“Food safety” might commonly be interpreted as, “Get that poultry to 165 degrees” or, “Don’t leave the potato salad in the sun.” But the increasing use of Internet of Things (IoT) and other technology in agricultural production expands the imperative to consider cyber safety, as well. Ag tech includes applications for crops, livestock, dairy and poultry, and opens the door to potential threats including data injection (the falsification of real-time data is falsified to prompt harmful incorrect reactions), theft of trade secrets and intrusion of financial data. Vulnerable gateways may exist at sensors, cloud-based systems and remote-control equipment. Adversarial or even unintentional interference can compromise the security and integrity of critical farm data and the national food chain. Threats to national food supplies and, consequently, national security are referred to as “agroterrorism.”
This is not a new issue; we discussed it previously in this Smart Rural Community paper on ag tech. Sensors in crop and animal farming can be manipulated to skew planting, feeding and harvest cycles, while irrigation systems can be compromised to under- or over-irrigate fields and orchards. The USDA Agricultural Marketing Service (AMS) has taken notice of these threats. In a recent release, it asked, “What roles should the USDA AMS play in helping defend critical infrastructure and ensure viable supply chains in the U.S. grain industry?” Food-Ag ISAC reports that in 2023, food and agriculture ranked seventh among 11 industries, representing 5.5% of total ransomware attacks (critical manufacturing and financial services were 15.5% and 12.4%, respectively). USDA warns, “An attack during peak seasons could significantly disrupt the supply of essential goods such as seeds and fertilizers, thereby affecting planting schedules and, ultimately, the supply chain.”
For better or for worse, infiltration of critical networks has already been addressed, including potential improper access by foreign actors in both general telecommunications and ag focused applications. The FCC is currently implementing the Secure and Trusted Communications Networks Act of 2019 (“Rip and Replace”), which is intended to prevent the use of equipment and services that pose a national security risk in U.S. networks. And on the consumer side, the commission recently adopted voluntary industry standards for IoT cybersecurity labeling. This framework creates an IoT labeling program that relies on public, private and academic sector partners. On Capitol Hill, Brad Finstad (R-Minn.) and Elissa Slotkin (D-Mich.) introduced the Farm and Food Cybersecurity Act (H.R. 7062) to fortify cybersecurity protections for the nation’s food system. The bill would require the Secretary of Agriculture to conduct a biannual study of threats and vulnerabilities, and to coordinate with Homeland Security, Health and Human Services and the Director of National Intelligence to conduct simulation exercises of cyber-related emergencies and disruptions. Together, these efforts offer framework strategies for ag tech security efforts. And, as ag tech adoption increases, these measures will be even more important as bad actors scope for vulnerabilities.
Cybersecurity experts and rural ISPs will play critical roles helping farmers (especially small farmers) implement these critical solutions to protect the food growth and production chain, leaving food safety concerns to the familiar realms of refrigeration, cooking temperatures and direct sunlight.