The Current State of Cybersecurity on Farms and Ranches
Like most everything today, it’s either connected to the internet or we have the increased desire to connect everything to the internet. The next generation of tools that are coming is dubbed “internet of things” [IoT] based devices and these are what are facilitating a big data revolution, and in agriculture, this can unlock new opportunities for development, particularly in areas including sustainability, animal welfare, and traceability.
Systems and data cybersecurity might be a low priority on your list, or maybe not even on your list today, but farmers and ranchers need to be ever more conscious and cautious over this area of your business as you begin to adopt an increasing number of data systems, whether that is the herd management programs or cameras, sensors, robots, apps, and even the humble office computer. Also, how all these systems are connected.
Precision agriculture is unique, however, because it took a highly mechanical labor-intensive industry and connected it online, dramatically increasing the attack space available to threat actors. Due to this, otherwise common threats may have unique and far-reaching consequences on the agricultural industry.
Confidentiality, Integrity, and Availability (CIA) are the bedrock principles of information security. The danger is not just cyber-attacks per se, but any danger that could negatively affect the CIA, such as natural disasters, terrorist attacks, equipment breakdowns.
Today many on-farm data systems are on disparate dashboards, with data that can be on multiple servers, with some of these systems servers in international locations outside the US with many service suppliers having access, without tracking.
The cyber threats that we have recently encountered, whether that has been the JBS plant in Colorado, that controls 9% of all US beef processing or the Colonial pipeline that controls the movement of oil up and down the east coast of the US for a third of the population, these types of coordinated attack have long been predicted and reported as our Achilles heel, that is now been prodded and probed for further vulnerabilities by domestic and international cybersecurity threats.
Smaller and more local versions of these ransom-based cyber threats have been seen by hospitals, financial institutions, airlines loyalty accounts, and many others, just search the news. This is costing billions of dollars in damages and allowing deeply sensitive and confidential business and personal data and information to get out there on the internet. In many of the cases, companies have been paying off these hackers in the hope that they get back the information but find that the catastrophic damage is widespread and usually irreversible once control was taken back, which limits the ability to track the intruder.
The US Dairy industry represents 1.9% of US GDP, which supports millions of mainly rural jobs, that is a major economic provider to 11 states and hundreds of rural communities across the U.S. Today on many farms we have a low level of digital literacy, putting the farmer at greater risk with respect to data security, data quality, and data ownership.
As we move to a more digitized and automated livestock sector, we are under the same threat faced by so many other industries, and we need to begin to understand and expose our weaknesses now before we are too late. This has been highlighted by the US Department of Homeland Security report “Threats to Precision Agriculture”.
Data as a new and increasingly valuable resource represents opportunities in the 4th Industrial Revolution in Agriculture, where the convergence of artificial intelligence, the Internet of Things, advanced materials, and bioengineering technologies are enormous. We have the potential to democratize ownership, broaden political-economic participation, and reduce environmental harm.
But without understanding where our US food production and farm data is going, the potential threats or scenarios where foreign-made AgriTech is taking and storing US data outside the US, are real? What do that data and intelligence give those companies? We have seen many other areas of technology, where personal and sensitive data has gotten into the wrong hands, like the Cambridge Analytica incident (Cambridge Analytica was a data analytics firm with offices in London and New York City, had unauthorized access to more than 50 million Facebook profiles), and is this already happening on-farm today?
Data security is also food security. The wars of the future will no longer be fought on battlefields, but through domestic or economic disruption, and what better than our digitized food systems and precision livestock farming tools. We need to build our precision livestock farming systems with cybersecurity in mind at the farm level that reduces these risks or exposure, allowing for the security, defense, and maybe offensive tactics against cyberattacks and threats.
Cybersecurity is an imperative component of the value of data. Who is seeing, how much, and what data, is an integral part of active cybersecurity both on and off the farm. It is also linked to animal welfare, as we increase our adoption of technology to help us with more complex functions across farms and ranches, it must work and not be disrupted or tampered with, otherwise, it can have a detrimental effect on the animals and ultimately the viability of the business.
The Potential Threats
Like every great crime or cybersecurity drama, threats come in many unique and colorful ways as hackers try to gain value from the data or succeed in their objectives of disruption or chaos.
Most of the information management / cyber threats facing precision agriculture’s embedded and digital tools are consistent with threat vectors in all other connected industries. Malicious actors are also generally the same: data theft, stealing resources, reputation loss, destruction of equipment, or gaining an improper financial advantage over a competitor.
Damage/ loss or removal of data systems: if there is a fire and loss of IT on the farm, once you are back up and running you change out one system to the next and pull down and restore the backups. This is the same if systems or servers should fail. If you want to move or remove a data system, the integrations and centralization of your data mean it won’t be lost in this transition.
Unauthorized data user: Are there parties profiting from the use of farmer and rancher anonymized and non-anonymized data. Where is data being backed up to, who has a backup, who has a copy and how can that make the data owner vulnerable? If out there on the internet without control, what will the data be used for? Are the suppliers of the equipment gaining intelligence from your data that is making them value that may or may not benefit your business?
“Hacktivism”: these could represent threats by those who want to target data to expose livestock farms negatively. Intentional publishing of confidential information from within the industry such as from a supplier to damage the company or cause chaos.
Hacking:
Ransomware. Imagine a whole milking parlor being held up by ransomware and it won’t operate until the ransom is paid. This is not only going to affect your farm business but trigger a greater welfare incident, as to how do we manage hundreds and maybe even thousands of livestock we are unable to milk.
International threats. Other countries building tools so that they can understand, control, and influence domestic and international markets using data or target our infrastructure, to look for vulnerabilities, targets, and the ability to debilitate systems and supply chains.
The most frequent API-based attacks involve the exploitation of an API’s authentication and authorization policies. In these attacks, the hacker breaks the authentication and the authorization intent of the API to access data.
It’s program-to-program, system-to-system, application-to-backend—API calls. Those are now the new surface areas for attack. Addressing these potential vulnerabilities needs to be part of your overall security strategy.
Solutions and needed action:
Bringing farm data together from all on-farm disparate systems allows producers to take control and ownership of their data, which has tremendous value—on and off the farm. Working with producers, their data systems, and building a plan that includes a better and more integrated understanding of that data—why they are collecting it, how it flows, where it’s coming from, and what it means—is our next step in becoming the farmers of the future and confident in the security of your information. This is going to take learning new kinds of languages, terms, and systems, but the great thing is that these are getting easier, more intuitive, more user-friendly, and better intelligent support.
Improving the digital literacy level of your team and upskilling the workforce, will pay dividends to you and your business while reducing risk to threats while benefiting your business in so many other ways. These tools are easily accessible and a lot of the time free, which is good for all sorts of user levels.
The 80/20 rule (achieve 80% of the benefit from 20% of the effort) is a commonly promoted cyber-security practice for small and medium-sized businesses, which is a baseline cyber security control.
20% of the effort is basic in business actions like firmware updates (clears bugs), having security apps, farm security protocols, backups, user login, and tracking. Backups and secondary data repositories limit data theft and loss. Even though these items seem mundane, these immensely aid in the event of an incident and reduce the pain.
20% of the remaining benefits come from more aggressive and specialized cybersecurity skills, usually triggered in events like a fire, a hacker trying to get in and hold data ransom, or targeting the livestock security with a coordinated attack. These include using both defensive and offensive measures to take down, disable, limit spread, track, or stop the threat(s). Having plans in place ahead of any cyber threat is one of the best major deterrents.
Data ownership at the farm level is the first line of security for the data. Using Blockchain, NFT’s, and other data ledger technologies will help with the security and tracking of data, and these are tools that are expected to be deployed on-farm. Centralization and ownership of the data are the first and important part of security and require higher levels of defense as there is a greater value associated with this data ownership function once it is off the farm and should it be threatened by a third party handling or storage of your data, should they themselves experience a cyber security threat.
Many of these security tools that apply to our industry are either off the shelf tools and protocols we can put in place, while the more advanced tool’s we need to assemble can be supplied by service providers such as Google, Databricks, Microsoft, Amazon, IBM, etc. as well as many open-source tools, these are ready to apply to farmers centralized data, to assist in meeting the increased security needs.
Data security starts at the farm and with simple routine steps, we just need to make them part of our routine conversation and these will go a long way in limiting cybersecurity threats. Start putting some of the 20% of the effort in on your farm or ranch systems, which include some of the simple things: different user logins, two-factor authentication, routinely updating/subscribing to an antivirus/anti-malware program, ensuring that your operating system and application software is the most up to date, audit your data systems and how you use them within your business. From there you can build up the specific security systems for your farm or ranch needs over time.
References
Senators on Cyberattacks: ‘Agricultural Security is National Security’ | Dairy Herd
FBI warns ag sector of cyber-criminal attacks (feedstuffs.com)
IoT and Cyber-Security – How the Two Should Intertwine for Your Business (iotforall.com)
Threats to Precision Agriculture (dhs.gov)