Cyberattacks on the rise in the agricultural sector


Glacier FarmMedia – Digital technology has been a double-edged sword for agriculture; it grows the sector but also exposes it to cybersecurity risks.

“The agricultural sector is increasingly the target of cyberattacks that can severely disrupt the livelihoods of rural communities and critical infrastructure, including supply chains,” said Janos Botschner, senior researcher for cybersecurity in the Canadian Agriculture (CSCA ).

why is it important: Experts say cybersecurity should be a priority for all critical infrastructure operators, including the agricultural sector.

The CSCA oversees the multi-year Cyber ​​Security Capacity in Canadian Agriculture project, developed to strengthen and support national food security and well-being, rural economic development and resilience, and national prosperity. Funded by Public Safety Canada’s Cyber ​​Security Cooperation Program, the project aims to build cyber security capacity in Canada’s agriculture sector.

“Because of the importance of agriculture to Canada’s well-being and prosperity, we all have a role to play, so cybersecurity can be seen as a shared responsibility,” Botschner said.

“However, good cybersecurity is more than a tick box exercise. It is something that requires regular attention, like any other form of enterprise risk management.

Botschner said a cybergang announced plans in late 2020 to disrupt the agriculture and food sector in the coming year. In 2021, an attack took place on meat processor JBS, and two grain buyers in the United States fell victim to ransomware attacks during the harvest season.

“Disrupting supply chains at critical cycles and/or threatening to release confidential data are additional methods used to increase perceived pressure on victims to pay ransom,” he said. .

The Federal Bureau of Investigation has confirmed that in the fall of 2021, six grain cooperatives were victims during harvest. In addition, two attacks were carried out in early 2022 which could have disrupted the supply of seeds and fertilizers.

“Cyberactors may perceive cooperatives as lucrative targets willing to pay because of the urgent role they play in agricultural production,” the FBI said in a statement.

“While ransomware attacks across the FA farm-to-table spectrum [food and agriculture] sector occur regularly, the number of cyber-attacks against agricultural cooperatives during key seasons is notable.

The FBI, along with cybersecurity agencies in Australia and the United Kingdom, issued a joint cybersecurity advisory in February that warns of an evolution in ransomware tactics. High-impact and sophisticated attacks involving critical infrastructure organizations, including agriculture, are increasingly common around the world, which could have a significant impact on the food chain and the food security of humans and the world. livestock.

“A significant disruption in grain and corn production could impact commodity trading and inventory,” the FBI said.

“An attack that disrupts processing in a protein or dairy factory can quickly lead to product spoilage and have cascading effects down to the farm level, as animals cannot be processed.”

Botschner did not speculate on the extent of the threat to Canadian producers and supply chains, but noted that the interdependent nature of Canadian and U.S. supply chains, purchasing agreements and positions geopolitics justify a risk analysis in each sub-sector.

“It is important to understand that the agricultural sector has many large organizations, but also independent producers who are essential to the supply chain,” he said.

“Many (farms) are run by families who operate the same devices and accounts for work and personal use. Most would not have a dedicated IT employee and may not have thought of business continuity plans. »

At the agricultural enterprise level, it is essential to assess the risks and develop protocols for backup, prevention and critical information recovery policies to protect against ransomware attempts.

Farm businesses should approach cybersecurity like they approach fire safety, he said, with cyber drills to ensure those involved in the day-to-day running of the farm understand how to quickly implement safeguards in case of digital stop.

Ritesh Kotak, a Toronto-based cyber/tech analyst, said there are several devices generating data in agriculture, such as smart irrigation systems, drones, weather sensors and other weather monitoring tools. Internet of Things (IoT) in which aggregated data is provided for convenience.

Farm business owners often make the simple mistake of buying consumer-grade, not professional-grade, devices that have increased service safety and scrutiny, Kotak said.

Providers should be asked about their privacy policies, whether they share consumer data, and whether their support team is in-house or outsourced. Customers can then assess the cyber risk.

“Personally, I like to look at information about the company, how long it has been in business, who is on its board of directors and any complaints against the company,” Kotak said, adding that he was talking to customers for an enterprise-level service rating. .

He said it was essential to develop policies, communicate and implement them with staff, and ensure that data and software training is simple and understandable. This means being wary of free trials, which could track user activity.

Reading the terms of service, while tedious, is key to finding “hidden” information, he said. For example, the second generation Nest smoke detector is equipped with a microphone.

The terms of service for a Delaware-based facial recognition app he reviewed stated that the app’s data was stored in St. Petersburg, Russia.

“This idea of ​​data residency – you want to ask this question. Even if you’re using a cloud-based system, where is my data housed?” Kotak said. “And is there a way for me to house it? north of the 49th parallel in Canada?”

He said customers may require, and may even be required, to ensure data is hosted in Canada, particularly if they are working with government agencies.

Botschner said a collective shift from a reactive to a proactive posture is needed when it comes to cybersecurity.

“Over the next two years, our project will produce knowledge products to help producers, policy makers and others explore and implement ways to improve cyber capability in this key sector,” he said. he declares.

– Diana Martin is a journalist for Closed. His article appeared in the May 16, 2022 issue.


Comments are closed.