Cyber attacks on agricultural targets are not a distant threat; they are already happening. For example, in 2021 a ransomware attack forced a fifth of the beef processing plants in the US to shut down, with one company paying nearly $11 million to cybercriminals. REvil, a Russian-based group, claimed responsibility for the attack.
Similarly, a grain storage cooperative in Iowa was targeted by a Russian-speaking group called BlackMatter, who claimed they stolen data from the cooperative. While previous attacks have targeted larger companies and cooperatives and were intended to extort the victims for money, individual farms may also be at risk.
The integration of technologies into agricultural machinery, from GPS-guided tractors to artificial intelligence, may increase the ability of hackers to attack this equipment. And while farmers may not be ideal targets for ransomware attacks, farms can be a tempting target for hackers with other motives, including terrorists.
For example, an attacker could exploit vulnerabilities in fertilizer application technologies, which could lead to a farmer unknowingly applying too much or too little nitrogen fertilizer to a given crop. A farmer could then end up with either an under-expected crop, or a field that is over-fertilized, resulting in waste and long-term environmental impact.
Slow to appreciate the threat
Disruption of sensitive industries and infrastructure gives attackers a higher return on their efforts. This means that increasing pressures on the global food supply are raising the stakes and creating a stronger motivation to disrupt the U.S. agricultural sector.
Unlike other critical industries such as: finance and healthcare, the agricultural sector has been slow to recognize cybersecurity risks and take steps to mitigate them. There are several possible reasons for this slowness.
One is that many farmers and agricultural providers do not view cybersecurity as a big enough problem compared to other risks they face, such as flooding, fires and hail. A 2018 Department of Homeland Security report A survey of precision farming farmers in the US found that many did not fully understand the cyber threats posed by precision farming, nor did they take these cyber risks seriously enough.
This lack of preparedness leads to another reason: limited government oversight and regulation. In 2010, the US Department of Agriculture classified cybersecurity as a low priority. Although this rating was upgraded in 2015, the agricultural sector is likely to catch up for years. While other critical infrastructure sectors are numerous countermeasures and best practices for cybersecurity, the same cannot be said for the agricultural sector.
The Biden administration has indicated its willingness to help farmers take steps to protect their cyber infrastructurebut at the time of writing, it has not released any public guidelines to aid in this effort.
Approach with all hands
In addition to the urgent need for federal, state and local government policies and resources to prevent these types of cyberattacks, there is room for academia and industry to act.
From an academic research perspective, multidisciplinary efforts bringing together researchers from precision agriculture, robotics, cybersecurity and political science can help identify potential solutions. To this end, we and researchers at the University of Nebraska-Lincoln de Security test bed for agricultural vehicles and environments.
Farm equipment manufacturers and other industry associations can help by designing and engineering equipment that takes cybersecurity considerations into account. This would lead to the production of agricultural equipment that not only maximizes the yield of food production but also minimizes exposure to cyber-attacks.
George Grispos is an assistant professor of cybersecurity at the University of Nebraska-Omaha. Austin C. Doctor is an assistant professor of political science at the University of Nebraska-Omaha.