by Heidi Heitkamp, Former U.S. Senator, Attorney General, and Tax Commissioner for North Dakota; alliantgroup Director of Agriculture and
Rick Lazio, Former U.S. Congressman and SVP at alliantgroup
If you have any questions about this article, please send us a message.
To the Editor:
Farmers in the U.S. have been attacked in the last year by what some consider an unlikely foe: cyber-criminals (https://www.govtech.com/…).
American agricultural businesses recently saw six significant ransomware attacks on grain cooperatives, while a separate ransomware attack (https://www.bleepingcomputer.com/…) hit a multi-state grain company, and JBS, one of the world’s largest meat processing companies, paid out an $11 million ransom (https://www.bbc.com/…) to rid itself of cyber-criminals that had seized up their systems.
These cyber-attacks are perpetrated by sophisticated criminals who tap into many of the technologies used by American farmers such as field sensors and equipment software, and these events are becoming more pronounced.
In fact, the amount of attacks on American farmers escalated to the point that the Federal Bureau of Investigation (FBI) recently issued a warning (https://www.malwarebytes.com/…) to those in the industry stating that agricultural businesses need to shore up their cyber-defenses because the question of the next cybersecurity event won’t be if, but when.
LOOMING CYBERSECURITY THREATS TO AGRICULTURE
“Since 2021, multiple agricultural cooperatives have been impacted by a variety of ransomware variants,” the FBI’s Private Industry Notification states. “Initial intrusion vectors included known but unpatched common vulnerabilities and exploits and secondary infections from the exploitation of shared network resources or compromise of managed services.”
Because the work done by those in the agriculture industry is both data-driven and incredibly time-sensitive, given narrow windows for planting and harvest times, the FBI warned that American farmers are particularly vulnerable. This warning comes at a time when an adversarial Russia is continuing to wreak havoc on Ukraine, leaving vulnerable a critical component of the world’s food supply chain and making cybersecurity in the industry an imperative.
To that end, those working in the American agriculture industry need to heavily prioritize a defense-oriented mindset when it comes to cyber-threats for the industry to remain a dominant force across the globe.
These cyber-attacks not only hit hard but come in a variety of forms. In most cases, both administrative and production functions are brought to a halt during a cyber-attack.
Cyber-criminals have also garnered access to ag business’s computer systems to collect personal information. Regardless of the method used, be it a ransomware attack or the like, business owners in the agriculture industry have been left at the attacker’s mercy, while some haven’t survived the blow.
To that end, Americans working in the agriculture sector need to take the time to understand the risks posed by cyber-attacks. With many in the industry working with razor-thin profit margins, however, the costs of cybersecurity measures can be a tough sell. So, what can be done to batten down the hatches?
There are a few simple tactics that agriculture businesses can implement right away. Employee training that focuses on avoiding cyber-traps like phishing schemes, as well as multifactor authentication and complex software passwords should be the baseline.
But given the new uses (https://www.bbc.com/…) for drones, automated harvesters and crop sprayers, and other machines, American farmers should also look into cyber liability insurance (https://www.dtnpf.com/…) or seek an outside consultant to help integrate effective cybersecurity measures into their day to day operations.
Regarding any cyber liability insurance policy, it is important for American agriculture businesses to review the scope of the insurance. Often these policies already require the insured to have certain “best cybersecurity practices” in place before a policy is issued.
The U.S. Congress should also consider incentives for those in the industry who have taken it upon themselves to bolster their cybersecurity defenses. Senators Chuck Grassley and Joni Ernst have gone on the record (https://www.agweb.com/…) as saying, “Agricultural security is national security.”
If the expectation is that these businesses invest in protections that ultimately could protect the homeland, there should be some consideration given to tax or other business incentives that would help ease the cost burden.
MODERNIZING OUTDATED TECHNOLOGIES
Farmers in the U.S. have already begun to lean into a tech-savvy era (https://www.nifa.usda.gov/….), with the Internet of Things (“IoT”) and Artificial Intelligence (“AI”) and cloud computing playing a key role in the industry.
From automated grain harvesters to temperature and moister sensors and aerial images to monitor crops, the American farm has transformed in recent years for the better, but that transformation does not come without vulnerabilities.
Farmers must realize that the industry is not one of solely manual labor any longer. In fact, statistics show that the global agricultural robot market (https://www.agweb.com/…) is likely to reach approximately $16 billion by 2028. With these new technologies there is a significant risk that stored data, or operations as a whole, can be held hostage.
Sick Codes, a security research firm, recently jailbroke a John Deere tractor (https://www.fierceelectronics.com/…) at DefCon in August, allowing the team to take control of the tractor model through its display.
Kyle Wiens, the CEO of iFixit and a “right-to-repair” advocate, witnessed the event and commented, “Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems.”
In short, combating the growing threat of cyber-attacks is an urgent need and will require an industry-wide effort.
CYBERSECURITY AS A KEY FOCUS
Agriculture giants like John Deere have acknowledged (https://www.bbc.com/…) the growing threat that farmers face and are working to fix any vulnerabilities in its software. In addition, University programs, including a “Security Testbed for Agricultural Vehicles and Environments” or “STAVE” (https://www.unomaha.edu/…) at the University of Nebraska-Omaha, are also working to research vulnerabilities in the agriculture industry to help prevent the next cyber-attack.
However, in the end, it will take those businesses actually planting and harvesting the crop making cybersecurity a key focus in the next several years for the true impact to be seen. And that focus should start today.
About the Author
Heidi Heitkamp represented North Dakota from 2013 to 2019 and was the first woman ever elected to represent the state as a U.S. Senator. Heitkamp has demonstrated her passion for economic development by spearheading the strategic development of our country’s renewable energies and the passage of two long-term, comprehensive Farm Bills. She was also on the Senate Committee on Homeland Security and Governmental Affairs, the Committee on Agriculture, Nutrition and Forestry, as well as the Committee on Banking, Housing and Urban Affairs. Heidi’s broad background in public service will surely enhance our ability to advise on how we can best serve our clients across a variety of industries.
About the Author
Rick Lazio is a former U.S. Representative from New York serving in Congress from 1993-2001. While there, he became a strong advocate for small businesses by sponsoring the successful Small Business Tax Fairness Act. After Congress, Rick moved to the private sector working for JP Morgan Chase as a Managing Director and then Executive Vice President. Rick is committed to his continued interest and support of small to mid-sized businesses by brokering his insight and experience in the public and private sectors to provide strong incentives for job growth. This interest has extended into his civic and philanthropic work in New York with the Committee for Economic Development and the Association for a Better New York.