Gone are the days of the lone farmer on a tractor sprinkling seeds into the ground. “More and more farms today are sprawling commercial operations owned by corporate giants, and computers have become as important to planting as fertilizer,” says Dave Jenkins, a cybersecurity specialist based in Des Moines, Iowa, who advises agricultural clients.
Agricultural interests, for example, are increasingly turning to IoT devices to help deliver everything from pesticides to feed, even on the smallest family farms.
“The transformation of farming into ‘smart farming’ has helped increase efficiencies enormously but has also created more and more attack vectors,” Jenkins points out.
Increased exposure drives rise in cyber threats
Attack vectors, if breached, can lead to chilling results for farmers, cautions Ali Dehghantanha, a researcher at the University of Guelph, who recently wrote a research paper about the vulnerability of the agriculture sector to cyberattacks.
“IoT-based technologies create new cybersecurity vulnerabilities and cyber-threats, which can be exploited to control on-field actuators, sensors, and autonomous vehicles such as tractors, drones, sprayers, and planters, as well as related databases and applications. A cyberattack could have severe consequences on a farm,” warns Dehghantanha.
Dehghantanha says security is a highly challenging aspect of smart farming due to the different properties of IoT devices, including heterogeneity, mobility, and resource limitations. “This exposes smart farming to a broad range of cyber-threats.” Added to the threat level in the agricultural industry is that cybersecurity spending lags far behind other industries that have hardened their defenses in the past decade.
Spending on cybersecurity in smart agriculture accounts for only about three percent of total cybersecurity spending in North America, far outpaced by expenditures for security in other applications from finance to health care Dehghantanha writes.
Problems are rooted in agricultural origins
“The level of cybersecurity protection in agriculture is minimal to non-existent,” reports Jenkins. “The agricultural sector is a soft underbelly from a cybersecurity point of view.”
He says that the problem of lax cybersecurity can be traced to the origins of agriculture.
While many of today’s farms are owned by corporate giants, they didn’t begin that way. Fifty years ago, there were far more family farms, and historically, those farms have emphasized agriculture expertise, not IT skills.
“So, from the smallest family farms to the biggest corporate farmers, cybersecurity concerns have generally been put on the back burner, and that needs to change,” advises Jenkins. He adds this looming cybersecurity threat on the farm, combined with the lack of IT skills found on most farms, presents a major opportunity for MSPs.
“MSPs are well-positioned to offer agricultural interests a suite of cybersecurity and IT services that they probably need but don’t realize they need,” Jenkins says. “Most farms simply don’t have the specialization needed in cybersecurity.”
Next steps for MSPs and their agricultural interests
Agricultural vocational programs at the high school and college level are beginning to incorporate basic cybersecurity into the curriculum. “But the benefit from that is still years away,” Jenkins says.
In the meantime, Dehghantanha advises that there are some steps farming interests can take to secure their cyber perimeters.
Farmers need to ensure their technology can ward off three main threats. One threat comes from cybercriminals using ransomware to effectively lock up digital systems and demand a ransom payment from the producer. The second, involves hackers stealing confidential information from production rates and greenhouse temperatures to animal feeding schedules and supply chains. Those hackers then sell that data to clients, including competitors.
Dehghantanha also points out that the most dangerous threat that continues to grow is posed by state-sponsored hackers aiming to help disrupt or control network systems. Interrupting farm supply chains, for instance, may mean farmers lose crops and ultimately lose time and money in replacing them.
“Any infrastructure disruption could cause disruption of the supply chain and affect food security,” Dehghantanha warns.
Jenkins agrees that a state-sponsored attack is the “doomsday scenario.”
“There are few easier ways to sow panic in a populace than to go after the food supply and there are so many weak cybersecurity links that it would just take one successful attack on even a bit player in the whole ecosystem to bring down the whole food supply,” Jenkins says.
He adds the problem runs deeper than simply offering standard advice about MFA and firewalls for farmers.
“The challenge in the agriculture industry isn’t just about the actual cybersecurity, but also the mindset that cybersecurity isn’t important. But we are in 2022, and IoT is here to stay, making cybersecurity just as important to a farmer as fertilizer and feeding schedules. Most of them just don’t realize it yet,” Jenkins says, adding that for MSPs, there is a chance to harvest and cultivate new customers in the Agri-space, but persuading those in this vertical that it is a necessary expense is the challenge.
Photo: Fotokostic / Shutterstock