Cybersecurity Threats in Food Manufacturing

Categories

College of Engineering | Computer Science | Honors Research | Research | SURF

Headshot

Author: William Graef | Major: Computer Science | Semester: Spring 2025

Hello, my name is William Graef, and I am a Computer Science major in the College of Engineering. During the Spring 2025 semester, I have been working closely with my mentor, Dr. Chris Farnell—an EECS assistant professor—to develop a realistic manufacturing model that demonstrates cybersecurity threats to our nation’s critical infrastructure.

Over the course of my research, I found myself stepping outside my area of expertise and into unfamiliar territory. I learned how to emulate a dilute-phase pneumatic conveying system, studied common manufacturing practices, explored various industrial control systems—and most importantly, discovered how these components can be exploited. In the future, I plan to streamline the model and make it portable, so it can be used as curriculum for industry professionals or students.

I met Dr. Farnell after bouncing between several EECS professors during my first year at the University of Arkansas. I knew I wanted to do research, but I wasn’t sure what topics interested me. That changed when I heard from Dr. Alexander Nelson, another professor in our department, that Dr. Farnell was planning a summer research experience that would allow me to test the waters—without the pressure of academics.

I worked with Dr. Farnell for some time before receiving my current project: developing a realistic model of a cookie factory to showcase common cybersecurity attack vectors and demonstrate how to mitigate them. The topic interested me immediately. Just a year prior, I had worked in a cookie factory and already understood how food plants operate. I saw an opportunity to explore cybersecurity in an environment that felt familiar. And beyond personal interest, this work has real importance—imagine someone tampering with how your food is made.

That said, the work has been challenging. While I had some knowledge of manufacturing processes and food plant operations, I’m not an industrial engineer. When it came to modeling physical systems, I was, for the most part, in the dark. I spent a great deal of time researching and refining my model to ensure it was as realistic as possible.

Throughout the semester, I’ve been fortunate to work alongside peers with far more experience than I have. There were times I hit walls I couldn’t have broken down without the guidance of senior research assistants, fellow undergraduates, or my mentor.

While I haven’t yet presented my research, I plan to complete most of the project this summer and share my findings at the Design Methodologies Conference in Fall 2025, in Fayetteville, Arkansas. I also plan to attend the Forge Institute’s Cyber Summit in Little Rock to gain professional insight and feedback from people in the industry.

Through this project, I’ve learned a great deal about industrial control systems, their communication protocols, manufacturing processes, and how vulnerable they can be to cybersecurity threats. I look forward to continuing my research in Fall 2025, where I will focus on compacting the project so it can be used to educate others and raise awareness about vulnerabilities in critical infrastructure.