Cyber Threats Are A Real Threat To Modern Agriculture’s Expanding Digital Infrastructure

A malicious cyberattack in late May 2021 forced the shutdown of all of JBS’ beef plants and many of its pork and poultry plants. This attack on the world’s largest meat processor spotlighted the vulnerability of another critical American industry. This time, agriculture was the target.

According to the Harvard Business Review, the amount that companies paid to hackers grew by 300% in 2020. In the first 10 months of 2021, just six ransomware groups were responsible for breaching the cybersecurity defenses of 292 organizations. From those attacks, these criminal organizations had tallied up more than $45 million in ransom money.

Of all the cyberattacks and ransomware attacks in 2021, the breach of Colonial Pipeline in late April had the most news coverage. A ransomware group known as DarkSide with ties to Russia was responsible for the attack that shut down 5,500 miles of pipe and halted the flow of countless barrels of gasoline, diesel and jet fuel from the Gulf Coast to the Eastern Seaboard. To avoid further disruption, Colonial Pipeline eventually gave in to the ransomware group’s demands and paid the group $4.4 million in bitcoin. 

Agriculture Is An Easy Target

Experts warn that as an industry, agriculture has a very soft digital underbelly that’s easily breached due to very limited investment in cybersecurity to date.

For an industry that is betting the farm on becoming increasingly digitally connected and automated, this should set off alarm bells in all sectors and all levels of agriculture—from the back 40 to the halls of Congress. As more devices are hooked up to networks and more tasks are turned over to automation, the opportunity and potential reward for cyberattackers will only grow exponentially during the next several years. 

According to Vantage Market Research, the size of the global agricultural robot market is expected to reach $15.93 billion by 2028. That’s up from $3.63 billion in 2020 and represents a compound annual growth rate of 20.31% during the forecast period—2021 to 2028. 

A private industry notification issued by the FBI’s cyber division on Sept. 1 listed five major attacks that occurred in the food sector since November 2020. The list included everything from a bakery company to a well-known beverage company to a large farming operation. Two more attacks—on grain co-ops, Iowa’s NEW Cooperative and Minnesota’s Crystal Valley—came less than a month after the FBI’s warning. 

As with many of these “events,” the aftermath involves plenty of finger-pointing. In the fallout of the JBS attack, a good deal of blame was shifted on the government for not creating cybersecurity guidelines and compliance mandates for agriculture. 

Sens. Chuck Grassley and Joni Ernst from Iowa recently went to the floor of the Senate to stress that more must be done related to cybersecurity within agriculture. They advocated: “Agricultural security is national security.” 

It is foolish to think government alone can fix the issue or prevent future attacks. But, government can develop guidelines and performance goals. One of the first things that could be done is to adopt standards related to manufacturing automation equipment that is secure by design. IoT devices need to have additional security measures before they are deployed to the field. Because of the lack of a law, both the users and manufacturers blame each other for not adopting even minimum security measures for these pieces of equipment. This issue has become a significant cybersecurity liability.

What you can do

The rest of us must become increasingly aware and vigilant in fighting this war. Pardon the pun, but one could “lose the farm” because of an unforeseen cyberattack. Whether you are a CEO of a multilocation co-op or an individual farmer who has connected your operations and data to the “cloud,” you are a target, and this threat is not going to go away.