In the aftermath of a ransomware attack on Newhouse Cheese Company, CEO Chad Newhouse was faced with a dilemma. The security vulnerabilities in his company’s highly automated and digitized cheesemaking process were numerous and hard-hitting, leaving him with two rather unappealing options: take important elements of his process offline – a move that would result in increased costs and lowered efficiency – or continue on the path of digitization, risking the compromise of sacred family recipes and the safety of his product. Newhouse’s journey highlights two key themes: the widespread impact of inherent risk in over-networked systems and the importance of speaking up for important ideas despite societal assumptions.
The risk of over-networked systems is far-reaching, extending across industries. In the digital age, automation and instant access are seen as markers of progress, but they also contain real peril. In Newhouse’s case, this meant the chance of serious illness from Listeria and the publicization of secret family recipes. In health, the ramifications of an attack on digitized information are perhaps even more serious – the sharing of sensitive patient medical history, the potential misuse of medication, and even patient death through malicious modification of hospital data. Similar risks lie in hacks to financial systems, where money could be drained from users’ accounts, and energy, where entire regions can be (and have been!) cut off from heat and electricity for days. These risks indicate that some elements of companies should never have access to the Internet to prevent any possibility of an attack, particularly sensitive data that does not strictly require remote access by individuals. This includes Newhouse’s sacred recipes, high-level energy control systems, and distribution of medical prescriptions. And in cases where digital access is a necessity for a functional system, data should be closely guarded; for instance, bank logins should be encrypted and verified through multiple authentication steps, medical history should be available on a need-to-know basis through select secure channels, and, as Newhouse discovered, the thermization process for cheese should involve human presence. In our product, closely guarded assets include sensitive course-specific information and solutions as well as personal error and progress when learning to code.
The Newhouse Cheese Company’s story also reveals the critical importance of speaking up. In the case of Sara Wilund, “interrupting” a meeting with the CEO to present a valid and relevant idea was met with laughter. But her courage to share her idea in spite of dismissal, and Newhouse’s willingness to listen, was essential to uncovering the extent of security vulnerabilities within the company. In voicing her recommendation, Wilund challenged hierarchical assumptions by disagreeing with long-term digitization strategy set by higher-ranking executives of superior rank within the company. She also spoke out as a woman in a room full of dismissive male executives, continuing in spite of their scorn to make a valid point about the companies over-networked system. Had her idea not taken hold, perhaps these vulnerabilities would have remained unseen, eventually releasing dearly-held recipes and eventually pathogenic product to the larger public.
