Facing mandates to safeguard against deliberate contamination, food companies walk a fine line between implementing effective defenses and creating an uncomfortable workplace.
The joke in certain circles is that the Food Safety Modernization Act (FSMA), which explicitly cites the need to guard against intentional adulteration, should more accurately be referred to as SCFEA: the Security Consultants Full Employment Act.
A bit harsh, but more than a few hardware suppliers and consultancies hope to capture the sales calls that are certain to come. Food companies that haven’t already addressed security are open-to-buy customers; those with advanced systems are candidates for upgrades to the latest technology.
An open checkbook is never a good policy, however, and more than a few food security professionals counsel caution. Trained, vigilant workers are frontline defenders against tampering and sabotage, so treating them like suspects can quickly become counterproductive. Management must tread lightly when deploying surveillance cameras inside the facility or risk undermining staff buy-in to food defense programs.
“When we put in cameras, we don’t sneak in and install them in the middle of the night,” says Bryan Fort, corporate security manager for McCormick & Company Inc., Sparks, MD. Employees are the first line of defense, he continues, and cultivating their support of the defense plan is much more important than cameras and other hardware. “It’s not about spying on your employees,” he adds. “It’s about assessing threats and risks that, for the most part, will be externally driven. Whenever we have had problems, we’ve been fortunate to have an engaged workforce.”
Thorough vetting of new hires and ongoing staff training are the most cost-effective security investments. Beyond that, a “layered approach” to facility security should be taken, Fort advises. Unfortunately, some companies fall prey to technology’s allure and install expensive security hardware, only to learn afterwards of the design flaws and other problems that become evident when systems are installed in a specific facility.
Securing a facility’s perimeter is the first priority, suggested Bill Ramsey, Fort’s predecessor at McCormick & Co., in a presentation at Food Engineering’s 2012 Food Automation & Manufacturing Conference. In the years following passage of the Public Health Security & Bioterrorism Act of 2002, food companies addressed physical access, producing a boon for fencing suppliers and guard shelter fabricators. Worker vetting is the next item on the to-do list, and a number of tools are readily available. The federal verification database E-Verify, psychological profile tests, criminal background checks and drug testing are commonly used, though some employers are overzealous. Privacy concerns are being raised, and the Equal Employment Opportunity Commission is considering restrictions to these practices.
Within a facility’s four walls, raw materials and finished goods aren’t the only defense issues. Preventing workplace violence is another security concern. “There often are warning signs that go unheeded,” notes Fort. Training staffers to identify those signs and react to and report any incidents is part of a comprehensive food defense system.
Hello, Big Brother
Mt. Kisco, NY-based Arrowsight Inc. began providing remote video audits for margin improvement- and food safety-compliance initiatives in beef plants about nine years ago. Two years ago, the firm began piloting remote video for food defense, but the only ongoing program involves OSI Group, a McDonald’s supplier of hamburger patties. The OSI program is limited to monitoring of truck seals on trailers leaving the yard. If the number of fluorescent seals on doors and hatches doesn’t match the truck’s manifest, the trailer isn’t allowed to leave the yard.
Arrowsight CEO Adam Aronson would like to expand video security to high-risk areas inside plants. Cameras would back up RFID cards carried by personnel authorized to be in spice rooms, blending areas and other “hot zones.” If an unauthorized individual entered the zone, a silent alarm would alert call-center operators, who then would review the tape. Aronson hopes to have a system up and running within the next few months.
“There definitely is a role for staff vigilance that should be encouraged,” he says, “but I believe video monitoring would be a separate area of oversight and control that should not deter vigilance by staff.”
John Hnatio, chief science officer at FoodQuestTQ, Frederick, MD, believes video monitoring of plant personnel can be counterproductive. Staff training and awareness programs are the most cost-effective plant defense, but CCTV can undermine staff cooperation. “You’re telling the people you’re relying on that they’re not to be trusted,” he says.
“Cameras are great if they actually capture something,” allows Lance Reeve, director of the food defense program at AIB International, “but they usually are after the fact.” The emphasis in FSMA is on preventive vs. reactive controls. Absent human monitoring of the video feed, suspicious or unusual activity is best interrupted by plant personnel. “They are monitoring in real time,” Reeve points out.
Tyco Integrated Security has a business relationship with Arrowsight, supplying cameras, access control devices and other security hardware as needed. Technology has a role in plant security, but only after a needs assessment and a defense plan have been devised, according to Don Hsieh, director-commercial & industrial markets for Boca Raton, FL-based Tyco (formerly ADT Security Services). A vulnerability is site specific, but Hsieh suggests focusing on four areas:
- Coating, mixing, grinding and remix operations
- Staging and ingredient-adding operations
- Bulk liquid receiving and loading
- Storage for both bulk and non-bulk materials.
Generally, isolated areas and processes where a contaminant can be dispersed in a batch pose the greatest risk, Hsieh says. Restricting access to a mixing area, which tends to be open, is impractical with physical barriers, making RFID cards and video analytics viable options. “These technologies do not have to be intrusive,” he says.
Facility security already has been addressed by some sectors of the industry, suggests Craig W. Henry, director of Deloitte & Touche LLP’s new food defense practice. FDA guidance will likely mirror the security requirements already in place at meat, poultry and egg plants overseen by USDA’s Food Safety and Inspection Service, he suggests, adding more than 80 percent of FSIS-inspected facilities are in compliance. “Training is absolutely paramount,” says Henry, but the place to start is with an expert assessment of existing defenses and development of a written plan. One resource is Protective Security Advisors, a service of the federal Department of Homeland Security.
The service, which was established six years ago, involves a comprehensive analysis of a facility’s systems for security, crisis management, employee screening and other safeguards that go well beyond intentional contamination concerns. The analysis puts the plan in the context of local crime. The defense profile for a dairy in a rural area will be considerably different than for an inner-city bakery, for example. Experienced, trained security specialists are essential when developing a defense plan, Henry emphasizes, but the Homeland Security assessment can serve as “a guide to putting in a practical program.” The three essentials of any plan are lighted, locked and surveilled facilities.
Firms such as Tyco and Deloitte have assembled security teams that can help food companies do the risk assessment and continuous improvement that are at the heart of both safety and security regulations. Do-it-yourself assessments are an option, particularly for small to mid-sized firms with limited compliance budgets.
For example, FSIS created a Food Defense Risk Mitigation tool to help companies identify countermeasures to protect their businesses, employees and customers. FDA borrowed a risk management system from the Pentagon called CARVER (criticality, accessibility, recuperability, vulnerability, effect and recognizability) to identify a plant’s most vulnerable areas. The likelihood and level of risk are factored to produce a CARVER + Shock score.
For organizations looking for guidance with minimal financial investment, a software suite from FoodQuestTQ combines science- and risk-based principles with computer analytics to rate effective countermeasures against various threats, based on their ability to deter, detect, communicate, deliver timely and quality responses, and mitigate the threat. “Guards, gates and guns” are the conventional tools of security, says FoodQuestTQ’s Hnatio. But hardware cannot secure a facility: All of those tools can be defeated, and all rely on people. “Eyes and ears are the best detectors” of malicious acts and their actors. For example, RFID badges are the most common security defense but the easiest to defeat. “It is one of the things you need, but you cannot rely on a badge system,” says Hnatio.
His two-year-old company produces several software tools for laypeople conducting their own facility assessment, including Food Defense TQ, Food Safety TQ and Food Defense Architect (TQ is short for threat quotient). Supporting those tools is Poison, a database containing 1,574 food defense events and the effectiveness of various countermeasures in mitigating the threats. Most of the events actually occurred, though a third represent scenarios posed by 11 government agencies and standards organizations such as BRC and SQF.
Intentional poisoning by physical hazards, chemical toxins, biological agents and nuclear materials is one of several vulnerabilities catalogued in Poison. Other defense threats include arson, facility sabotage, workplace violence and cyber attacks. Connectivity is particularly worrisome for automated production, and defenses against malicious attacks and industrial espionage can hamstring efforts to improve throughput and machine uptime by granting remote access to controls technicians for diagnostics and trouble-shooting.
No-network-access rules can sacrifice uptime in the name of cyber security. As machines become more complex and onsite support becomes thinner, manufacturers are finding it more difficult to resolve technical problems quickly, particularly if an outside service person must be physically present. Fortunately, firms like Key Technology Inc. are finding ways to gain remote access without going through computer firewalls. Key calls its service RemoteMD Premium, a real-time equipment monitoring system for optical sorters and other machinery with vision technology and advanced algorithms. Advanced MD, which was rolled into Key’s FoodSafetyPRO program last year, is activated when plant personnel call Key’s help desk. A Key agent then pushes out an access request to the machine, creating “a tunnel” for the connection, explains John Kadinger, marketing manager for the Walla Walla, WA firm. For added security, the cyber tunnel can be set up to allow access only after permission has been granted. Similar systems are used in home banking applications.
“When we talk to IT about this system, it’s usually a five-minute conversation” before IT gives its blessing, Kadinger says. Resolving security concerns not only expedites diagnostics by Key, it helps food engineers and production managers gain visibility to machinery in multiple locations.
The chain’s weak links
While the scope of FSMA’s security section is limited to food in bulk or batch form and specifically excludes products in their final package, warehousing and distribution are among the most vulnerable points in the supply chain. “Product at rest is product at risk,” says Fort, and an effective food defense program must address the entire chain of custody.
AIB’s Reeve agrees, noting hijackings involving packaged foods are a fast-growing category. In its most recent annual ranking of commodity thefts, CargoNet magazine ranked food No. 1 for the first time, surpassing electronics. The resale value of branded food products is much closer to retail than electronics, Reeve explains, and high-price items like infant formula are favorites of thieves.
The global nature of the food industry will require better controls of the chain of custody for both raw materials and finished goods. Citing FDA statics, Tyco’s Hsieh points out 20 percent of vegetables are imported, as are 60 percent of fruits and 80 percent of seafood. Overall, imported foods constitute 15 percent of the US food supply. Proposed rules for imported foods are anticipated in part for what security provisions they might contain.
The Customs-Trade Partnership Against Terrorism (C-TPAT) may be the template for securing imports and exports, as well as the domestic supply chain. Established in 2001 and managed by US Customs and Border Protection, C-TPAT is a certification program that expedites cross-border shipments by participating companies. McCormick & Co. participates in C-TPAT, and “many of the things we’re doing there have bled over to food defense,” reports Fort. “Companies participating in those kinds of programs are only going to need a tweak here and a tweak there to comply with food security regulations.”
In a white paper on food defense in post-9/11 America, Deloitte cites a study of intentional food contamination incidents worldwide. The study, which covered a 58-year period ending in 2008, documented 523 events. A plurality (42 percent) was in the US, just short of four events a year. They occurred anywhere from the farm to consumption and were not necessarily tied to events inside food facilities.
Given its infrequency, deliberate contamination within a food plant is a small part of the security concern. Consequently, an effective food defense system also must safeguard intellectual property, transport vehicles, cyber security and worker safety. A balanced, effective and affordable plan recognizes the complexity of the challenge and allocates limited resources where they will do the most good.
What FSMA says about malicious acts
Americans already were on edge about the deliberate poisoning of the nation’s food supply in September 2001 when letters containing anthrax spores began infecting postal workers and others, resulting in five deaths. The vulnerability to bioterrorism inspired the 2002 Bioterrorism Act and other legislation aimed at tightening the handling and transport of raw food. But the first explicit mention of intentional contamination did not come until passage of the Food Safety Modernization Act of 2011.
Section 106 of FSMA is titled, “Protection against intentional adulteration.” The phrase “intentional adulteration of food” appears four times, and the section commits the Secretaries of Health and Human Services and Homeland Security to complete a risk assessment to determine “science-based mitigation strategies” for food companies. Execution of those strategies is to “apply only to food for which there is a high risk of intentional contamination” and to be limited to products with “clear vulnerabilities (including short shelf life or susceptibility to intentional contamination at critical control points).”
Proposed regulations for carrying out site-specific assessments faced a July 2012 deadline, but, as with other FSMA guidelines, release has been delayed. The first FSMA guidelines were released in January, but the expectation is that intentional adulteration guidance will not be available until 2014.
For more information:
Lance Reeve, AIB International, 785-537-4750, firstname.lastname@example.org
Adam Aronson, Arrowsight Inc., 866-261-5656
Craig Henry, Deloitte & Touche LLP, 601-584-1429, email@example.com
John Kadinger, Key Technology Inc., 509-394-3577, firstname.lastname@example.org
Don Hsieh, Tyco Integrated Security, 561-988-3600, email@example.com
John Hnatio, FoodQuestTQ, 240-439-4476, firstname.lastname@example.org
Article published in the Food Engineering Magazine and written by Kevin T. Higgins, Senior Editor