Tractors vs. Threats: How to Hack a Farm

Forget the parasites for a minute. Modern farms also face another, more insidious threat.

While in the UK Police and part of the National Cyber ​​Crime Unit in 2018, I was asked to give a talk on cybersecurity at a meeting of the National Farmers’ Union (NFU ) in southern England. Right after I started my speech, a farmer immediately raised his hand and told me that his cows had recently been “hacked”. Baffled and amused, I was immediately hooked and wanted to know more about his story.

He went on to tell me that his farm was relatively state of the art and his cows were hooked up to an online milking machine. Once, when he clicked on a malicious attachment, his computer network crashed and he realized that without the network he had no way of knowing which cow had been milked or which cow had to be milked next, causing major panic and stress – and maybe not just enough for him.

Worse still, it was not just his cows that were attacked, according to the farmer. All of the farm’s online accounts had also been compromised and as a result his tractors had been taken offline, leaving him with no information on which of his fields had been cultivated or still needed to be cultivated, as the tractor usually plans routes through their online accounts. .

Tractor being used in a Dorset field

Caught in the crosshairs

Indeed, agriculture is no longer as before. The increased use of emails, online monitoring tools, remote controls and payment systems – as well as automated smart farming equipment such as internet-connected tractors – means that the level of digital threat is rapidly increasing for farmers. farmers and rural communities.

Few of us think about it, but some farms are very high tech and I personally am immensely impressed with the technology used in farming. However, it also attracts far worse threats than slugs and crows. Simply put, farmers around the world now face the same level of cyber threat as other industries.

A Cambridge University report recently said that smart farming technologies such as automatic sprayers and robotic harvesters could be hacked and the likelihood of this happening is increasing. The UK’s National Cyber ​​​​Security Center (NCSC) is working with the NFU to support the agriculture and livestock sector, but farmers still have much more to do and learn.

Talking to local farmers in my rural county of Dorset, UK, I realized they really needed to be made more aware of how best to protect themselves and their businesses. I recently met a farmer, let’s call him Tom, in the middle of the Dorset countryside at the end of a busy harvest season. He showed me the tools and equipment used, all of which were data-intensive, heavily technology-driven, and all connected to the internet.

Tom’s tractors can be mapped, monitored and controlled – as well as shut down – remotely. They all have 4G connectivity and they won’t work without the latest updates applied (great shot from John Deere). I immediately understood that if his systems were hit by a ransomware or DDoS attack, the effects would be financially crippling, especially if it were to happen at harvest time.

Map showing where the tractors are

Cash cows for cybercriminals?

I scoured Tom’s office network and found a few critical flaws which were soon fixed – think no local security software, every online account using the same passwords, no local backups , etc. But it soon became apparent that there was clearly very little cybersecurity training offered when setting up online farming accounts or smart farming equipment, and such training is also not on these farmers’ radar. Their job is to supply the world with products, rather than prioritizing keeping cyberattacks at bay.

Tom’s collection is made up of three tractors covering his 8,000 acres of land, each with an attached online account which he enters and controls via username and password. This access allows him to see where tractors are located, check for updates, and perform other administrative functions.

He uses Windows 10 for both local machines and a VPN to work remotely through another office a few miles away, but the majority of the data collected from his various devices is stored in online accounts. Agriculture is now more digital than ever and probably produces more megabytes than kilograms. Tom noted that there are every conceivable detail that can be analysed, from which fields were fertilized and which fields have the most weeds per 50cm2 area to know how much pesticide and where to spray, to reduce consumption compared to blanket spraying.

This map shows where fuel is used the most on the ground

Tom constantly checks his emails and it became obvious to him that the threat was quite visible and cyber criminals attack using email as their first port of call in most cases. Without security software in place, this became an instant hassle.

He also told me that some local dairy farmers connect their cows to their network, which means they can monitor the flow of milk produced per cow…but it also comes with the risk of being ransomed if those networks are compromised. I never thought a cow could be ‘held to ransom’, but this is the Wild West of the internet where anything unseemly happens.

Example of invaluable yield data for a farm

Digital security for farmers

The agricultural industry is vital to the global food industry and therefore requires the utmost protection against cyberattacks. It is apparently potentially very easy to hack a farm, and therefore greater awareness is vital in the industry. From the basics like implementing password managers and using multi-factor authentication to using state-of-the-art security technology to withstand an attack on large agricultural service companies like than John Deere, it is clear that more needs to be done to support farms around the world. .

There is a distinct possibility of being able to compromise these online accounts and this carries the risk of being able to remotely access large machines, control them, hold them for ransom and hold the usual (large amounts) of agricultural data for ransom too. Every year more and more smart and machine learning technologies are developed, providing more protection for those who need a balance between convenience and security, but it takes time to trickle down to all industries and those in need. In the meantime, awareness and education about quick wins are essential to ward off the inevitable attacks.

Leave a Reply