A new kind of pest: Hackers and cyberattacks in today’s agriculture

The context

The threat of cyberattacks on agricultural producers is increasing, along with the resulting costs for individual farmers and agri-food businesses alike with payments to hackers reaching new highs every year.[1]

More than 20% of Canadian businesses were a target of a cyberattack in 2019[2]. A recent report[3] puts the cost of cyberattacks on Canadian businesses in the hundreds of millions each year, although the actual amount is certainly higher as most attacks go unreported.

There are many types of cyberattack ranging from simple messages aimed at duping the reader to technically complex viruses and programs that can infect a computer.

A common form of cyberattack is phishing, which is the process by which an email that appears to be from a trusted sender attempts to fool the recipient, often by enticing them to click a link which results in the automatic download of harmful software to the recipient’s computer. This software is often a form of “ransomware” which essentially prevents the user from accessing their computer or accounts until a fee is paid.[4]

Another less obvious type of cyberattack occurs when someone inside an organization allows a third-party to access the organization’s data, or simply leaks it. Over the years certain activists have gone to great lengths to gain employment on specific poorly managed farms in order to record and release footage which then used to falsely represent an entire industry rather than address the issues of a single farm.

One type of attack that is especially pertinent to farmers is the issue of sensor hacking, which can lead to the improper distribution of fertilizers, water, chemicals, or to the disruption of animal welfare monitoring systems.[5]

Certain agricultural businesses may be more subject to cyberattacks than others, such as those in the livestock sector which attracts significant attention from activist, or “hacktivist” groups. Some farmers have had their addresses leaked or even mapped by activists.[6]

Agricultural organizations may even be targeted for intellectual property theft. For instance, certain crop varieties or technologies developed by an organization may be hijacked and used by another entity to gain advantage in today’s highly competitive markets.[7]

With the increasing frequency of cyberattacks, agriculture must shore up its digital defences, especially in light of recent research which found that many actors in the agriculture industry have received insufficient training in this area.[8]. A survey of farmers in the US showed that about half (51%) were interested in attending cybersecurity training, but only 3% had actually attended such training[9]. Another survey of beginning farmers in Illinois showing that 34% of them were interested in attending cybersecurity training, and 10% had actually attended such training[10].

What are the risks?

Agricultural production is already susceptible to unpredictable circumstances, such as weather, but as farms become more technologically complex, the potential for significant disruption due to cyberattacks is increased for all actors and stakeholders.[11] Moreover, the risk of on-farm cyberattacks is not distributed equally within the industry, with some sectors being targeted more frequently and some farms less financially equipped to invest in appropriate safeguards.

Loss of access to critical data and systems are among the primary risks facing farmers. Data may be hijacked, erased, stolen, or manipulated. Poultry monitoring, automated milking, self-propelled tractors, watering and fertilization, or cough detection in a pork finishing barn are examples of systems which may be disrupted, leading to production and revenue losses, and perhaps even food supply issues.[12]

In the case stolen intellectual property, as mentioned above, the impacts may be even broader if the company’s competitive advantage is lost, which can lead to larger scale economic impacts.[13]

What does it mean for farmers?

Today’s farmers must include cybersecurity in their risk management plans. Ensuring proactive risk management can build resilience to cyberattacks, limiting the potential for data and production losses. Should a cyberattack take place, well-prepared farmers should know what resources are available to them in the event a data security breach or if their farming systems are compromised.

There is already significant pressure on farmers to plan for and adapt to the everchanging landscape of the agricultural industry. The topic of cybersecurity is intimidating for most people, but making time to develop the farm’s resilience to cyberthreats can limit potentially significant damages and frustration.

What can farmers do to manage risk?

Farmers can manage cybersecurity risks by taking proactive measures to ensure the integrity of their data or by knowing to whom they should turn to resolve any issues which may occur as a result of a cyberattack.[14] Working with industry partners to ensure that security systems are up to date should be a key first step. Farmers should also do the following:

• Never provide private financial information to an unverified entity
• Use multiple layers of authentication (i.e., multifactor authentication)
• Backup your documentation and data
• Advocate for greater cybersecurity protection within their own social and professional network
• Install a combination of cybersecurity tools, antivirus and malware protection software, encryption, VPN
• Seek cybersecurity training
• Find a cybersecurity support contact
• Identify vulnerabilities in your organisation
• Regularly ensure systems and software are kept up to date

Building cybersecurity into your farm business plan or risk management strategy will limit your exposure to the risk of cyberattack while also reducing the stress and confusion that may occur after such an attack has taken place. This is important not only for the farm’s productivity and profitability, but also to protect the supply chain at large.

[1] https://www.agweb.com/news/business/technology/cyber-threats-are-real-threat-modern-agricultures-expanding-digital 

[2] https://www.statcan.gc.ca/o1/en/plus/514-cybersecurity-risks-impact-canadian-businesses 

[3] https://chamber.ca/news/at-least-540-million-reasons-cybersecurity-needs-action-from-ottawa-canadian-chamber-of-commerce/#:~:text=According%20to%20the%20Canadian%20Centre,the%20average%20amount%20last%20year. 

[4] https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks 

[5] https://www.bakertilly.ca/en/btc/publications/farmalert-cyber-threats-to-precision-agriculture 

[6] https://www.stuff.co.nz/business/farming/115119994/farmers-furious-at-australian-animal-rights-activists-publishing-addresses-and-location-on-map 

[7] https://www.crowdstrike.com/blog/how-threat-hunting-uncovered-attacks-in-the-agriculture-industry/ 

[8] https://www.frontiersin.org/articles/10.3389/fbioe.2021.737927/full 

[9] Geil, A., Sagers, G., Spaulding, A. D., & Wolf, J. R. (2018). Cyber security on the farm: an assessment of cyber security practices in the United States agriculture industry. International Food and Agribusiness Management Review, 21(3), 317-334, cited by Spaulding, A. D., & Wolf, J. R. (2018), see below. 

[10] Spaulding, A. D., & Wolf, J. R. (2018). Cyber-security knowledge and training needs of beginning farmers in Illinois. https://ageconsearch.umn.edu/record/273781/files/Abstracts_18_05_23_09_37_46_59__73_9_19_11_0.pdf

[11] https://www.dtnpf.com/agriculture/web/ag/news/business-inputs/article/2021/10/27/food-ag-sector-vulnerable-ransomware 

[12] https://www.agweb.com/opinion/cyber-security-concerns-us-agricultural-sector; https://www.nbcnews.com/news/us-news/ransomware-hackers-find-vulnerable-target-us-grain-supply-rcna2702 

[13] https://therecord.media/us-farm-loses-9-million-in-the-aftermath-of-a-ransomware-attack/; https://www.agcanada.com/daily/cyberattack-on-jbs-halts-slaughter-at-canadian-u-s-plants 

[14] https://www.extension.iastate.edu/news/cybersecurity-concerns-farmers-and-agribusiness; https://www.bdo.ca/en-ca/insights/industries/agriculture/smart-farms-and-cybersecurity-steps-to-protecting-your-agriculture/