All of these new technologies rely on a secure Internet to perform properly, and any disruption to even one device could trigger a domino effect, adversely impacting farm production and potentially jeopardizing the entire U.S. food supply.
Consider these potentially devastating scenarios, some of which have already occurred, according to the DHS report:
- A cyber “hacktivist” opposed to the use of antibiotics in beef steals herd data collected to monitor and manage the health of livestock. The hacker modifies the data to make it appear that the herds have been infected with foot-and-mouth disease and posts this information on the Internet. To prove that his herd is not infected, the farmer will have to inspect all cattle in the affected herds to verify that foot-and-mouth has not occurred. Disseminating such fake data also could have widespread repercussions throughout the livestock industry.
- A farmer plants hundreds of acres of corn across multiple counties and uses remote weather stations with soil moisture sensors connected to smart watering systems to feed a subsurface drip irrigation system. If one or more of the soil moisture sensors is maliciously hacked, and the sensor indicates that watering is continuously needed when it is not, the automated watering system could flood the fields.
- Just before planting, a farmer receives a software patch for his precision planting equipment containing a virus that interferes with the planter’s precision capabilities but leaves the mechanical tractor operational. The equipment had been programmed to meticulously plant 40,000 corn seeds per acre. The farmer must decide whether to suspend planting until his precision capability is restored, possibly missing the entire planting window, or fall back on manual row planting that could cut his yield in half because of its lack of accuracy.
- Hundreds of farmers purchase diagnostic software on an online marketplace to jailbreak their tractors and sprayers so they can conduct diagnostic work on-site rather than take their equipment to a dealer for service. What the farmers don’t know is that this is pirated software infected with malware that paralyzes the equipment unless they pay a ransom to release it.
- The temperature sensors in a meat processing plant are manipulated by a hacker, allowing food products to be stored at less than optimal temperatures, leading to enhanced risk of bacterial contamination. If unnoticed by the meat processor, the contaminated meat could end up on grocery store shelves and be purchased by consumers who become ill and litigate.
Fortunately, there are some steps that food processing and agriculture businesses can take to improve cybersecurity and mitigate any damage that might occur in the event of a cyberattack or system failure. Certain cybersecurity “best practices” have been developed in response to experiences in other industry sectors that preceded agribusiness in embracing the digital revolution.
Some best practices include:
- Take an inventory all authorized and unauthorized devices and software.
- Implement email and web browser protections.
- Limit and control network ports, protocols and services.
- Establish levels of access for authorized users.
- Separate operational technologies from business operations.
- Back up data externally so that it can be protected and restored on primary systems.
- Formulate an incident response plan and test it regularly.
- Contract with a breach coach and forensics firm so they can immediately respond in the event of a cyberattack.
- Purchase cyber insurance that will provide both first-party and third-party coverage.
The insurance industry is responding to the growing need for risk transfer by food and agriculture businesses. For example, some insurers have extended the window of business interruption coverage from 30 days to as long as 120 days. Coverage also is becoming more affordable. Cyber insurance policies will pay for breach response costs including forensic analysis, data restoration, equipment damage and lost income. They also provide third-party coverage to defend against lawsuits filed by customers and business partners, pay for regulatory investigations and even fines in some cases.
In today’s world of hacking, system glitches and insider threats, the food and agriculture industry needs to take cyber risk management and cyber risk transfer to an enhanced safety level. Farmers, producers of livestock and the suppliers that rely on them are all subject to significant business interruption costs if their critical systems go down. In fact, cyber risk could pose an even greater threat than this industry’s traditional threats, such as drought and natural disasters. It’s time for agribusinesses to follow cybersecurity best practices to protect computer networks, take proactive steps to mitigate damage, and transfer risk in the event of a cyberattack.