As we close out National Cybersecurity Month (October), many eyes (and stomachs) might be looking toward Thanksgiving, which makes this a perfect time to bridge cybersecurity and food. Ag tech adoption on large farms (farms with 5,000 acres or more) is about 80%. And large farms account for more than 40% of farmed acres in the United States. As ag embraces more broadband-enabled applications for plant and animal farming, the potential threat to the ag industry increases. Vulnerable gateways may exist at sensors, cloud-based systems and autonomous equipment. Adversarial or even unintentional interference can cause wide-reaching impacts that can affect national food supplies. “Agroterrorism” is a defined threat. Consider the following:
- In 2020, one of the largest temperature-controlled supply chain companies was hit by a ransomware attack that shut down its network. The company canceled all the inbound deliveries for a week and only allowed critical outbounds of the food products, which were close to expiring.
- In 2021, a U.S. farm was hit by an adversarial attack that shut down farming operations, causing a $9 million loss.
- In 2021, a ransomware attack against JBS Foods shut down U.S. based meat plants, causing nationwide price spikes of 25%.
- In 2021, Crystal Valley, a supply and grain cooperative in Minnesota and Iowa, could not mix fertilizers or fulfill livestock orders following a ransomware attack that blocked the company’s ability to accept credit card payments.
- In 2021, Schreiber Foods, a dairy producer, was hit with a demand for a $2.5 million ransom that affected cream cheese supplies at the height of the holiday backing season.
In 2023, food and agriculture ranked No. 7 among 11 industries tracked by an ag information sharing and analysis center (ISAC), representing 5.5% of total ransomware attacks (critical manufacturing and financial services were 15.5% and 12.4%, respectively). The USDA Agricultural Marketing Service (AMS) recently asked, “What roles should the USDA AMS play in helping defend critical infrastructure and ensure viable supply chains in the U.S. grain industry?” The USDA warns, “An attack during peak seasons could significantly disrupt the supply of essential goods such as seeds and fertilizers, thereby affecting planting schedules and, ultimately, the supply chain.”
Other agencies as well as Congress are taking steps. The FCC recently adopted voluntary industry standards for IoT cybersecurity labeling. This framework creates an IoT labeling program that relies on public, private and academic sector partners. In Congress, Brad Finstad (R-Minn.) and Elissa Slotkin (D-Mich.) introduced the Farm and Food Cybersecurity Act (H.R. 7062) to build cybersecurity protections for the nation’s food system. The bill would require the Secretary of Agriculture to conduct a biannual study of threats and vulnerabilities, and to coordinate with the Departments of Homeland Security, Health and Human Services and the Director of National Intelligence to conduct simulation exercises of cyber-related emergencies and disruptions.
Fortunately, protection against ag threats is not a black box. Rather, it contemplates the measures all users should implement when guarding their data, including but not limited to: Update software and patch regularly; create complex passwords, do not rely on default passwords, and change passwords regularly; vet cloud service security protocols; build a team that is committed to cyber security no less than they are committed to premises or equipment security – you wouldn’t leave a quarter-million dollar tractor unsecured; investigate cybersecurity insurance.
With the right steps, farmers and producers can work with cybersecurity pros to better protect the nation’s food supply.