💡 What can the food industry learn from 25+ years of defense cybersecurity experience?

In this episode of the Bites and Bytes Podcast, host Kristin Demoranville talks with Brian Schleifer, a cybersecurity expert with a career spanning the U.S. Air Force, Department of Defense systems, and advanced cyber-physical risk management.  Together, they unpack how the principles of defense cybersecurity, from risk modeling to system resilience, can help protect the food and agriculture sector, one of the most vulnerable critical infrastructures.

This episode explores:

✅  What precision agriculture and defense systems have in common

✅  Why autonomous tractors and food processing systems are prime targets

✅  The reality of protecting proprietary food data and recipes

✅  Cyber-physical risks in modern farming and food production

Whether you work in OT, IT, food safety, risk management, or supply chain, this episode is packed with real talk and relatable analogies (plus homemade tortillas and schnitzel get shoutouts).  Tune in to hear why safety and security must go hand in hand — and what it really means to secure the systems that feed the world.

⚠️Disclaimer: The views expressed by Brian Schleifer are his own and do not represent the Department of Defense, his employer, or any government entity.



_______________________________________________



🎙️ Guest Information: Brian Schleifer, MBA

LinkedIn: https://www.linkedin.com/in/brian-schleifer/

People Add Value Experience (P.A.V.E.) Podcast: Hosted by Brian, the People Add Value Experience (P.A.V.E.) podcast explores how individuals contribute to adding value across various aspects of life. Topics include fostering and adoption, professional development, and small business insights.​

• Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/people-add-value-experience/id1691150774


• Watch on YouTube: https://www.youtube.com/@P.A.V.E.

_______________________________________________



🎯 Episode Key Highlights

00:17:00 )  – Caterpillar as a Cybersecurity Model for Ag & Food Systems

(00:19:50 ) – The Solar Flare That Took Out GPS on Tractors

(00:24:50 ) – Is Food Data Secret? Yes — Here’s Why It Matters

(00:14:41 ) – What Food & Ag Can Learn from the Defense Sector

(00:21:01 ) – What a Strategic Attack on Food Infrastructure Might Look Like

(00:29:43 ) – Leadership Failure & Lessons from the Peanut Corporation Disaster

(00:37:54 ) – Why Food Cybersecurity Must Be Treated Like Safety

(00:38:04 ) – Cyber PHAs: Planning for the “What Ifs” in Food Systems

(00:45:20 ) – The Case for Sector-Specific Cyber Frameworks

(00:52:00 ) – When Donuts Got Hacked: The Krispy Kreme Incident

(00:52:21 ) – McDonald’s Onions & Public Awareness of Food Supply Risk

(00:53:00 ) – Ukraine’s War Rippled Through the Wheat Market

(00:54:30 ) – Fiber-Optic Drones and the Future of Cyber-Physical Warfare

(00:56:10 ) – Meet Brian’s Podcast: People Add Value Experience (P.A.V.E.)

_______________________________________________



Show Notes:

📚 Books & Documentaries Mentioned:

• Salt Sugar Fat by Michael Moss – A behind-the-scenes look at how processed food is engineered for maximum appeal — mentioned in Brian’s discussion about food memory and food science.
  
  https://a.co/d/byO516w


• The Power of Habit by Charles Duhigg – Referenced during the conversation on safety culture, behavioral change, and leadership accountability.
  
  https://a.co/d/9YwlmM6


• Mindset by Dr. Carol Dweck – brought up in the context of continuous learning and a growth mindset in cybersecurity and industry adaptation.
  
  https://a.co/d/9aherBX


• Poisoned (Netflix documentary featuring Dr. Darren Dettweiler) – Recommended by Kristin as a must-watch on food safety failures, systemic vulnerabilities, and public health.
  
  https://www.netflix.com/title/81460481


• Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg –
  
  Brian mentioned the NotPetya cyberattack and its impact on global shipping and food supply chains.
  
  https://a.co/d/eWmJH8Y

🧠 Key Terms & Concepts:

• Risk Management Framework (RMF) – NIST SP 800-37
  
  Referenced in Brian’s experience assessing and implementing cybersecurity controls in defense systems.


• STPA-SEC – System-Theoretic Process Analysis for Security (MIT)
  
  A systems thinking approach to security based on safety analysis is used by Brian in his academic and professional work.


• CMMC – Cybersecurity Maturity Model Certification
  
  Brought up during the discussion on compliance and upcoming requirements for government contractors and vendors.


• Cyber-Physical Systems Overview – NIST
  
  Used to frame how digital systems interact with the physical world — particularly in agriculture, food processing, and defense.


• IEC 62443 – Industrial Cybersecurity Standard
  
  A referenced framework used across OT/ICS environments to manage and mitigate industrial cybersecurity risk.


• NIST SP 800-171
  
  Cited when talking about supply chain risk, CMMC alignment, and government-facing compliance.


• Cyber PHA – Process Hazard Analysis for Cybersecurity
  
  Kristin mentioned it as a structured, scenario-based approach to evaluating cyber and safety risks together.


• OSHA – Occupational Safety and Health Administration
  
  Discussed in comparison to cybersecurity maturity. Brian questioned when formal safety began in industry and compared that moment in history to where cybersecurity is now — on the cusp of needing the same level of attention and resource allocation.


• Glenda Snodgrass – Cybersecurity Training & Talks
  
  Brian mentioned seeing her speak and appreciated how she used real examples—both good and bad—of how to answer security controls effectively.

⚠️ Real-World Incidents & Case Studies:

• Peanut Corporation of America – CDC Overview – Discussed as a case where lack of oversight and bad leadership led to a deadly food safety crisis.


• Boar’s Head recall and plant shutdown – USDA FSIS – Cited as an example of how safety and cybersecurity intersect and impact real communities.


• JBS ransomware attack – BBC – Used to illustrate food supply chain vulnerabilities to cyber incidents.


• Caterpillar vulnerability disclosure – Referenced in Brian’s praise of Caterpillar’s proactive cybersecurity maturity.


• John Deere Right to Repair agreement – BBC – Discussed as a milestone in agricultural autonomy and cybersecurity implications for farmers.

• Solar Flare & GPS Disruption in Precision Ag – NASA Overview – Referenced by Kristin when discussing how non-cyber events (like solar flares) affect precision farming and GPS reliance.


• Krispy Kreme Hack
  
  Kristin mentioned this as a food-related cyber incident that gained attention. The event highlighted third-party risk in the food sector and how public perception shapes urgency.


• McDonald’s E. coli Outbreak (2024) – CDC Overview
  
  Kristin mentioned this outbreak was tied to slivered onions on McDonald’s Quarter Pounders. It resulted in over 100 illnesses and one death, highlighting the risk of contamination in fast food supply chains and the importance of upstream safety controls.


• NotPetya Cyberattack – Wired
  
  Brian referenced this attack when discussing the global ripple effects of cyber incidents. NotPetya began as a targeted attack on Ukraine but quickly spread, shutting do