape kind of blasts. Yeah. You know? And and I drink the bleach is is that blockchain is somehow infallible, which I don't think it's true, but you you have those the risk that creating, you know when we need because I think it's important to know where your food comes from. Traceability paradigm creates a dilemma because it is yet another point.

00:21:50 Mike Delaney

Where they can intrude and insert New York chaos where they can change the facts well in traceability.

00:21:56 Mike Delaney

Path yes and.

00:21:57 Mike Delaney

Then that's where you start them to build on.

00:22:00 Mike Delaney

The other side of it, the misinformation, you know, you can create chaos. You can create a panic and at a very basic level, and particularly if you did it during a point where maybe everyone's in heightened level of panic, right? What if somebody did that during the COVID, right. We're we're all paranoid about everything anyway. And now all of a sudden someone came in and attacked our food chain, and we can't even trust, you know, where our fruits coming from with the moment.

00:22:22 Mike Delaney

Because it's it's a real challenge we have and it is a.

00:22:27 Mike Delaney

Well, I know.

00:22:27 Mike Delaney

You've been in this sector for quite a.

00:22:30 Mike Delaney

For the common person, this is a newer, newer you know reality. This is, you know, well, we've seen, you know, I think we all now have the pleasure of having our Social Security numbers now hacked and distributed. It's impacting people on a much more routine basis, right? Yeah. In your basic e-mail, you're probably getting spoofed emails from.

00:22:49 Mike Delaney

You know the various scams out there.

00:22:51 Mike Delaney

All the time.

00:22:52 Mike Delaney

And you got and then you click on one but you know UPS.

00:22:55 Mike Delaney

Wants to tell.

00:22:56 Mike Delaney

Me desperately about this package that's sitting in the warehouse that I, you know, I must click on the link to get the information. You know that e-mail doesn't come five times a day. It's it's not coming. So that the the fact is.

00:23:07 Mike Delaney

Is we're all vulnerable.

00:23:09 Mike Delaney

These hackers are, you know, they're they're testing everywhere they can, and they're pushing into every sector, every business by prior washer and infiltration and and had a number of clients have data access issues as a result. It's not good, it's not. And one of the largest food ministers out there was a.

00:23:28 Mike Delaney

Client had thousand of their employee records were accessed.

00:23:32 Mike Delaney

It pierced through the law firm to get to, and so, you know, and obviously and the law firm to their credit, we had lots of training, we had lots and lots of cyber training and we talked about fishing, they would do, they would come in and get an e-mail and it would be like you know, hey, Mike, here's a a document we need to continue to work on. You know you can click this link to get access to the the data.

00:23:52 Mike Delaney

Real site and I sent it to the IT guys. I'm like I don't think this is real. We're like, oh, congratulations. You figured out our little trick of the day.

00:23:59 Mike Delaney

You.

00:23:59 Mike Delaney

Know cause they could test us. Yeah, it's a constant. And. And so food manufacturers are are gonna face it and it's not.

00:24:06 Mike Delaney

Their own systems. They've attacks from all different like we talked about. They could be the manufacturers making doughnuts. They're fine. We have a truck and that trucking company. And it is it is a complex web. We have to supply food to our country and we initially came out in food security was not focused on cybersecurity or even protecting the food.

00:24:26 Mike Delaney

Itself, but more food security was the security of.

00:24:29 Mike Delaney

During your next meal.

00:24:30 Mike Delaney

Is going to.

00:24:31 Mike Delaney

Inner cities work rural communities that that would have a lot of access.

00:24:35 Mike Delaney

To food that their.

00:24:36 Mike Delaney

Family Dollar. That's it. You know they have food insecurity. So that was where our mind was a decade ago. Food and everybody was getting food. Now food security is not just getting food, just making sure the foods edible. It's safe. And that once it's gone off the shelf, this truck's going to come and.

00:24:51 Mike Delaney

So getting more complex and we think technology as much as it's supposed to make lots easier and it will, it also makes it do with I think.

00:24:57 Kristin Demoranville

Exactly.

00:25:00 Kristin Demoranville

Yeah, and I I.

00:25:01 Kristin Demoranville

Think I forget sometimes the the lack of knowledge that people have. How cyber attacks happen or what they act where they're coming from. I I feel like people read the news and or I think they listen to the news so I assume they kind of know where it comes from, but then it dawns, I mean they don't really do it justice. Wait, before we get on the call, you mentioned that these are all shell companies. They have their own marketing teams and their HR.

00:25:22 Kristin Demoranville

Themes and they act like a normal corporate environment, but they're Hector gang, you know, and some of those people are forced to work there because extortion and other things it is, it's not just the the hacker and the hoodie any longer.

00:25:34 Kristin Demoranville

See.

00:25:35 Mike Delaney

They got they got brand names. They gotta.

00:25:36 Kristin Demoranville

Like rock bit black cat. Yeah, yeah.

00:25:40 Mike Delaney

The FBI don't worry about.

00:25:41 Mike Delaney

One called ******. I don't know if that's the.

00:25:44 Kristin Demoranville

Movie you I don't know.

00:25:45

But but.

00:25:46 Kristin Demoranville

I I just, I find it to be really interesting. I don't know if you've seen the movie The beekeeper yet. Jason Stamos's new one. It's actually all about what happens when a scam artist.

00:25:55 Kristin Demoranville

And some hackers get in and steal money from an older woman, and what he does.

00:26:00 Kristin Demoranville

To them, I feel like it's a victory movie for all of us who work in the industry. However, it is quite violent, but I do feel like it's an important movie for people to watch. As if you could stop a violence to understand that the extreme links that they go to to get your money and how they scam people, especially the elderly, and as a human being, it's just so frustrating that.

00:26:19 Kristin Demoranville

Humans are so awful.

00:26:20 Kristin Demoranville

To each other, you know, like it's this.

00:26:22 Kristin Demoranville

It's absurd, but this has been happening on every level since the dawn of time. Extortion happens and there's just some new way of doing it. But it's it's exactly and it's in. It's in real time for us because we're seeing it. Thanks, Internet. And it's hard. So I think a lot of it comes out to awareness. So I appreciate it that you had an awareness moment with me because and then reminding me that I need to be more proactive in explaining it to people.

00:26:43 Mike Delaney

And people live in their own experience, experiences and whatnot. So and you, you segregate IT, knowledge by generation.

00:26:51 Mike Delaney

To you know, you compared me to my children. My children are much more sad. When my kids first wanted cell phones, I would tell them they can get it the same age. I got my first phone 1st and as well after college because yeah, they were invented yet. But you know, when you look at my parents and well, I find them quite savvy for their age, they certainly have more trust then I would give.

00:27:12 Mike Delaney

The Internet, and I think that, you know, that's another aspect of it that people don't quite understand how easy it is to behave badly.

00:27:21 Mike Delaney

Through, you know, the Internet and information technology and.

00:27:21

Yep.

00:27:26 Kristin Demoranville

I have to say I'm grateful that my parents actually text me or send me a screenshot of something they get and ask me if it's legit and I'm always like no, delete it. This is my whole thing. If it's really important, they will get back to you. If you delete something they will get back to you it.

00:27:38 Kristin Demoranville

Does I've said this? I think my whole career I've probably said it to you.

00:27:41 Kristin Demoranville

Four or five times by just delete it if.

00:27:42 Kristin Demoranville

You don't know what?

00:27:43 Kristin Demoranville

It is. They'll get back to you, or they'll call you.

00:27:45

Yeah.

00:27:45 Kristin Demoranville

Now I just wanted to quickly give you a moment to talk about your role as a corporate lawyer in a food company who don't know what that means. I think lawyer and a picture, maybe a courtroom or they picture paperwork or something like that, but sort of like a day-to-day at in a food company that you would deal with as much as you could.

00:28:01 Kristin Demoranville

Probably disclose just a quick snapshot of what that looks like.

00:28:04 Mike Delaney

Yeah. So I'm. I'm certainly not a law talking guy. I I don't. I don't go to. No, that's not what I did. You know, sometimes the day was mundane. Sometimes it's negotiating a supply agreement with your flower distributor that's going to be.

00:28:16 Mike Delaney

A multi year.

00:28:17 Mike Delaney

Agreement millions of dollars and it would take months and months to negotiate. Sometimes it was dealing with.

00:28:22 Mike Delaney

Unfortunate accident or incident in the facility.

00:28:24 Mike Delaney

And we know we're dealing.

00:28:25 Mike Delaney

With on the, the safety and health of our employees then too dealing.

00:28:29 Mike Delaney

With what happened?

00:28:30 Mike Delaney

Why? And is this emotion issue? Do we need to report it? Those were teammates when it came down to the cyber security side. You know, it ranged from the early days of, you know, when we learned of an incident forwarding that.

00:28:42 Mike Delaney

Task force to get in the room and figure out what's going on. I think food in general is is advancing because now we're looking at more robust recovery plans. I think cybersecurity is now finding its way into there, you know, but we would focus on that. And you know sometimes.

00:28:58 Mike Delaney

It was. I had the board of directors.

00:29:00 Mike Delaney

Something and had to go deal with that and.

00:29:01 Mike Delaney

They played a.

00:29:02 Mike Delaney

Role in cybersecurity because, well, again, it's an issue that popped up was full line for for our last company because we were doing such a large revision to the IT infrastructure. So the board was very much involved in that and listening, learning and watching it when we did it at enterprise risk management assessments, we IT was always top up.

00:29:21 Mike Delaney

Right. And usually one of the higher.

00:29:22 Mike Delaney

Risks we had.

00:29:23 Mike Delaney

Yeah, as we implemented our system and eventually worked through the bumps and issues that we had actually ran.

00:29:30 Mike Delaney

Risk assessment moved and that was one of my roles was was was a risk manager. I worked with our risk manager and we.

00:29:36 Mike Delaney

Do this assessment.

00:29:37 Mike Delaney

Review with the board. It moved from the system itself, running to worrying about what issues that could come in, and it halts and would often look towards insurance and and you and I and pass have talked about whether or not insurance is a good way to go. I have a lot of faith.

00:29:51 Mike Delaney

In the insurance business, I think they're usually ahead of the game in terms of pricing risk, seeing risk IT, I think they.

00:29:56 Kristin Demoranville

Struggle with cyber is even worse. Yeah, it is.

00:30:00 Mike Delaney

It is an area. Again, it's a new issue. It's it's not that it's it's, you know, but around that wall. Listen, it's one I think you know they're they're trying to create products that aren't necessarily caught up.

00:30:11 Mike Delaney

To the issues.

00:30:12 Kristin Demoranville

Yeah. And they don't know how to underwrite for it just yet either. There's not enough cybersecurity expertise or IT expertise in the industry. It's getting better. Yeah, but it's not quite there.

00:30:21 Kristin Demoranville

Yet no, no.

00:30:21 Mike Delaney

And and yeah, before we got on, we were talking about a lot of Western world IT, cyber security management.

00:30:31 Mike Delaney

Uh-huh. We've seen incidents occur in one of the bigger ones in the recent years was when JBS had its its rehab. When we attack and that would really rippled through the industry and raised awareness to this problem. But it certainly wasn't the only 160 seconds last year alone that had some sort of attack.

00:30:49 Kristin Demoranville

That we know of.

00:30:51 Mike Delaney

That's actually what I want to segue into that because one of the things about cyber security and the risks that go along with it is.

00:30:58 Mike Delaney

If an event happens.

00:31:00 Mike Delaney

If it's, if it's material enough, it can really, really hurt your reputation. It could hurt your bottom line, which usually if your reputations hurt your bottom, that's quickly. So getting information out more place is important. However, when you're dealing with private management team, they might not want to get that out. And if they can contain.

00:31:20 Mike Delaney

Control it and prefer not to let anybody.

00:31:22 Mike Delaney

Other than a board.

00:31:23 Mike Delaney

Know what they just went through? That's changed in the.

00:31:27

So.

00:31:28 Mike Delaney

Starting in December of last year, the the SEC added another reporting requirement to companies that are publicly traded, and this applies to a lot of food companies that, if they have a cyber incident happen, they have a responsibility to report that to the investment community.

00:31:46 Mike Delaney

I mean props that there's there's all kinds of nuances to it. It's hold the four me hang and the four and 8K is really just it's a current report and there's a list of many different activities that happen that companies have to routinely report.

00:31:54

MHM.

00:32:00 Mike Delaney

The shareholders and the rationale is, is it's information that should be out in the streets so they can make an assessment on what their investment and the SEC is. You know share it with everybody, it's there.

00:32:10 Mike Delaney

When it comes to cider, they decided to add it as one of the discord item 105. It's if you have a cyber incident that you determine this material to your company, you will require to report it to the shareholders and to the investment community at launch.

00:32:26 Mike Delaney

The problem is when do you know that it's material and there have been incidents and the example we met prior offer when they had the infiltration and this large food manufacturer had its issue and this is all public by the way not using names but but it's public information when that happened took them months to kind of.

00:32:40

Yeah.

00:32:45 Mike Delaney

Figure out and get their arms around how far these folks had infiltrated the information that they.

00:32:51 Mike Delaney

Of course so.

00:32:52 Mike Delaney

Whether it was material or not was not something they could decide the SEC because this is important information that's happening in real time full of the companies need to report this within four business days of making determination. That's material companies.

00:33:05 Mike Delaney

Have played that.

00:33:05 Mike Delaney

And well, I don't know those material yet, so I'm not going to say anything. The SEC hasn't really been going on that.

00:33:10 Mike Delaney

It's like, no, the whole point.

00:33:11 Mike Delaney

Closest to what people really have. Yeah. And you think it's going to be material. So they've they've worked around that a little bit and they've said to companies that, hey, if you don't know if it's material, our advice is support it and there's a way under the SEC that you filing structure that you can report it and not have.

00:33:25 Mike Delaney

Liability. So you can come out and say, hey, guys, I don't know if this is going to be what it is yet, but we're going to let you know we have this infiltration. We're currently assessing it. If we deem it to be material, we will let you know. Yeah. So that's one way that they've done it. But but again, the whole point is information of these events is not necessarily always about public company world. It's becoming more available.

00:33:45 Mike Delaney

Because yes, he got involved. There is an exception to that I mentioned to you earlier. Before we go over on the call that there are exceptions if the DOJ or FBI are.

00:33:53 Mike Delaney

Involved and that you.

00:33:54 Mike Delaney

Will, when an event happens often times there were the first few. They get a call. If it's bad enough.

00:34:00 Mike Delaney

Yeah. And they may have an interest in maybe coming to public company and saying, hey, hold your horses. Don't let the cat out of the bag on this yet. We have a lead. We don't want it, you know, scare it away or have them cover their tracks out there in the Internet world would be this is actually a bigger issue than just you. This is a national security problem. They attack multiple manufacturers at once. Don't say anything.

00:34:20 Mike Delaney

I think there is an exception that you can work through all of the requires you're working with your attorney and everything else but.

00:34:24 Kristin Demoranville

That's why it's important to report too.

00:34:26 Kristin Demoranville

So they can have that evidence to gather, to catch the bad guy or gal.

00:34:29

And again that.

00:34:30 Mike Delaney

Goes back to the that balancing that desire not to come in the cause of reputational problem and maybe buckle it up. Your victory pants and say that if you have a problem we just gotta fess up and let's just do you know what?

00:34:41

Yeah.

00:34:42 Mike Delaney

They're happening all over the place anyway.

00:34:44 Mike Delaney

You're not the only one.

00:34:46 Kristin Demoranville

I always say there's it's a running joke in.

00:34:48 Kristin Demoranville

The industry that if you haven't been hacked.

00:34:49 Kristin Demoranville

Analogic Company and I say that in jest but.

00:34:51 Kristin Demoranville

It's true, I.

00:34:52 Mike Delaney

Mean looking at the numbers, I would buy them to say that just about everybody has.

00:34:56 Mike Delaney

Somebody trying to attack.

00:34:57 Kristin Demoranville

Yeah, but it's, it's about the. Yeah, exactly. And.

00:35:00 Kristin Demoranville

That's about the larger problem. It's how many times is this particular bad actor been causing this problems? Because I don't think a lot of people realize that when 1 hack is happening, it's actually several that have been released. It's not just way punched your one company because you're the most special one out there. No, they like scatter spray at the same time. So it's more than one. And the FBI needs that information because they're going to catch the bad guy. That's what they're going to do. That's.

00:35:22 Kristin Demoranville

What the FBI does, they're not going to fix the problem. They're not going to do anything for you. They're just going to say thanks for the information. Give me all of that information and I'm going to go do my job.

00:35:29 Kristin Demoranville

And I think it's important for people to know that you're helping the community by doing that aspect. It's not about shame they don't care. They just want to get the information and get out as much as they don't want you to have them there either. And I think that the information sharing issue is a huge problem. You could still talk about this like you and I are talking about it in a.

00:35:47 Kristin Demoranville

Way.

00:35:47 Kristin Demoranville

That's you're not typing out which company it is, but you could talk about. OK, I have.

00:35:51 Kristin Demoranville

Problem you know, you know what kind of industry I'm in, but you know, like, what do I do? And I think it's super important that people look at scenarios and they do these exercises in the planning and then they come up with playbooks. What's going to happen? How are we going to get through this moment? I have so many times I've had the food industry say to me, what happens if I I'm in a cyber attack? How will I know? You'll know.

00:36:11 Kristin Demoranville

Like you just know there's something about it. It's sort of like, you know, when an earthquake is happening, you just kind of know what's happening and sort of kicks in somehow. But what do you do after that effect? Like that? Knowledge. Where's your stop?

00:36:22 Kristin Demoranville

And roll, right, that's the. That's the disconnect I'm in right now with a lot of people is OK? Yeah, we've got a problem. But chaos here. I don't know what to do. I don't how to sort the chaos. And I feel like it's a responsibility of certain individuals inside these organizations, whether it's the corporate lawyer certainly should be the security team to kind of cut through the noise and say, OK.

00:36:42 Kristin Demoranville

Here's the things we need.

00:36:43 Kristin Demoranville

To do right now, Ground Zero, let's do this.

00:36:46 Kristin Demoranville

Set of everybody's running around the inflatable two people which I feel like happens quite often, and I think people sharing that information and maybe even some of that burden and struggle of, hey, I had this happen last year. Did you guys have anything like that happen in your social professional circles should be done more often, but there should be more conversation around.

00:37:06 Kristin Demoranville

What the incident was, what they tried to go after, how did they get in those kind of things so people can fortify. You don't want this to happen to everybody.

00:37:13 Mike Delaney

You know.

00:37:14 Mike Delaney

Again, I think as it becomes more and more what is part of kind of you know, the hazard assessment process, the the push to include silver as part of the recovery disaster planning.

00:37:27 Mike Delaney

Having a framework you know, like kind of an example of having a framework is most food manufacturers have have a program in place.

00:37:37 Mike Delaney

Recalls like, we have contaminated food that we.

00:37:38 Kristin Demoranville

Uh-huh.

00:37:40 Mike Delaney

Have left that's left our factory. What?

00:37:42 Mike Delaney

Are we going to do? How?

00:37:43 Mike Delaney

Are we gonna?

00:37:43 Mike Delaney

Yeah. How are we going to make sure that it doesn't go inside?

00:37:46 Mike Delaney

Of consumers mouth and make it hurt, I mean.

00:37:48 Mike Delaney

Really today the overarching problem here we.

00:37:50 Mike Delaney

Can look at bottom lines and all that stuff matter is, is food and medicine are probably the two things.

00:37:56 Mike Delaney

Created that people ingest. Yes, traffic consequences, not even if it's like the Tylenol pills from the 80s. It could be peanut in your flour, which you.

00:38:05 Kristin Demoranville

Peanut dust peanut dust isn't everything.

00:38:08 Mike Delaney

Child do as an allergy to eat and it could be fatal events or as.

00:38:12

Yep.

00:38:15 Mike Delaney

The executive of the fruit Company would never.

00:38:17 Mike Delaney

Have wanted that.

00:38:18 Mike Delaney

On my shoulders. Ever. So, you know the and and I would I would extrapolate that out. Maybe there's one greedy guy out there, but the.

00:38:19 Kristin Demoranville

Now.

00:38:25 Mike Delaney

Truth is no.

00:38:26 Mike Delaney

Leader no executive, no employee of the company, would want to see their product have that consequence, so you know.

00:38:34 Mike Delaney

Not, but it's planning for it. It's worrying about it. So you know, if you take that protocol, we do for recall, we need to have this have the protocol.

00:38:43 Mike Delaney

And.

00:38:43 Mike Delaney

Increasingly become more aggressive when we deepening, having more prevalent, more front and center because as we evolve, you know the ERP system that we put in place, then you start connecting the IoT devices to with more vulnerabilities. You start automating processes where your whole system.

00:39:02 Mike Delaney

Is automated where the ingredients are getting included into the batch without no manual intervention. All of these places or points where somebody can come in and.

00:39:10 Mike Delaney

Something.

00:39:11 Mike Delaney

Yeah, you don't want them to do.

00:39:12 Kristin Demoranville

I've seen it done in labs. I've seen it done lab sure every OT ICS specialist is listening to this right now. All go. Yep, we know we've seen those in our labs before. Everything keeps moving and the green lights still on yet it's been messed.

00:39:25 Mike Delaney

Where as we progress further into our embracing artificial intelligence. Yep.

00:39:32 Mike Delaney

Food is behind on on that and Jack, one of the statistics studies I was looking at, you know, there's about 30 industry, it's just not even interested in taking it on. And part of it is because they they're just they're not that sophisticated. Yeah. You know, they're they're happy, they grandma's old recipe cookies.

00:39:47 Kristin Demoranville

And why would they need the tech if?

00:39:49 Kristin Demoranville

It's working right.

00:39:49 Kristin Demoranville

That's fine, you know.

00:39:50 Mike Delaney

The the problem is is that as we see.

00:39:53 Mike Delaney

The retail community continue to consolidate and continue to become a strong.

00:39:58 Mike Delaney

Supply chain.

00:40:00 Mike Delaney

They require the automation they require the technology, the traceability, you know, sometimes it's automation for efficiency because they're price. I mean, take for example, they I have missions drive those prices to have all the legal, all those competitors we.

00:40:08

Mm-hmm.

00:40:09

Course.

00:40:15 Mike Delaney

See out there with every.

00:40:16 Mike Delaney

Little Oz, you can shave off and cost or a little bit.

00:40:19 Mike Delaney

What you can do and do the delivery process translates to the bottom line. So there's a new chapter by these large retailers to scratch every efficiency they can into.

00:40:28 Mike Delaney

The bags now.

00:40:29 Mike Delaney

That's going to be where I think you see the continued push in the industry, but go back to the AI when you start lending these technologies and you know again vulnerable ports, really smart people who know computers better than I can find ways to get into these organizations through these different.

00:40:43 Mike Delaney

Paths you have reach, you know.

00:40:48 Mike Delaney

So.

00:40:49 Mike Delaney

Just malice, and sometimes it's just.

00:40:52 Kristin Demoranville

Yeah. Or is it nation state, you know? And just because.

00:40:55 Mike Delaney

That's going to.

00:40:55 Mike Delaney

Be a bigger play as we go forward as.

00:40:57 Mike Delaney

Well, it will be part of that.

00:41:00 Kristin Demoranville

I do think we're going to see it in our lifetime. It's already here. We're just going to see it differently than we already do. I mean, Ukraine's been a great example of that. Well, not great, but as an example, what's been happening in Canada with the Russian gangs going after their dairy industries, quite interesting. And watch this space, I guess, is what I say to that one. The GPS being knocked out of the tractors.

00:41:19 Kristin Demoranville

During planning season, just from solar flares is also going to make people.

00:41:24 Kristin Demoranville

Well, I can mess with the bag industry.

00:41:26 Mike Delaney

If you.

00:41:27 Mike Delaney

About it, you know, when the Russian military took over parts in Ukraine, they took back equipment, you know, jobs, years and whatnot. And John Deere went in and locked down those computers that y'all it's probably just delayed them a.

00:41:35

Yeah.

00:41:41 Mike Delaney

While before they.

00:41:41 Kristin Demoranville

Broke. Yeah, well, technically you can hack of John Deere.

00:41:44 Mike Delaney

Well, but, but the fact that you have now the ability of the manufacturer to transmit to the operating vehicle field and shut it to have it's just.

00:41:53 Mike Delaney

Again another goal, the.

00:41:54 Mike Delaney

Point and you know the the examples continue, but that's that's the big risk I think.

00:41:58 Mike Delaney

We see is the content.

00:42:00 Mike Delaney

Feed evolution is going to be better for efficiency and for food production.

00:42:04 Mike Delaney

To grow and.

00:42:05 Mike Delaney

You know less less resources to grow more, all that sort of stuff. There's going to can continued vulnerabilities and unfortunately, you know, humans are all that nice.

00:42:13 Kristin Demoranville

Now, well, really jerks to each other.

00:42:15 Mike Delaney

Another.

00:42:16 Mike Delaney

That I read in.

00:42:17 Mike Delaney

One of the studies that was fascinating risk in cybersecurity risk food is not necessarily in the manufacturing part. Go back to those fields where the food being grown get there. We just talk.

00:42:27

Right.

00:42:29 Mike Delaney

But there is the pendency already.

00:42:31

On technology and.

00:42:32

Yeah.

00:42:32 Mike Delaney

Absolutely. That GPS driven forming techniques and everything else, but also you go back to.

00:42:37 Mike Delaney

The seed level.

00:42:38 Mike Delaney

Right. So you know when you're farmer and when you're planting and you have a window in, in, in your weather window to to plant those seeds three weeks, you know depending on where you are in the world, when monsoons come when rains.

00:42:50 Mike Delaney

Some gold cover not hitting that planting season, right? Could either hinder yields or cause the whole harvest to.

00:42:56 Mike Delaney

Be scrapped, yeah.

00:42:57 Mike Delaney

And the fact that we have most.

00:43:00 Mike Delaney

Of the seed technology in this particular in the US, but globally owned and copyrighted and patented by food manufacturers level issue because they have had yet seen in this month center mix. And so if someone infiltrates month center and screws up their system, we could have an entire soybean crop that doesn't get.

00:43:19 Mike Delaney

Planned that we have.

00:43:20 Kristin Demoranville

People don't realize how interdependent all these companies are to the system. The system is not set up in a way that if you break the spoke on this side, the wheel is going to keep moving. That's not true. It's going to collapse. We just saw that with crowd.

00:43:31 Kristin Demoranville

Strike as an example. It's a. It's an example now.

00:43:34 Mike Delaney

Move.

00:43:35 Mike Delaney

What would happen if someone figured out a vulnerability that was more generic?

00:43:39 Kristin Demoranville

And yeah, it's it's scary. And I think I I.

00:43:43 Kristin Demoranville

Have said this.

00:43:43 Kristin Demoranville

Before on the show and I'll continue to say it, but GPS is important to planning because the machine will know exactly how far to drill down, how far to spread out the seed to make sure it's optimal, covered to keep the weeds.

00:43:54 Kristin Demoranville

Down and it's optimal. Watering all these things and if it's not done in that way and it's precision farming.

00:44:00 Kristin Demoranville

The way that the farming will be going eventually, there's a lot of resistance to it because farmers are about trust and we're not so sure we feel about tech yet in a lot of places. But these big factory farms will go full precision in order to get the highest yield. The best way they can, and they'll modify their crops and be able to handle higher temperatures and monsoon seasons and that kind of thing.

00:44:20 Kristin Demoranville

Since our our climate is changing too much, even the cattle ranchers, there's they're developing slip genes for the cows.

00:44:25 Kristin Demoranville

So they can get out.

00:44:26 Mike Delaney

Some strings probably heard of.

00:44:28 Mike Delaney

Parts of the industry.

00:44:29 Kristin Demoranville

They are in the art, right? So yeah, there.

00:44:32 Kristin Demoranville

Money. Absolutely. There's there's money everywhere. But I will say, Mike, the conversations I've had recently with the meat side of the house, I think JBS really shook them up differently because it happened on their watch in their industry that I've had several conversations in the last month alone that they are worried about their, their supply chain and really worried about what they're going to do about it. And my response back.

00:44:52 Kristin Demoranville

This is awareness is the first step. So what are we going to do after this? Don't try to boil the ocean, just make a cup of tea. You don't need to take on the.

00:44:59 Kristin Demoranville

Whole system. There's no way you'll do that.

00:45:09 Kristin Demoranville

I want to take a moment to give a huge shout out and thank you to all of you who voted for the bytes and Bytes podcast and the technology category of the women in Podcasting Awards 2024.

00:45:19

We may not.

00:45:20 Kristin Demoranville

Have taken home the trophy this year, but being nominated in our first year is an incredible honor and it's all thanks to the listeners.

00:45:27 Kristin Demoranville

Thank you.

00:45:28 Kristin Demoranville

If you haven't already, please make sure you like, share and subscribe.

00:45:33 Kristin Demoranville

Your support truly makes this podcast possible.

00:45:38

Journey.

00:45:39 Kristin Demoranville

Now let's get back to the conversation with Mike.

00:45:47 Kristin Demoranville

If you're talking about the grocer side, what can you guys do? You know, if you're talking about the actual ranchers, what are you doing a lot of times, ranchers don't have a lot of tech. Some of them do. It's not all like Yellowstone, right? It's they're not always flying helicopters. They're not always flying drones. But sometimes the biggest equipment is the.

00:46:04 Kristin Demoranville

Wheelbarrow.

00:46:04 Kristin Demoranville

That they take in and out of the barn. It's just depends. I think we have to not oversell tech in places that.

00:46:10 Kristin Demoranville

Doesn't need it.

00:46:11 Kristin Demoranville

Yet.

00:46:11

Mm-hmm.

00:46:11 Kristin Demoranville

I think we need to button up what we've got.

00:46:13 Kristin Demoranville

Out and I think that we need to train the next generation of professionals.

00:46:17 Kristin Demoranville

And our current?

00:46:17 Kristin Demoranville

Professionals, to a degree to do this work just because you know it. And just because you know cyber security doesn't necessarily mean you know the food industry.

00:46:25 Kristin Demoranville

You have to get to know.

00:46:26 Kristin Demoranville

That side of the.

00:46:26 Kristin Demoranville

House. And sure, you could be a barrier.

00:46:28 Kristin Demoranville

Stuff you should go.

00:46:30 Kristin Demoranville

Serve tables that would help start to get you down that path of understanding the industry. You know, just one slip or 1 angry employee or nefarious hacker gang. And it's just one step away from just disaster and chaos. But I don't want people to think that it's all that all the time. It's not sometimes it's really fun. Sometimes you're eating butter cream and like.

00:46:48 Kristin Demoranville

10:00 AM you know? Or you're eating a cookie. That's.

00:46:51 Mike Delaney

Just keep your potato.

00:46:54 Kristin Demoranville

Uh, yeah. No, I mean, some of the, some of the cookies were amazing. Some of the cakes were amazing. But I'll tell you, Mike, you're probably like me. You can't. You can't unsmil that particular frosting and you can't unspell that cake. I walk into a grocery store and I can't eat a store bought cake anymore because.

00:47:09 Kristin Demoranville

Added too much like.

00:47:11 Mike Delaney

Pretty much the same way, although I will say when when I would drive to work and running and pull into the factory and they were making chocolate icing.

00:47:18 Mike Delaney

It was a little bit like walking in.

00:47:20 Kristin Demoranville

Yeah, I always used to call it whenever they be doing icing days and also the filling days, the fruit filling, you could smell the sugar in the air. I used to call it diabetes.

00:47:28 Kristin Demoranville

Air and it's something I didn't know that.

00:47:31 Kristin Demoranville

I learned on the job was the sugar.

00:47:32 Kristin Demoranville

Dust is actually highly flammable.

00:47:36 Mike Delaney

Low off because.

00:47:37 Mike Delaney

If you had an explosion you wanted to.

00:47:40 Kristin Demoranville

One Direction, there were days, there were days where I'm like, I don't. I don't know how we're gonna get through this.

00:47:46 Kristin Demoranville

There were so many crazy things I got sent to factories after they just bombed for flower mites, and in this nuclear material and project managers during like the whole refresh thing we did and I guess sent out for almost two years on the road. Yeah, they're like, oh, yeah, you could come back as like, a superhero. And I'm like, it's.

00:48:01 Kristin Demoranville

Not funny, you're.

00:48:02 Kristin Demoranville

Paying my medical bills like, do I need to call the corporate lawyer?

00:48:06 Kristin Demoranville

Yes, I will.

00:48:07 Kristin Demoranville

I mean, we go to travel over the world for that. I get to see green production in Germany and all over the country and everything that we did between our cold storage and our our green plants there and our flour mills. And this is this is just fun war stories for lower folks. But I remember standing in California and I won't name the facility, but I know you'll know it.

00:48:27 Kristin Demoranville

Like it was one of our no, it was.

00:48:29 Kristin Demoranville

One of ours that was on one of our sister companies I was in there at like executive room looking out. There was a window and there was an empty like lot next door and I watched. I remember sitting there with coffee and I just happened to look up the 1. And I thought that's weird. It was like a drug deal. Like, right, like 50 feet.

00:48:44 Kristin Demoranville

From our door, we're.

00:48:45 Kristin Demoranville

Thinking where am I? And then the time I was sitting.

00:48:48 Kristin Demoranville

At one of our sister companies.

00:48:50 Kristin Demoranville

In Vegas and there was a fire 3 Doors Down and I sat there and watched the smoke build into the building and we didn't move because we had shifted.

00:48:58 Kristin Demoranville

I remember the project where I was like, you're not leaving unless you were told by the fire department to leave. And I was like, I'll never forget that the whole warehouse was full of smoke. Like, not really bad, but like enough that you were like your eyes are watering. And I thought, wow, this this isn't good. Like, this isn't good or other weird things that happened around the tech and things that I didn't ever want to see. And I can't Unsee.

00:49:17 Kristin Demoranville

Now.

00:49:18 Kristin Demoranville

And the amount of dumb things that employees do on computers, these dumb things, like, if you're studying anatomy in school and you're using your work laptop, we have search engines that look for tags on words all day long in any language and never forget that we stumbled upon this, this particular individual, who was taking anatomy class. And it was really bad.

00:49:39 Kristin Demoranville

Like he had embedded these files into certain things. And we're like, yeah, no, we're gonna take that and reimage it. And you're probably a big trouble by like, don't use your laptop for school. There's so many funny things. And the sales teams are always a riot and.

00:49:52

OK.

00:49:52

OK.

00:49:53 Kristin Demoranville

Yeah, they they definitely kept me moving. Uh, they were always just a technology disaster away from not being able to function and going out to their offices. So it was a hoot because they were so excited because they never had anybody from the technology site ever on site. So they were, they rolled the red carpet out for you. It was fun, definitely fun times, but.

00:50:12 Kristin Demoranville

It was always.

00:50:13 Mike Delaney

Really interesting is that that is symptomatic of the industry itself.

00:50:17

Hell yeah.

00:50:19 Mike Delaney

Which is why it actually the industry of food in general has become.

00:50:25 Mike Delaney

Uh-huh. You know, not necessarily a project where all these things, it's a place that they can, you know, exploit make money because they see a lot of opportunity due to all of these inefficiencies and tendency on old legacy systems that, you know, shouldn't even be on the iterating other so ancient. So that was where, you know, our, our owners, you know.

00:50:44 Mike Delaney

They said this is.

00:50:44 Mike Delaney

An opportunity to take a place that's you.

00:50:47 Mike Delaney

Know run it on the Model T and.

00:50:49 Mike Delaney

Let's put it on something.

00:50:51 Kristin Demoranville

Yeah, the problem is the Model T still needed to run though, and the fact that they kind of bypassed that was really, really inconvenient to this process. Yeah, yeah, it's it's, it's it's very common in the private in.

00:51:05 Mike Delaney

The world right.

00:51:06 Mike Delaney

Now, because there's so much inefficiency that you can elaborate.

00:51:10

Technology.

00:51:11 Kristin Demoranville

Yeah, that's true. That's true.

00:51:13 Mike Delaney

And then one.

00:51:13 Mike Delaney

Of the other vulnerabilities about there is issues you talked about how some companies don't, you know that aren't necessarily going to.

00:51:19 Mike Delaney

Or need to upgrade from the old legacy system. This is a lot of those don't have the embedded tech.

00:51:28 Kristin Demoranville

Or even just segmented away from everything else as a critical asset.

00:51:33

Like.

00:51:33 Mike Delaney

And from IoT device in the factory and then you know it's all she wrote because now it's it's plugged into the bigger world and not isolate.

00:51:41 Kristin Demoranville

Well, yeah, the a lot.

00:51:43 Kristin Demoranville

And this is getting into.

00:51:44 Kristin Demoranville

More of a technical lead.

00:51:45 Kristin Demoranville

But a lot of the networks.

00:51:47 Kristin Demoranville

These buildings were flat, meaning everything was connected at all levels. They didn't have any staggering levels or like different rooms. You could walk into. It's just one open floor plan. This would just grab the networking term that causes the problems. If you don't create these little segments, whether it's your critical or production system or your office in the production area, it becomes so easy for people to hit.

00:52:07 Kristin Demoranville

Just hit one. You're in.

00:52:08 Kristin Demoranville

But if you have this segmented section, it's almost like Swiss cheese. They can't get to everything. They gotta kind of work their way through it. That's why I always say make it hard for these hackers. Make it hard. Don't make it easy. Don't be an easy target. You want them to struggle. Make them work for their money. Literally. Once you start saying that people are like, Oh yeah, I should. We should make this harder. But the problem is, and you know this Mike.

00:52:29 Kristin Demoranville

That can make it harder for the hackers it becomes.

00:52:31 Kristin Demoranville

Harder for everybody.

00:52:31 Mike Delaney

Else right 16 character, you know, e-mail passwords and 90 day rotation on on changing.

00:52:39 Mike Delaney

It out, yeah.

00:52:40 Mike Delaney

Necessity, however, or the average person remembering multiple 1616 character combos.

00:52:49 Mike Delaney

Yes. So then the next thing you know, you walk in the room.

00:52:51 Mike Delaney

And it's on your computer.

00:52:53

Yeah.

00:52:53 Mike Delaney

Well, it's saved on their laptop it automatically.

00:52:57 Mike Delaney

Populates the iPhone which so you actively working around your protections.

00:53:04 Kristin Demoranville

Especially in production, for if you you know.

00:53:07 Kristin Demoranville

Biometrics and you wearing goggles that does work or fingerprints. You're wearing gloves.

00:53:11 Kristin Demoranville

There's all.

00:53:12

The.

00:53:12 Mike Delaney

Can you get the heat? Yeah.

00:53:14 Kristin Demoranville

Yeah, yeah. Or it's just cold or it, or you're in some type of like, toxic environment where you can't, you know, do that now it's it's hard. This is why you have to work with people and process. And the tech has to work around that. Back in the day, the legacy systems work because that's all there was. And they stayed there because it was too expensive to upgrade the system or.

00:53:31 Kristin Demoranville

Upgrade the software that runs on it. Some of the software upgrades.

00:53:34 Kristin Demoranville

For when we were doing that whole process of the ERP upgrade, some of those were literally millions of dollars, Mike. It was stupid. What's the point? That was the whole budget we have for the project anyways.

00:53:44 Kristin Demoranville

Why would we do this? But it was the most critical system that couldn't be taken offline or people have been attaching their legacy systems to their current modern systems. Whether it's an IoT or anything like that, I I don't think that you need to give everybody access to every. That's ridiculous that that's kind of the breakdown.

00:54:00 Kristin Demoranville

Too of of.

00:54:01 Kristin Demoranville

Access control. Every type of precaution possible down to the.

00:54:05 Mike Delaney

Playing how they like, you know, it's it's like, so you both have to have two keys.

00:54:08 Kristin Demoranville

To turn the nuclear war. Exactly. Yes, exactly.

00:54:11 Mike Delaney

Can't turn both at the same time because they're.

00:54:13 Mike Delaney

Far apart.

00:54:14 Kristin Demoranville

You know, and that's the important with aspects with like cyber physical, right. You still have to be able to turn the key, but you could push a button on your couch, right. That whole aspect we now cross into physical security so much differently in the food industry down controlling peanut to non peanut areas as an example to go back to that. And I think that access control in that regard especially is part of our.

00:54:34 Kristin Demoranville

Process. It should be more of what we do. It's hard. This is all hard stuff. And because you have to combat.

00:54:40 Kristin Demoranville

People blame to.

00:54:42 Kristin Demoranville

You have to change the way you do your job that you've done for the last 40 years, but we appreciate when you dump for the last 40 years, but now you need to adopt this particular aspect to it. But oh, by the way, if everything goes down and it's bad, we need to be able to fall back on your original process. Makes people feel really inadequate and stupid. So you have to kind of get them excited about it and bring them to a new level of understanding with it. And also.

00:55:03 Kristin Demoranville

They can take.

00:55:03 Kristin Demoranville

It into their home, you know they can.

00:55:04 Kristin Demoranville

Understand how to stay safe at home and I think that's that's the part. It's an exclusive to your company and you should be practicing these behaviors at home as well, because if your e-mail gets hacked at home, more than likely you have the same password. It will be tried on your more account. That's how they get in. A lot of times and that's so don't put your passwords the same change password.

00:55:24 Mike Delaney

Good. Yeah, back to that.

00:55:26 Mike Delaney

Human nature of oh, God, how many more passwords we have?

00:55:28

So I.

00:55:28 Kristin Demoranville

To remember, I think the nice thing is that a lot of people are adopting password creations and and storage and things like that and.

00:55:34 Kristin Demoranville

That seems to be.

00:55:35 Kristin Demoranville

Good. Thanks Mike for being here. It was nice to go down memory lane and all these fun things. And I I really hope you could.

00:55:42 Kristin Demoranville

To expand your knowledge so you can share this.

00:55:44 Mike Delaney

With others as well. Definitely something that we're thinking a lot about. Like I mentioned, you know, off of roads or they're seeing attacks constantly as well, the bad people have figured out that we have a lot of information that they'd love to have their hands on. And if they can get something that's about a public deal that's. And then again in the legal side, meaning the lawmakers.

00:55:52 Kristin Demoranville

Yep.

00:56:03 Mike Delaney

Yeah, we're going to see more and more activity at Congress and state levels because this is an issue that they have to address. Originally we see on both sides of the aisle an interest in doing so. So it'll be interesting to see where the.

00:56:18 Mike Delaney

But I suspect that we'll be talking again about whatever legislation that you place.

00:56:23 Kristin Demoranville

All right. Well, thank you.

00:56:24 Kristin Demoranville

Very much for being here, Mike.

00:56:25 Kristin Demoranville

Really appreciate it. Thanks so much.

00:56:38 Kristin Demoranville

Thanks so much for tuning.

00:56:39 Kristin Demoranville

That’s today's episode of The Bites and Bites Podcast. A big thank you to my guests Mike for sharing his insights, experience and a few laughs. Remember to like, comment, and share the show. Stay safe, stay curious and we'll see you on the next one. Bye for now.