Cybersecurity In-Depth

The Edge

Contemplating the Coffee Supply Chain: A Horror Story

On the bean-to-cup journey, dangers await around every corner. Here, well-caffeinated security experts warn the coffee industry about the threats.

(Continued from previous page)

When people think of security issues at the coffee-shop level, they tend to think in terms of stolen credit card and debit card information. But that's less of a risk than it used to be because "there's already a lot of security built-in in payment processing," says Chaturbedi.

However, there are other risks that can be devastating to coffee shops and chains.

For example, access to smart coffee makers "can cause intense damage, such as shutting down the machine, changing the location, and altering the temperature – all of which would prove costly and jeopardize the product," Chaturbedi warns. "For example, if a hacker was able to get access to all IoT espresso machines the day before earnings, the company's reputation and livelihood would be greatly affected. Ultimately, the company must be aware of any hacking through Internet, Bluetooth, and radio frequency transmission."  

In addition, there is a strong need to maintain security to protect the bean quality, coffee flavor, product safety, and company secrets, including bean sources and blends.

"Is that fine whisky counterfeit? Is that coffee single origin, or has it had variety of beans mixed in like Russian code in SolarWinds?" Awake Security's Golomb suggests asking. "Are you sure there was no lead or other metals added to the glaze in that coffee mug? Did you use distilled water, or was that city water from the tap? Does your city have good control over the water supply chain? Or do you live somewhere with poor water quality?"  

The Cream on Top
How can the coffee industry and its beloved customers protect themselves? Shore up all defenses.

"Attackers sometimes work to break the security measures, so you need a way to strengthen the security measures themselves" to counteract them, says David A. Wheeler, director of open source supply chain security at the Linux Foundation.

He provided some of issues that can arise, along with potential ways to address each one.

  • Problem: Growers unintentionally included bad coffee beans in their deliveries (like unintentional vulnerabilities in code).
    Potential fix: Look for bad beans using tools and code review.
  • Problem: Pickers, possibly paid off by competitors, intentionally insert bad coffee beans into deliveries (like intentional vulnerabilities in code).
    Potential fix: Look for bad beans; reduce the impact of bad beans in the process using tools, code reviews, and limited privilege.
  • Problem: The delivery of intermediate, e.g., beans or final product/service suborned by fakes/counterfeits.
    Potential fix: Signatures and counterfeit detection using digital signatures.
  • Problem: Signature system suborned (private key stolen and/or colluding supplier).
    Potential fix: Transparent logs (digital signature transparency logs).
  • Problem: Grinding process manipulated at the warehouse to insert bad beans like subverted builds.
    Potential fix: Protected process (protected build process), cross-grind comparisons (verified reproducible builds).
  • Problem: Grinders manipulated at grinder manufacturing center (like trusting trust attack).
    Potential fix: Transparently review grinder manufacturing (bootstrappable builds, diverse double-compiling).

"There are four steps we recommend pretty consistently: Determine what should be protected and why, discern who is in your supply chain — throughout the ecosystem of subvendors, identify the security risks within the supply chain, and build controls around supply chain security risks," says Sharon Chand, a principal in Deloitte Risk & Financial Advisory's Cyber & Strategic Risk practice.