Photo By: Getty Images
By: Alexander Begej, Columnist
Precision Agriculture (PA) is a growing practice that is transforming labor-intensive farms into data generating hubs. Although it aims to maximize crop yield and save on time and labor, it simultaneously widens the agriculture industry’s vulnerabilities to cyber threats from criminals and nation states alike.
The Precision Agriculture Trend
PA integrates agricultural practices with computer technology to generate big data on farming and improve the productivity, quality, and yield of crop.[i] A variety of Internet of Things (IoT) devices [automated equipment, global positioning systems, soil/water sensors etc.] generate big data on crop behavior. These IoT devices are interconnected with software and third party applications designed to present actionable information to decision makers. Farmers are then able to purchase the optimal seed variety, plant at the ideal location, depth, and spacing, apply the right pesticide, in the right area, for the right duration, at the right time, in an effort to maximize crop yield and save on time and labor.
A similar practice is being applied to the precision livestock production. By monitoring breathing patterns, heart rates, weight gain, etc., farmers are able to observe behavior, detect stress, analyze sound, and records cows’ movements to aid in disease detection and maximize the health of each individual in cattle in the herd. [i]
The industry has seen great success prompting the practice to grow throughout the industry. The global Precision Agriculture market reached a value of US$ 4.8 Billion in 2017 and is expected to reach $10.23 billion by 2025, [ii] while the international market for similar livestock technology is expected to double in the next decade. [iii] Furthermore, government incentives and subsidies towards increasing the productivity and conserving the environment are expected to catalyze the demand for precision agriculture and truly allow the practice to skyrocket.[iv] Although the labor-intensive industry sector is transforming into an IoT and data oriented industry, cyber security measures have yet to evolve beyond a basic level. According to a Department of Homeland Security research group, front-line agriculture producers often do not understand the cyber threats to their industry while others are not treating the threats seriously. [v] This dramatically increases the attack space available to potential threat actors.
The Criminal Threat
Precision agriculture farms are particularly attractive targets for cyber criminals as many PA farm laborers are untrained in cyber security practices. After gaining access to the network, it is likely cyber criminals will aim to profit through two avenues. First, ransomware will be particularly effective because farmers must ensure the integrity of their crops. In 2017, a Barkley report found that a typical company fallen victim to a ransomware attack suffers the greatest loss in the form of “enforced employee idleness as wrecked networks and dysfunctional computers provide no means to actually do work”. [vi] For an agricultural firm, such a disruption during harvesting season would dramatically weaken seasonal crop yields, causing significant financial damage to farmers. It is likely farmers would adhere to the attacker’s demands rather than risk an entire season’s harvest.
Second, exfiltration of confidential data will also be a useful source of revenue for cybercriminals. Precision Agriculture requires a significant upfront investment in equipment, software, and data analysis personnel, all of which provide optimal tools, techniques, and insights. [vii] Through successful phishing techniques, cyber criminals will acquire data on best farming practices as well as confidential market information, such as the terms of contract negotiations, and sell them to competing farms on the open market. The unscrupulous sale of confidential data would cause serious impact, as it would destroy trust, reduce revenues, and damage business relationships.
The Foreign Threat
In addition, foreign governments may be interested in infiltrating the American agriculture industry by perverting firmware in the supply chain. In October, Bloomberg published an article claiming China used a tiny chip to infiltrate U.S. companies including Amazon and Apple. [viii] A similar concern is could pose a threat to the precision industry as foreign-built agricultural equipment could have built-in firmware that can allow foreign entities to exercise control over equipment and shut down systems during critical planting and harvesting windows. In a more likely scenario, а foreign government could exfiltrate crop yield data to create potentially actionable intelligence useful in trade negotiations.
The Fix Is Simple
Despite the fact that the agriculture industry is listed as one of the Department of Homeland Security 17 critical infrastructures sectors, precision farmers have yet to implement adequate cyber security measures. Precision farmers should learn from cyber security measures implemented by other industries and adopt generally accepted mitigation techniques and implement a comprehensive cyber security strategy. Specifically, 1) constructing secure configurations for network devices such as firewalls, routers, and switches, 2) regular red-team penetration tests and remediation efforts, and 3) establishing controlled levels of access on a need-to know basis.
Although basic cyber security measures will do little to prevent sophisticated state actors from penetrating PA firms, they will build network resilience against the more likely threat, profit seeking cyber criminals.
[i] The remainder of the paragraph is based on the following report: “Threats to Precision Agriculture”, Department of Homeland Security, 3 October 2018. https://www.uscert.
gov/ncas/current-activity/2018/10/03/Cybersecurity-Threats-Precision-Agriculture
[ii] “Precision Agriculture Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2018-2023”, IMARC Group, June 2018. https://www.researchandmarkets.com/research/46wxdl/global_precision?w=5
[iii] Schimmelpfennig, David, “Farm Profits and Adoption of Precision Agriculture”, United States Department of Agriculture, July 2016.
https://www.ers.usda.gov/webdocs/publications/80326/err217_summary.pdf?v=0
[iv] “Precision Agriculture Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2018-2023″, IMARC Group, June 2018.
https://www.researchandmarkets.com/research/46wxdl/global_precision?w=5
[v] “Threats to Precision Agriculture”, Department of Homeland Security, 3 October 2018.
https://www.us-cert.gov/ncas/current-activity/2018/10/03/Cybersecurity-Threats-
Precision-Agriculture
[vi] “The True Cost of Ransomware”, Barkley, September 2017.
https://www.barkly.com/true-cost-of-ransomware
[vii] “Precision Agriculture Adoption and Profitability”, University of Nebraska, 21 June 2017. https://agecon.unl.edu/cornhusker-economics/2017/precision-agriculture-adoption-profitability
[viii] Robertson, Jordan; Riley Michael, “The Big Hack”, Bloomberg Businessweek, 7 October 2018. https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies