Agriculture has long been an early adopter of new technologies – farmers have been driving handsfree with autosteer systems for over 25 years – but for all their conveniences, these advancements have also brought new threats. Food and agriculture companies say one of the biggest is cybersecurity, with numerous hacks carried out across the industry in recent years. These cyberattacks that directly target one of the country’s most critical infrastructure sectors pose huge risks to companies and farmers, as well as American society at large.
Special Agent Byron Franz with the Milwaukee Division of the FBI explains that the threat has grown because the “attack surface” continues to grow due to the proliferation of technology through the entire food and agriculture supply chain. And because everyone needs to eat, food and agriculture is classified as one of the 16 “critical infrastructure sectors” by the US government. Meaning that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
Industry leaders and lawmakers alike have begun to pay more attention to the mounting cybersecurity threats to the sector, particularly after some unnerving attacks in recent years. One of the biggest occurred in March of 2021 when a ransomware attack against meat giant JBS temporarily shut down all the company’s US beef facilities. The attach interrupted production at JBS plants across the country that were responsible for 20% of processed pork and 25% of processed beef, which had a domino effect across the entire meat sector. JBS’s chicken subsidiary, Pilgrim’s Pride, was also impacted. In the end, JBS reportedly paid an $11 million ransom to free their systems. Some forty additional attacks on food producers occurred in the twelve months following the JBS attack.
In June, the US Federal Bureau of Investigations (FBI) hosted a symposium focused on threats to food and agriculture in Nebraska. Gene Kowel, special agent in charge of the FBI’s Omaha Field Office, said that agriculture’s growing use of technology has increased the risks to that sector, whether from criminals, terrorists, or hostile foreign countries. Kowel says there are four main threats:
Malicious Cyber Activity: This can include ransomware attacks or other malicious software that can shut down agricultural operations, which can be especially harmful during critical planting and harvesting periods. Theft of Data or Technology: Kowel points to China in particular, which he says is advancing its technological abilities by stealing from other countries.Cyber Hijacking: This threat comes from countries, criminals, or terrorists trying to take control of agricultural processes, whether to stop production, alter production, manipulate markets or to have an ecological effect.Bioterrorism: Also known as bio-warfare, this threat includes diseases or toxic agents used by criminals or hostile foreign agents to target food production.
Kowel urges farmers and agribusinesses to prioritize data backups, and implement tougher security measures like two-step authentication. He also believes having a partnership such as with the FBI or the Department of Homeland Security is critical, particularly for large producers. “I don’t think people want to wait until there’s an incident and then try to educate themselves,” Kowel said, such as learning basic cyber-hygiene steps as soon as possible.
Nebraska Farm Bureau President Mark McHargue adds that though the FBI might be the first entity people think of calling, it can be a valuable resource. “We shouldn’t be afraid to reach out to the entities that are there to protect us,” adding, ““They can’t protect us if we’re not sharing information with them.” Bottom line, if farmers or businesses suspect they’ve been hacked, they should call law enforcement of some kind immediately.
The US Cybersecurity and Infrastructure Security Agency (CISA) has an array of free resources and tools to help stakeholders up their defenses and overall knowledge HERE. You can also find a slew of information and cybersecurity solutions at Cybersecurity Guide HERE. (Sources: Nebraska Examiner, Wired, Just Food, Cybersecurity Guide)