The agriculture sector is a staple of critical global infrastructure. We need food to survive as human beings, and a loss of access to these assets could be physically and emotionally detrimental to hundreds of millions of people. The sector is made up of numerous organizations that support critical functions such as growing crops, raising animals, and harvesting fish and other animals from a farm, ranch, or their natural habitats. What on earth might these types of organizations have to do with cybersecurity? The answer is everything!
Like most industries, agriculture-focused companies are joining the technology wave. These companies rely heavily on data, systems, and advanced technology to deliver operations. The Department of Homeland Security defines it as follows: “Precision agriculture employs a variety of embedded and connected technologies that rely on remote sensing, global positioning systems, and communication systems to generate big data, data analytics, and machine learning. These technologies allow for more precise application of agricultural and livestock management inputs such as fertilizer, seeds, and pesticides, resulting in lower costs and improved yields.”
These complex digital assets open the industry up to a whole new world of cyber threats that must be addressed to preserve cybersecurity in agriculture.
Example cyber risks in agriculture and the impact
The industry is exposed to similar threats that most industries face today. Threats around data exposure and unauthorized access are prevalent. These companies have tons of data on employees and customers, as well as confidential information that could be damaging in the wrong hands. This information must be protected from cyber threats. Beyond data, there are also additional threats to some unique devices in the sector.
Unauthorized access to unmanned aerial systems that can be used for seed distribution are examples of a cyber risk that advancing technology introduces.
Impacting the integrity and accuracy of agriculture systems by injecting inaccurate information into smart sensor networks can also damage crops or herds. For example, if someone is able to remotely manipulate the HVAC system in a temperature-controlled livestock or plant environment and change the temperature to a level that the inhabitants cannot withstand, this could end in a loss of livestock or plants.
The last example is around eliminating the availability of communication networks. Agriculture entities tend to operate in very distributed environments, and communication networks are critical to keeping operations connected and running. From a cyber perspective, if someone can successfully reduce the availability or remove access to these communication channels, this could impact and potentially halt operations.
Example breaches in agriculture and the impact
Numerous cyber attackers have targeted the agriculture industry.
In one example, an information technology firm specializing in agriculture recounted efforts to help a farm client navigate a crippling ransomware attack in the past. After the incident, they were left considering the options to either attempt wiping all machines and restoring from backups, or paying up to hopefully get the data back.
Cyber criminals also know that farmers are usually not expected to be targeted for cyber-attacks. As such, attackers can send a wide range of phishing emails with enticing topics to get victims to click on links that can download malicious content onto devices. This can lead to everything from the activation of ransomware, which would lock up the organizations’ files in exchange for cash, to data leakage, which could expose the company’s confidential information.
What the sector should be focusing on
- Always ensure you are covering the security basics. Have a strategy that focuses on people, processes, and technology. Ensure that systems are protected with anti-virus (that is up to date). Maintain an active inventory of assets and monitor their use. Back up data regularly.
- Separate operational technology from business technology. You’ll need access to general tools like email, spreadsheet software, and more, but these business solutions should be segregated from critical operational solutions where possible to reduce risks.
- Gain an understanding of the vulnerabilities associated with remote censoring technology, machine learning, and other new leading-edge technologies in agriculture.
- Don’t skimp on security. It may seem strange to have a cybersecurity resource or robust focus on cybersecurity in a farm area or food production space, but it’s absolutely critical to the safety of consumers and survival of the business.
Who should be focusing on this?
Agriculture covers a wide range of organization types. Some that should be concerned with this evolution include farmers, laborers, livestock and plant-based producers, entities that support or reap the benefits of outputs from the industry, and more. There is also a safety element to cybersecurity in agriculture. Within the sector, organizations are often dealing with products that human beings are consuming, and key regulations and guidance must be followed to ensure that operational processes and outcomes are safe to consumers.
The world needs the agriculture industry to deliver critical functions that support the preservation of human life. The sectors growing exposure to cyber-attacks can threaten an organization’s ability to meet this vital need if not appropriately protected. It’s essential that we continually understand, prioritize, and address cyber risks in the agriculture sector.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.