In recent years, farmers and other food suppliers have recognized the need for technology modernization. But they’ve been slower to recognize the importance of cybersecurity.
As agriculture becomes increasingly digitized and operational in the cloud, its exposure to threat actors increases. Given that the U.S. has only minimal cybersecurity laws in place for the industry, not much is officially required to be done to adapt to the new security risks that come with the new technology. Last year for example, JBS, the world’s largest beef supplier, suffered a ransomware attack that halted one-fifth of its American production. In the end, JBS paid the hacking group REvil a whopping $11 million to recover files that had been compromised.
JBS supplies roughly a quarter of all beef consumed in the U.S., putting it and other major suppliers squarely in the category of critical infrastructure. Although the agricultural industry isn’t held to the same standards as gas pipelines or the electricity grid, this attack illustrated how food systems are just as susceptible to cyberattacks as what we traditionally consider critical infrastructure. Hackers aren’t just exploiting big names, either. Smaller players, such as a Wisconsin milk plant and an Iowa grain cooperative, have been hit by ransomware attacks too.
There’s tremendous upside to technology adoption in the world of food and agriculture, including the ability to get more done with far less manual labor. From smart tractors to robotic milking to fruit-picking drones, farming is being fundamentally transformed. But most agricultural automation is managed through consumer smart devices like mobile phones or iPads, many of which have been built with ease-of-use and efficiency in mind — not security.
The Cybersecurity Basics
Automating processes without increasing cybersecurity leaves the door open for bad actors to wreak havoc. And the cost of cyber vulnerabilities goes beyond a steep ransom payment. Attacks can lead to everything from higher grocery prices to contaminated foods. While the U.K. has put out some cyber recommendations for farmers, cybersecurity advice and mandates are largely lacking for food and agriculture companies in the U.S.
A recent hacking conference highlighted an abundance of vulnerabilities in John Deere and Case New Holland’s systems. To address these risks and better their security postures, farmers and agriculture companies must establish and maintain good cyber hygiene. This includes keeping devices up to date, replacing old machines, using strong passwords encryption, and two-factor authentication. Additionally, it’s crucial to have an offline backup plan prepared; data should be backed up regularly and stored off devices. This degree of separation will make a huge difference in the event of a ransomware attack, during which access to the network may be completely restricted. Any data, from invoices to inventory, needs to be accessible offline as well.
While these are seemingly simple recommendations, the agriculture industry still lacks federal oversight on its cybersecurity practices, despite years of warnings about the potential consequences. In fact, there’s far more guidance on animal welfare than cybersecurity vulnerabilities.
The Role of Zero Trust
While automation may lead to new vulnerabilities for the food supply chain, the good news is that automation can also be deployed to counteract them. These days, it’s not a matter of if a breach will happen, but rather when. That’s why zero-trust security needs to become the new normal. In simplest terms, zero trust is a security paradigm that moves beyond simply gatekeeping users. In addition to strict identity verification and explicit permission to access systems and files, automated monitoring can detect dangerous activity on the network. By quickly flagging and responding to unusual activity, modern security tools can stop a single compromised account from turning into a wholly disrupted supply chain.
While zero-trust principles have been mandated for government agencies by the current U.S. Administration, this approach is just as urgent in the world of agriculture. As awareness about the threat of cyberattacks targeting critical infrastructure continues to grow, farmers and agriculture companies need to be prepared to face these challenges. While automation is a great tool for maximizing efficiency, we must also ensure that security is at the forefront of all modernization initiatives to protect our nation’s agricultural supply chain.
Audra Simons is senior director of global products, global governments and critical infrastructure with Forcepoint.
Timely, incisive articles delivered directly to your inbox.