Bracing for Cyber Attacks on Agriculture
The agriculture and food supply chain industry has had to deal with a double-edged sword: digital technology has helped it thrive while also exposing it to cyber security threats. The agriculture sector is increasingly becoming a target of cyber-attacks, with major consequences for rural populations' livelihoods and key infrastructure, such as supply networks.
We all have skin in the game because agriculture is so crucial to the world's well-being and economy, thus cyber security can be regarded as a shared responsibility. In turn, good cyber security is more than a checklist exercise. It, like any other form of company risk management, necessitates ongoing attention.
At this point in time, all critical infrastructure operators, including the agricultural industry, should view cyber security as a top priority.
The FBI Gets Involved
In February of this year, the FBI released a joint cyber security advisory with cyber security authorities in Australia and the United Kingdom, warning of an evolution in ransomware techniques.
Agriculture cooperatives (also known as "farmers' co-ops") are facing the threat of well-timed ransomware attacks, according to a Private Industry Notification issued by the Federal Bureau of Investigation (FBI). Attacks during the vital planting and harvesting seasons, the agency warns, might result in the theft of private information, as well as operational disruption, which could result in financial losses and even food shortages.
The FBI’s second warning to the food and agriculture industry comes on the coattails of the first warning made in September 2021 that ransomware threat actors were increasing their attacks as the industry implemented more smart devices.
Cyber Attacks on Agriculture
In 2021, a ransomware attack was launched against meat producer JBS, and two grain purchasers in the United States were targeted during the harvest season. Following ransomware attacks on businesses such as worldwide meat packer JBS, cybersecurity in the farm and agribusiness sectors became a prominent topic in 2021.
Additional ways used to increase perceived pressure on victims to pay a ransom include disrupting supply chains at vital times and/or threatening to reveal secret data. In fact, six grain cooperatives were robbed during harvest in the fall of 2021, according to the Federal Bureau of Investigation. In addition, in early 2022, two strikes were launched that may have affected seed and fertilizer supply.
Because of the time-sensitive role cooperatives play in agricultural production, cyber criminals may regard cooperatives as profitable targets with a willingness to pay. While ransomware assaults on the full farm-to-table spectrum of the FA [food and agriculture] industry are common, the quantity of cyber-attacks against agricultural cooperatives during important seasons is noteworthy.
BlackMatter ransomware struck Iowa's NEW Cooperative in September 2021, demanding $5.9 million in ransom. To stop the ransomware from spreading, the company was forced to take vulnerable machines offline, and the ransomware gang reportedly stole 1,000GB of data, including financial documents, personnel data, and source code for a farming technology platform.
Crystal Valley Cooperative, a prominent farmer's co-op in Minnesota, was targeted by a still-unnamed ransomware strain two days after the NEW Cooperative incident. This prevented the company from processing major credit cards and caused some issues with its phone system.
Risk Vectors in Agriculture
The newness of smart technologies
Smart technology and remote administration utilized in PA and smart farming are brand new for its stakeholders in the heavily mechanized landscape of agriculture, with most of the new concerns in this domain being strongly linked to similar threats in other industries. Cybersecurity, data integrity, and data loss are the most common dangers. Furthermore, because the PA industry employs heavy machinery that is linked to the internet, there are a slew of new vulnerabilities that could have severe repercussions.
Modern agriculture is exposed to cybersecurity and IoT-related threats that are closely interconnected with PA and smart farming.
Equipment vulnerabilities
Harsh environmental conditions, such as high temperatures, humidity, rain, winds, and other phenomena, have a direct impact on the agricultural industry and can cause major damage to electromechanical equipment.
All of these sensors are prone to failure, resulting in inaccurate measurements and commands, which could lead to a production disaster. In addition to monitoring and controlling sensors, the low-power wireless networks used in the agricultural industry can be affected by harsh environmental conditions such as temperature, humidity, obstructions, and human presence, resulting in communication and data loss. Furthermore, sensors and network devices are often physically accessible. This poses a significant threat to farmlands, as anyone with bad intent can gain access to them and either destroy or compromise them, causing them to malfunction.
Data collected from IoT sensors and other agricultural gear is now being shared online, posing yet another potential security issue. Farmers can suffer substantial financial and personal consequences if their data is breached, hence data privacy and ownership are a critical security issue in the agricultural sector.
As more technological advancements are adopted by the agriculture and food industry, the number of susceptible entry points for malicious attacks grows. These technological advancements include wireless connections, Radio Frequency Identification (RFID), infrastructure sensors, mobile devices, automation systems for PA, unmanned aerial vehicles and drones, combination of biotechnology and nanotechnology, artificial intelligence, and more.
Data vulnerabilities
Confidentiality threats include internal data thefts to harm an agri-business or farmer, intentional data theft via smart apps and platforms non-compliant with confidentiality regulations, unethical sale of data to minimize or damage farmer profits, and unauthorized access to sensitive and confidential data using equipment like drones, sensors, cameras, and more, all with the goal of compromising agricultural security.
Because PA is primarily concerned with automated data gathering, analysis, and decision-making, data integrity and availability are critical. Data falsification, whether deliberate or accidental, can have serious repercussions, particularly because it can influence the judgments made by artificial intelligence (e.g., Machine Learning) algorithms and automation systems, resulting in interruption or destruction of production. False data can also produce dangerous scenarios for both the products and the farmers if fertilizers or pesticides are abused, which can also be eventually present in the plates of consumers.
By using connected smart devices, a large volume of heterogeneous forms of data is sent over the networks. As smart technology becomes more accessible, hackers will be able to exploit many access points within users' homes, offices, and any other application or space.
Cyber criminals can hack into a system using one of the entry points created by connected smart devices and exploit vulnerabilities at many different layers such as network, application, Edge, IoT, or middleware. Agricultural stakeholders must identify and protect their Edge and IoT environments as well as adhere to modern security and privacy standards.
Best Practices to Protect Against Cyber Attacks in Agriculture
High-impact and sophisticated assaults on vital infrastructure organizations, including agriculture, are becoming increasingly widespread around the world, posing a serious threat to the food chain, human, and livestock food security.
Grain and corn production disruptions could have an influence on commodity trading and stock prices. An attack on a protein or dairy processing facility can swiftly result in ruined products, with cascading impacts down to the farm level when animals cannot be processed.
To protect against ransomware attacks, agricultural businesses must analyze risk and implement methods for essential information backup, protection, and recovery practices. Agricultural firms should handle cyber security in the same way they do fire safety, with cyber-drills to ensure that employees involved in the day-to-day operations of the farm understand how to quickly deploy back-ups in the event of a digital shutdown.
Threat actors may and will attack vulnerabilities in networks, systems, and apps, thus the sector should focus on securing them. Here’s some advice on how to defend yourself from ransomware attacks:
- Back up data on a regular basis to an offline, air-gapped location where attackers won't be able to access it.
- As soon as security upgrades become available, patch your software and firmware.
- Slow down attackers, make it simpler to locate them, and limit their impact by segmenting networks.
- When possible, use multi-factor authentication (MFA).
- Use complex passwords and don't reuse them.
- Partner with a robust, enterprise-grade, AI-based cybersecurity solution provider that offers you advanced network visibility, early threat detection, and automated incident response and remediation like AI EdgeLabs.