SoS Musings #68 - Farmers Beware of Cyberattacks

SoS Musings #68 -

Farmers Beware of Cyberattacks

In order to improve operational efficiency and reduce the amount of work required to feed a growing population, farmers must increasingly rely on agriculture technology. However, significant challenges are associated with the increasing adoption of such technology, such as the elevated risk of cyberattacks. In recent years, added reliance on agriculture technology has been accompanied by cybercriminal activity targeting the Food and Agriculture sector. Typically, large companies are the most vulnerable, but the increasing digitalization of Small and Medium-sized Enterprises (SMEs) makes them targets as well. For example, the Federal Bureau of Investigation (FBI), issued a Private Industry Notification (PIN) on September 1, 2021, warning of cybercriminals executing ransomware attacks against the Food and Agriculture sector in order to disrupt operations, cause financial loss, and negatively impact the food supply chain. In addition to large producers, processors, and manufacturers, small farms may be impacted by ransomware attacks. In a sector that is increasingly reliant on smart technologies, Industrial Control Systems (ICS), and Internet-based automation systems, cybercriminals are exploiting network vulnerabilities to steal data and encrypt systems. Businesses in the food and agriculture industries that fall prey to cyberattacks such as ransomware can incur enormous financial losses due to ransom payments, lost productivity, and cleanup expenses. The FBI pointed out that such cyberattacks could also result in the loss of proprietary information and Personally Identifiable Information (PII), as well as reputational damage for businesses in the Food and Agriculture sector. Such potential impacts call for increased vigilance, research, and development regarding cyberattacks targeting farms.

Farmers and the food supply chain are at risk of attacks. The FBI cited a ransomware attack against a US farm in 2021 that resulted in around $9 million in losses due to the temporary shutdown of its farming activities. By getting administrator-level access via compromised credentials, the unidentified threat actor was able to target the farm's internal servers. In another incident, as the US farm belt prepared for harvest, the Iowa-based farm services company NEW Cooperative Inc. was forced to take its systems offline to contain a cyberattack. The cooperative runs grain storage elevators in the leading corn-producing state in the US, purchases crops from farmers, provides fertilizer and other chemicals required to grow crops, and has technology platforms that offer farmers agronomic advice on how to maximize harvests. According to an analysis conducted by researchers at the University of Cambridge in England, automatic crop sprayers, robotic harvesters, and other farming technology are vulnerable to hacking due to farmers' use of Artificial Intelligence (AI). The report warns that the application of AI in agriculture presents farms, farmers, and food security with potential risks that are poorly understood and often overlooked. The researchers state that despite the promise of AI for enhancing crop management and agricultural productivity, potential risks must be addressed responsibly, and new technologies must be properly tested in experimental settings to ensure their safety and security against accidental failures, unintended consequences, and cyberattacks. In their research, the authors pointed to risks that must be taken into account when developing and implementing AI for agriculture, as well as methods for mitigating them. They warn that malicious actors could disrupt commercial farms using AI by poisoning data sets, shutting down sprayers, and more. In order to prevent this, they recommend that 'white hat hackers' help farms in the identification of any security flaws during the development phase.

Researchers at the University of Guelph (UG) in Ontario, Canada are working on making smart farming more secure. According to these researchers, expansive farmland is particularly vulnerable to cyberattacks, attacks on data privacy, and unethical data use. Dr. Rozita Dara, a professor at the university's College of Engineering and Physical Sciences, calls on technology providers, governments, and farmers to be aware of the risk associated with cyberattacks and data misuse posed by the increasing prevalence of smart farming technologies. Together with UG food experts and other academics from the university's School of Computer Science (SCS), Dara has issued a number of publications on big data privacy and smart farm information processing. Dara and her team from the Data Management and Privacy Governance Lab noted in a paper that smart farming systems collect data on everything from soil nutrition and irrigation to livestock and poultry monitoring using a variety of sensors. These technologies employ Machine Learning (ML) and data mining to assess this information and help farmers in improving their agricultural operations. Dara emphasized that these information systems are a benefit for farmers, but without sufficient security and privacy, the acquired, stored, transferred, and used data may become vulnerable to attack. The researchers suggest standardizing devices, assessing trust among farmers, tech providers, and other parties, establishing legislative frameworks to outline responsibility and accountability, and studying the usage of secure platforms such as blockchain to manage transactions. According to Dara, makers of agriculture technology should increase efforts to protect data and ensure its responsible use. In addition to facilitating the formation of robust collaborations between supply chain stakeholders, the government can encourage new and creative business models and regulatory frameworks. Dara and her team proposed a smart farming platform to connect, process, and use farm data. A related challenge faced by farmers is the diversity of agricultural data collected by numerous technologies, such as sensor networks, weather stations, cameras, and mobile phones. The proposed platform would enable data sharing and interoperability, reliable data-driven systems, scalability, and real-time data processing, while also providing enhanced security and privacy.

Dr. Ali Dehghantanha's Cyber Science Lab, which is part of the SCS within UG's College of Engineering and Physical Sciences, is aimed at investigating the increasing number of cyberattacks against farm networks. In addition to helping farmers in combating hackers, Dehghantanha wants his research to assist producers in preventing such attacks and encourage governments to establish data security guidelines for the agriculture industry. His research team has collaborated with UG food specialists on studies of smart farming and cyber threats, including a 2022 survey of wireless technologies on farms. With increasing food consumption, urbanization, and climate change, food insecurity is a major global problem, according to Dehghantanha. Producers are increasingly utilizing smart farming and precision agricultural technology to grow and raise more food while decreasing environmental impacts and waste from fertilizers and pesticides. All of these interconnected sensors, smart meters, cameras, and other devices raise farmers' vulnerability to data theft and potential cyberattacks. His study explores the current technologies employed on farms, as well as flaws and possible cyberattack strategies in the agricultural sector. He stated that the level of cybersecurity protection in agriculture ranges from nonexistent to inadequate. According to Dehghantanha, in order to maintain on-farm security, farmers must ensure that their technology can fend off three primary kinds of threats. Cybercriminals deploying ransomware to effectively lock digital systems and demand a ransom from the producer constitute one threat. Hackers stealing proprietary information on production rates, greenhouse temperatures, animal feeding regimens, and supply chains is another threat. State-sponsored hackers attempting to disrupt or manipulate network systems continue to pose the most significant and growing threat. About once a month, farmers or security firms contact his team of digital investigators for assistance in tracing potential cyberattacks on agricultural networks, further emphasizing the need to help farmers bolster defenses.

Dehghantanha and his group are developing tools and procedures for detecting, analyzing, and responding to cyberattacks on smart farming systems. They itemized the security aspects of smart farming and precision agriculture, then reviewed the types of cyberattacks that can compromise each of these aspects. They provided a taxonomy of cyber threats to smart farming and precision agriculture based on their relationships to the different steps of the Cyber-Kill Chain (CKC), opting to further examine Advanced Persistent Threats (APTs). The team examined potential risk mitigation techniques and countermeasures, and developed a roadmap for future research in this field. The primary contribution of this work is a classification of security threats within the smart farming and precision agriculture domains and a taxonomy of security threats for smart farming settings, allowing the detection of APT attack behavior and any other security threat within such environments.

A team of researchers at the University of Nebraska is working on improving cybersecurity for agricultural machinery and technology. Santosh Pitla, associate professor of advanced machinery systems at the University of Nebraska–Lincoln (UNL), assembled team members from the UNL and the University of Nebraska at Omaha (UNO) campuses for a project examining the security and hackability of autonomous farm vehicles. George Grispos, an assistant professor of cybersecurity at UNO and member of the team, stated that the emergence of precision farming comes in conjunction with a period of significant disruption in the global supply chain, as the number of foreign and domestic hackers able to exploit this technology continues to rise. Grispos stated that the integration of automated technologies into farm equipment could leave even small farm operations open to cyberattacks. Mark Freyhof, another member of the research team, used Flex-Ro as a case study of cybersecurity intrusions on agricultural equipment. Flex-Ro is a remotely controlled or autonomously operated agricultural robot. Freyhof chose to develop a testbed to explore various Flex-Ro machine systems instead of performing potentially destructive testing on the machine itself. The Security Test Bed for Agricultural Vehicles and Environments (STAVE) was a valuable instrument for analyzing Flex-Ro's cybersecurity vulnerabilities, with Pitla having stated that it offers promise for future research into the cybersecurity of agricultural machinery. Their research further demonstrates that intelligent equipment or an autonomous machine with a large number of computers, sensors, and AI can be advantageous, but if it has an insecure cybersecurity link, all that intelligence is useless.

Cyberattacks on the farming industry have the potential to disrupt the supply chain and impact food security. To protect our food supply, it is necessary to develop and disseminate further information, raise awareness about the importance of protecting technology in the agriculture industry, and provide farmers with tools to identify and mitigate vulnerabilities.