The food supply chain has a cybersecurity problem – Help Net Security

Weekly Cybersecurity Intelligence Report: Implications for Sustainable Development Goals (SDGs)

Executive Summary

This report provides an overview of recent developments in the cybersecurity landscape, with a specific focus on their alignment with and impact on the United Nations Sustainable Development Goals (SDGs). Key findings indicate escalating threats to critical infrastructure, necessitating advanced technological solutions and robust governance. These challenges and innovations directly affect progress toward goals related to health, clean water, food security, economic growth, and resilient infrastructure.

Securing Critical Infrastructure for Sustainable Communities

H3: Water Sector Cybersecurity (SDG 6: Clean Water and Sanitation)

• An urgent call to address cybersecurity vulnerabilities within the water sector has been issued.
• Cyberattacks on water facilities pose a significant threat to public health and safety, as even minor disruptions can compromise the supply of clean water for entire communities, directly undermining SDG 6.

H3: Agri-Food Sector Cybersecurity (SDG 2: Zero Hunger)

• The global food supply chain is facing a significant cybersecurity problem, with potential for targeted attacks.
• Ensuring the security and safety of the agri-food sector is paramount to maintaining food security and achieving the objectives of SDG 2.

H3: Healthcare Sector Cybersecurity (SDG 3: Good Health and Well-being)

• Rural hospitals are identified as particularly vulnerable to cyber threats due to budget constraints, limited personnel, and inadequate vendor support.
• Security gaps persist in the use of shared mobile devices within healthcare systems, creating risks to patient data and care delivery. These challenges directly impede the goal of ensuring good health and well-being for all.

Innovation and Economic Resilience in the Digital Age

H3: Technological Advancements for Secure Infrastructure (SDG 9: Industry, Innovation, and Infrastructure)

The development of open-source and AI-driven tools is crucial for building resilient infrastructure. Recent innovations include:

1. Vulnhuntr: An open-source tool utilizing LLMs and static code analysis to identify remotely exploitable vulnerabilities in applications.
2. Artemis: An open-source modular scanner that translates complex security results into understandable reports for organizations.
3. White-Basilisk: A new AI model offering a more efficient and environmentally sustainable (“greener”) method for software vulnerability detection.
4. Darwinium’s AI Features: The Beagle and Copilot tools simulate adversarial behavior, enabling security teams to proactively defend against AI-powered fraud.

H3: Protecting Economic Stability and Financial Institutions (SDG 8: Decent Work and Economic Growth)

• Financial institutions are enhancing fraud prevention by integrating behavioral intelligence, including biometrics and network analysis, to protect economic systems.
• Ransomware has evolved into a national security crisis and a significant business disruptor, threatening economic stability and societal trust.
• The continued use of stolen credentials by cybercriminals remains a primary threat to enterprise security and economic assets.

H3: Securing the Emerging Space Economy (SDG 9: Industry, Innovation, and Infrastructure)

• As the global space economy is projected to grow to $1.8 trillion by 2035, space assets are becoming increasingly attractive targets for cyberattacks.
• Protecting space infrastructure is essential for fostering innovation and securing future economic growth tied to this expanding sector.

Governance, Justice, and Global Partnerships for Security

H3: Governance, Risk, and Legal Frameworks (SDG 16: Peace, Justice, and Strong Institutions)

• The legal and ethical implications of “hacking back” in response to cross-border cyber incidents present a complex challenge for international justice.
• Organizations are urged to design autonomous AI agents with strong governance from their inception to mitigate reputational, operational, and compliance risks.
• A report from SpecterOps highlights that identity-based attack paths are behind most breaches, indicating that traditional governance and security tools are no longer sufficient.
• Corporate boards are increasing their focus on technology oversight in response to a more uncertain landscape.

H3: Addressing Systemic Threats through Collaboration (SDG 17: Partnerships for the Goals)

• A critical gap in supply chain security is the failure to manage fourth-party risk, highlighting the need for deeper collaboration and vetting across entire business ecosystems.
• The proliferation of non-human identities (bots, service accounts) is the fastest-growing source of enterprise risk, as leaked secrets like API keys and tokens are scattered across platforms.
• A widespread application security crisis persists, with most organizations knowingly shipping insecure software, underscoring a breakdown in secure development partnerships.

Human Capital and Education for a Secure Future

H3: Professional Development and Workforce Capacity (SDG 4: Quality Education & SDG 8: Decent Work and Economic Growth)

Building a skilled cybersecurity workforce is essential for sustainable economic growth and security. Key resources and trends include:

1. LLM Engineer’s Handbook: A new publication providing practical, engineering-focused guidance for professionals working with Large Language Models.
2. CISA Certified Information Systems Auditor Practice Tests: A resource offering domain-specific preparation for the CISA exam to enhance critical auditing skills.
3. Growth in vCISO Services: The adoption of Virtual CISO services has increased more than threefold, indicating a strategic shift in how organizations access expert security knowledge to meet governance demands.

• The availability of diverse cybersecurity roles continues to grow, contributing to the goal of decent work and economic growth.

Analysis of Sustainable Development Goals in the Article

1. Which SDGs are addressed or connected to the issues highlighted in the article?

1. SDG 2: Zero Hunger
   • The article highlights the vulnerability of the food supply chain to cyberattacks in the section “The food supply chain has a cybersecurity problem,” which directly threatens food safety and availability.
2. SDG 3: Good Health and Well-being
   • The text discusses significant cybersecurity challenges faced by healthcare facilities, particularly in “Why rural hospitals are losing the cybersecurity battle” and “Security gaps still haunt shared mobile device use in healthcare,” which can compromise patient safety and health services.
3. SDG 6: Clean Water and Sanitation
   • The article explicitly addresses threats to water infrastructure in “It’s time to sound the alarm on water sector cybersecurity,” noting that a cyberattack can disrupt the supply of clean water and have serious public health consequences.
4. SDG 8: Decent Work and Economic Growth
   • The article touches on economic stability by discussing fraud prevention in financial institutions and the growth of the global space economy. It also mentions the availability of “Cybersecurity jobs,” which relates to employment and economic growth.
5. SDG 9: Industry, Innovation, and Infrastructure
   • This is a central theme, as the article extensively covers the need to protect critical infrastructure (food, water, space, digital). It also focuses on technological innovation, such as the development of new AI models (“White-Basilisk”), open-source vulnerability scanners (“Vulnhuntr,” “Artemis”), and AI-powered fraud defense tools.
6. SDG 16: Peace, Justice, and Strong Institutions
   • The article frames ransomware as a “national security crisis” and discusses the legal and ethical complexities of “hacking back.” This connects to the goal of reducing crime and building effective, accountable institutions to handle threats like cybercrime and digital fraud.

2. What specific targets under those SDGs can be identified based on the article’s content?

1. Target 2.1: By 2030, end hunger and ensure access by all people… to safe, nutritious and sufficient food all year round.
   • The discussion on cybersecurity problems in the agri-food sector implies a direct threat to this target, as attacks could compromise the safety and supply of food.
2. Target 3.d: Strengthen the capacity of all countries… for early warning, risk reduction and management of national and global health risks.
   • The cybersecurity vulnerabilities in rural hospitals and with shared mobile devices in healthcare represent a failure to manage a significant health risk, making this target highly relevant.
3. Target 6.1: By 2030, achieve universal and equitable access to safe and affordable drinking water for all.
   • The article’s warning about cyberattacks on water facilities directly relates to protecting the infrastructure necessary to achieve this target.
4. Target 8.10: Strengthen the capacity of domestic financial institutions to encourage and expand access to banking, insurance and financial services for all.
   • The focus on enhancing fraud prevention for banks using behavioral intelligence and AI supports the resilience and trustworthiness of financial institutions, which is essential for this target.
5. Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure, including regional and transborder infrastructure, to support economic development and human well-being.
   • The article’s emphasis on securing critical infrastructure in the water, food, and space sectors, as well as digital supply chains, directly aligns with the need for resilient infrastructure.
6. Target 16.4: By 2030, significantly reduce illicit financial… flows… and combat all forms of organized crime.
   • The fight against ransomware, stolen credentials, and document forgery, as detailed in the article, is a direct effort to combat organized cybercrime and its illicit financial gains.

3. Are there any indicators mentioned or implied in the article that can be used to measure progress towards the identified targets?

1. Prevalence and sophistication of cyber threats:
   • The article repeatedly mentions the increasing frequency and sophistication of threats like ransomware, AI-powered attacks, and attacks on critical infrastructure. A reduction in the number and impact of such incidents would be a key indicator of progress.
2. Adoption of advanced security technologies and strategies:
   • The article points to a significant “AI security readiness gap,” noting that “only 6% have put in place a comprehensive security strategy designed specifically for AI.” An increase in this percentage would be a measurable indicator of improved security posture. Similarly, the adoption of tools like behavioral biometrics by banks or vCISO services by businesses are quantifiable metrics.
3. Development of new security tools and knowledge:
   • The creation and release of open-source tools like “Vulnhuntr” and “Artemis,” and more efficient AI models like “White-Basilisk,” serve as indicators of innovation and progress in the cybersecurity field. The availability of resources like the “LLM Engineer’s Handbook” and “CISA Certified Information Systems Auditor Practice Tests” indicates growth in professional knowledge and skills.
4. Corporate governance and risk management focus:
   • The mention that corporate boards are increasing their “oversight of technology” and focusing on third- and fourth-party risk management suggests that security is becoming a higher priority in corporate governance. Tracking this through corporate reporting (e.g., proxy season trends) can serve as an indicator.

4. SDGs, Targets, and Indicators Table

Source: helpnetsecurity.com