Do Hackers Dream of Electric Sheep? Cybersecurity in Agriculture

By Leah Walker on August 27, 2020

While the Internet of Things (IoT) conjures up an image of a growing collection of sleek wifi connected toasters and other new additions to the household internet ecosystem, IoT also stretches far beyond the home – and is an integral part of America’s farming infrastructure. Information systems now drive much of the nation’s food production. Livestock is tagged with radio frequency ID tags, computerized irrigation systems water crops, crop progression and prospective yields are checked by satellite, self driving tractors already exist, smart sensors monitor product temperatures in transit, food processing is becoming increasingly autonomous, and planting can now be done autonomously. Artificial intelligence and data analytics are now agriculture tools that help farmers be more successful and efficient across crop and animal production systems. 

Emerging technologies continue to dramatically increase efficiency for the farming industry.  Precision agriculture, which uses data and technology to find the most efficient way to farm, has increased industry output at an astonishing scale. Corn, wheat, and soy production per acre have more than doubled since 1961. The move to increasingly complex technology on the farm has been accelerated by farm consolidation. Large farm conglomerates have more resources to introduce the latest technology into its systems than smaller, family-owned farms. 

These tools are necessary. Agriculture is a particularly delicate system, with sensitive times for crop planting, maintenance, and harvesting, as well as sensitive temperatures for food storage and transportation. On top of this, agriculture is incredibly climatically sensitive, something that will pose an increasingly greater problem as climate change creates less and less predictable weather patterns. The US needs a stable food supply, and the challenge of climate change means that that food supply must evolve to be more resilient than ever before. As such, America’s farmers will need all the tools available to them in order to succeed. However, for each problem that the introduction of IoT will help address comes an emergence of an entirely new set of problems. We are facing serious cyber threats to our agricultural system. 

Imagine if a malicious hacker were able to change temperatures in a storage facility without alerting the user, or able to pause the water supply to thousands of acres of wheat without anyone noticing. Greater reliance begets greater vulnerability, and as such, if technology is going to play an increasingly large part of the agricultural infrastructure, the technology must be resilient to all manner of possible attacks. At the moment, the technology is not resilient. The agri-tech systems that are in place are vulnerable to cyber threats and, in some cases, have already been targeted. Fleury Michon, a French agri-food business, was forced to suspend business for 5 days in 2019 when a virus was discovered in their systems. Earlier in 2019, Eurofins, another French agri-food business, was targeted by ransomware, and took a serious hit in their first half of the year profits. The software that helps run Australia’s wool trade faced a ransomware attack this year, shutting down trading for a week. Insurance companies and banks are starting to take notice. Some insurance companies, like HSB, offer agriculture cybersecurity insurance covering “not only customary computers and electronic components located about the farm premises, but on-board drones and farm machinery in the field as well.” Both Fleury Michon and Eurofins recouped some money from insurance after attacks, but that did not cover all the losses. HSBC UK has warned farmers of fraud and phishing attacks (which, surprisingly, commonly target farmers). The above are minor instances that did little more than fiscally punish those who were targeted, but they point to the possibility of attacks of a far greater scale that could do far more than harm their target’s wallets. 

The agriculture sector is waking up to the threat of cyberattacks, but there must be greater understanding and acceptance across the national security and cybersecurity worlds that agriculture should constitute essential infrastructure. Agricultural resilience is integral to maintaining a stable nation and consideration at the highest levels of government as to how we are going to protect it is necessary. The conversation must include everything from ensuring the system security of the technologies being put out into the field, to discussion of rigorous assessment protocols for potential cyber threats and vulnerabilities. This will require consideration of targets and an understanding of the origin of any threats posed. Attacks could come from state or non-state actors, either foreign or domestic. A foreign state actor might hack into sensors to glean information about new GMOs or farming techniques, or even attempt to sabotage weak links in the food supply as a method of discrete retaliation. Non-state actors could range from foreign individuals or small groups looking to extort profit from unsuspecting users, to domestic groups, like environmental hacktivists, taking down a dairy farm in order to forward a political agenda. The greatest danger of this lies in the complex interconnectedness of the agricultural system, which, in the eyes of a savvy attacker, allows for immense leverage of their attacks. The potentially seismic ripples of even a small, but well placed, attack on the system could disrupt large sections of the industry. 

Agriculture cyber threats are not something that the US can afford to wait to address. The farming industry will neither move away from nor slow its integration of tech because smart technology and precision agriculture have allowed them to farm more efficiently, increase output, lower commodity prices. In fact, it is quite the opposite, the industry is already looking forward and realizing that 5G will allow for even more possibilities of integration and bring them increased data and information. 5G will allow for more sensors, for more valuable data to be collected and for faster systems to be developed, but with this will come even more attack vectors. The vulnerability of the agriculture sector is only increasing as 5G is brought to rural farmlands. 

It is vital that we think about, and start to address, the cybersecurity implications of agricultural technology. A good starting point is DHS’ Threats to Precision Agriculture, from their 2018 Public-Private Analytic Exchange program. Identifying attack vectors and scenarios of attack is useful but insights gleaned from such exercises need to find their way into agri-cybersecurity. Agriculture technology should be a part of any discussions on protecting critical infrastructure from cyberattacks originating abroad and domestically.