Support 416-591-6711 option 1 or Email Us

Cybersecurity for the Agricultural Industry

Fri, 31 May 2019

All industries are susceptible to cyber attacks, but agriculture is especially vulnerable. Newly networked precision farming technologies have taken a highly mechanical and labour-intensive industry online, significantly increasing the threat landscape. Otherwise common threat vectors like the improper use of USB drives or spear-phishing may have unique and far-reaching consequences on the agricultural industry, and, correspondingly, negatively impact the food supply chain. 

David Kohl, Professor Emeritus of Agricultural Finance, Virginia Tech University, says, "The more high-tech we become, the more vulnerable we become." Cyber attacks on agricultural technology could be a black swan facing the agricultural industry over the next decade. Kohl goes on to state, "It's not if it's going to happen; it's when it's going to happen."[i] Magnifying the agricultural industry's susceptibility is the fact that much of the technology that precision farming now relies on are smart devices that are part of the Internet of Things (IoT). IoT devices have primarily been produced with few internal cybersecurity measures in place. 

Growing IoT 

At the 2018 Grain World Conference in Winnipeg, Doug Tait spoke about the importance of cybersecurity on farms. Tait said the myriad of IoT devices being used in agriculture are creating threats that most farmers haven’t considered. “The agriculture sector alone is experiencing an IOT growth rate of 20 percent compounded yearly, and by 2025 there will be an estimated 224 million devices," Tait said.[ii] 

There are multiple security threats related to the implementation of digital technologies in crop and livestock production. Precision farming employs a range of embedded and connected technologies that rely on global positioning systems (GPS), remote sensing, and communication systems to produce big data, data analytics, and machine learning. 

These smart and connected technologies allow for more precise application of agricultural and livestock management inputs such as feed, seeds, fertilizer and pesticides. Precision farming results in lower costs and improved crop yields, which is of increased import with a growing population, climate change, mass urbanization, diminished farmland and soil degradation projected to cause global food shortages by 2050. By then, food demand will be 60% higher than it is today with a world population expected to reach 9.8 billion.[iii] This makes food and livestock increasingly more valuable resources to control or manipulate.

Threat actors who have a political or personal motivation to interfere with the agriculture industry, referred to as agroterrorists, are a serious threat, says Brent Raeth, Managing Partner, CatchMark Technologies, an IT firm specializing in agriculture. "If you're running robotic dairies or you were relying on computer systems, in general, to operate your dairy, that kind of espionage can happen.” He goes on to say that “People can hack your system and either destroy your data or render your systems unusable.”[iv] At the Winnipeg Grain Conference, Adrienne Ehrhardt, of Michael Best, said: “cybersecurity is not only about data theft but also data manipulation, and that can result in crops dying.”[v] 

Confidentiality

When you think of farms, data is most likely not top of mind. However, data privacy is a primary concern when implementing precision farming. Farmers are quite protective of information such as crop yield data, land prices, and cattle herd health. The loss or misuse of the data can have a devastating financial impact on farmers. There is also the potential loss of reputation for agricultural equipment and software manufacturers.

Integrity

Precision agriculture has rapidly become smart farming with the introduction of vast sensor nets being built in the crop and livestock sectors. Data collection and analysis assists farmers in making real-time farming and livestock decisions. As precision farming increasingly adopts equipment automation, robotics, machine learning, and edge computing, previously unimaginable threats to data integrity are manifesting in the agriculture sector.

Availability

Farming and livestock operations rely heavily on specialized equipment. Smart farm equipment comprises a system of systems, that’s reliant on complex embedded tools, and a sophisticated grouping of sensors, communication and guidance systems. If a cyber attack forces that equipment offline or makes it inoperable, that has high costs in both time and money for farmers. This is especially important in the agriculture industry where there are exact seasonal and weather windows of opportunity for planting and harvesting, across every crop sector, where equipment must be operational. If an equipment failure were to occur in a livestock production facility, a complex of internet-connected buildings that manage livestock, such as an attack on a feed system, it could result in the expensive loss of livestock.  

Cybersecurity for the Agricultural Industry

Precise Cybersecurity

Agroterrorism and cybersecurity incidents against the agriculture sector are so worrisome that the United States Department of Homeland Security published Threats to Precision Agriculture that discussed, in detail, the specific sector threats and advises ways to build cyber resiliency. Many cyber attacks can be thwarted by practicing basic cyber hygiene, like robust and unique passwords and managing system access.

What follows are three key areas identified and outlined by the Department of Homeland Security to protect systems and data and build resilience into precision agriculture infrastructure.

1.   Embrace and implement recognized information security critical security controls to maintain and protect embedded and digital tools used in precision agriculture. Including:

·         Application software security

·         Incident response and management plans

·         Penetration tests

·         Continuous vulnerability assessment

·         Secure configurations for hardware and software on mobile devices, laptops, workstations, and servers

·         Malware defences

·         Limitation and control of network ports, protocols, and services

·         Data recovery capability

2.  Continue development of agricultural industry standards, both technical ISO standards for data and equipment, and privacy/use standards for data generated by precision agriculture applications.

3.  Building resiliency into rural navigation, communication, and embedded tool applications by developing multiple communication and computer processing paths such as 5G cellular, Wi-Fi, satellite, cloud services, and edge computing.[vi]

Between IoT device weaknesses and lax cybersecurity measures, the agriculture industry is susceptible to data theft, loss of reputation, interruption of processes and destruction of equipment, and gaining improper competitor advantages. Raeth states, "Change usually happens because of one or two things: enlightenment or catastrophe and you don't want to be the second one. Unfortunately, a lot of the customers come to us looking for cybersecurity because they experienced catastrophe.”[vii] 

Don't wait until a catastrophe happens. Protecting the agriculture industry is of vital importance with cyber attacks that could interrupt food supply chains or negatively impact the health and well-being of large populations. The agriculture industry needs to respond with network fortification measures and agriculture-specific incident response plans. Talk to the cybersecurity solutions specialists at ISA, who have over 27-years of demonstrated industry excellence, about how to protect your agriculture organization from a cyber attack.

 

 



‹ Back