You are currently viewing Security agencies warn of cyberattacks on agriculture

Security agencies warn of cyberattacks on agriculture

Over the years, farmers have had to protect their fields from a variety of pests, from six-legged insects to bipedal poachers. But, more recently, cybercriminals have joined this list of agricultural adversaries. And the threat is serious. So much so that the UK’s National Cyber ​​Security Center (NCSC) created a 14-page guide in 2020 (and revised last year) to help the farming community better protect themselves against common cyberattacks – addressing individual entrepreneurs, small and medium-sized operators and large-scale commercial farms.

Other security agencies also share concerns that farms represent a developing target for future cyberattacks. In 2018, the US Department of Homeland Security released a 25-page report to raise awareness of “threats to precision agriculture” (PDF). And, most recently in 2022, the US Federal Bureau of Investigation (FBI) informed food and agriculture partners that ransomware attacks on agricultural cooperatives could be timed during critical seasons.

Facts and figures

The commercial infosec has also picked up signals. In a 2020 briefing, threat hunters from Crowdstrike, a US-based cybersecurity firm, described “suspicious discovery commands” in telemetry collected from the client network of a large, unnamed agricultural company. And, less than 12 months ago, Crystal Valley – an American agricultural supply and grain marketing cooperative – warned customers that the company had been the target of a ransomware attack. Elsewhere in the United States, cybercriminals have attacked two grain cooperatives in Iowa, according to local media. The news is all the more serious as Iowa is ranked number one in corn production in the United States – delivering a total harvest of 2552.2 M bu in 2021, compared to 2191.7 M bu for Illinois, second (figures provided by CropProphet). Machinery manufacturers have also been targeted. AGCO – a global manufacturer and distributor of agricultural equipment – informed customers in May 2022 that it had made progress in resuming operations following a cyberattack earlier that month.

Agricultural businesses face multiple attack surfaces that offer many potential avenues for unauthorized users to explore. Going back to the NCSC advice from the beginning of this article – the UK government agency warns that “increased use of email, online accounting tools, online payment systems as well as automated farming equipment means that it is increasingly important for farmers and rural communities to look to their growing exposure to cyber risks.There is a plethora of new technologies hitting the market, including autonomous tractors, robotic automated harvesting and precision weeding drones, to name just a few examples – all of which are designed to make farming more efficient and more cost-effective effort, but have the potential to cause harm if digital attackers can find a way to enter.

Safety study

Security consultants NCC Group – which has offices in Europe and North America – have teamed up with agricultural researchers and land management experts to compile a detailed report on the cybersecurity threat to agriculture and agriculture. Wider Food Web (PDF). The study includes an in-depth look at the attack surface of human-driven and autonomous agricultural vehicles, with analysts pointing to Vehicle-to-Everything (V2X) communication systems as the most notable change in upcoming designs. Ingenuity is not lacking in agro-tech and the computer kit that goes with it attracts creative minds. This month, a security researcher who goes by the handful of “Sick Codes” showed how a John Deere tractor’s touchscreen could be repurposed to run a harvest-themed version of the computer game DOOM. And his DEF CON 2021 presentation (available to watch on YouTube) highlights the vulnerabilities facing the agriculture sector now and in the future.

“Potential risks should be responsibly addressed and new technologies properly tested in experimental environments to ensure they are safe and secure against accidental failures, unintended consequences and cyberattacks,” write experts from the University of Cambridge, UK, who published an article. in February 2022 examining the risks of using AI to grow food.

The difficulty for farmers is that they are busy people – doing the vital work of providing food for the world – and asking them to be CISOs and product safety testers on top of their existing responsibilities doesn’t is not a realistic option. Fortunately, help is on the way. Last year, for example, the Canadian government launched a 48-month program to first assess the cybersecurity capacity of its agriculture sector, then work with farmers to develop helpful resources.

Investment in cybersecurity operations was reported as an issue, especially for small family farms, which collectively remain a major source of food production in many EU countries. In a recent study, which focused on farms in Finland, researchers found that although the condition of network cabling and other computer hardware was good, many micro-enterprises lacked the know-how to manage system backups and engage malware protection appropriately. This underscores the need to automate software updates and other critical security processes (wherever possible) to avoid over-reliance on users, who may not all be IT experts.

Buy smart

Farmers may have no control over the actions of cyber adversaries, but they do have power over their own purchasing decisions. And buying wisely – look for digital products and services that were built with security first (not an afterthought) and with aftermarket support to deal with the unexpected – is important for building a stronger cyber defense from from zero. Additionally, cybersecurity-as-a-service vendors capable of meeting the needs of the agricultural industry could represent a valuable and additional wall to keep threat actors away from our food supply.

Leave a Reply