WESTERN PRODUCER — Ransomware attacks have become commonplace in North America.
In July, an attack shut down the computer systems in the town of St. Mary’s, Ont., locking its internal server and encrypting the municipality’s data, The Beacon Herald reported.
And last fall, an attack nearly crippled the health care system in Newfoundland. It disrupted emails, diagnostic images, lab results and forced the cancellation of thousands of medical appointments.
Typically, the hackers expect a ransom payment to restore the computer systems of local governments, health care systems and big or small companies.
So far, the hackers haven’t focused on the agriculture industry, but that may soon change, says a University of Guelph cyber-security expert.
Many farmers now employ a network of sensors, cameras and other devices as part of the shift to precision agriculture and use of big data in agriculture.
Those systems and technology make farmers more vulnerable to cyberattacks, says Ali Dehghantanha, who runs the Cyber Science Lab at the U of Guelph.
“The level of cybersecurity protection in agriculture is minimal to non-existent,” he said. “The agricultural sector is a soft underbelly from a cybersecurity point of view.”
Dehghantanha, who is a Canada Research Chair in Cybersecurity and Threat Intelligence, recently published a paper in Applied Sciences, reviewing the cybersecurity risks to agriculture and producers.
“SF (Smart Farming) and PA (Precision Agriculture) have the potential to enhance global food security and reduce agriculture’s impact on the environment, however to be able to realize this potential these technologies need to be protected from cyberattacks,” the paper says.
“These attacks can impose serious disruptions to global markets and especially to the economies of developing nations that are heavily dependent on the agriculture industry.”
The paper explains that precision agriculture and smart farming are part of the Internet of Things, where sensors, machines and other devices are connected.
In agriculture, an example would be sensors and computer systems that control how much fertilizer is applied to a crop, or precisely steer a tractor down a field.
“These IoT-based technologies create new cybersecurity vulnerabilities and cyberthreats which can be exploited to gain control on on-field actuators, sensors and autonomous vehicles such as tractors, drones, sprayers and planters, as well as related databases and applications,” the paper says.
The threat to agriculture boils down to the amount of technology used in the sector versus the amount of money and time dedicated to cybersecurity.
In a survey from 2019, Dehghantanha found the global market for smart farming technologies was worth more than $10 billion. But spending on cybersecurity in smart agriculture accounts for only about three per cent of total cybersecurity spending in North America. Other sectors, like health care and finance, spend far more on security.
An obvious threat is ransomware, where a cyber-criminal demands a ransom payment from a producer, Dehghantanha said.
But a much bigger threat is a potential attack on supply chains, which would hamper the larger food production system.
“Any disruption of infrastructure could cause disruption of the supply chain and affect food security.”
The paper details a number of methods that hackers could use to infiltrate a farm or company in the ag business and explains basic steps to prevent a cyberattack.
“It is not necessarily feasible for every farmer to be an expert at technology and cybersecurity threats in agriculture, (but) there are some cyber-safe behaviours… to reduce the security risk,” the paper says. “These include dynamic and secure passwords, frequent password changeover, data encryption, two-factor user authentication, and updating software when prompted. Avoidance of suspicious emails, links and not saving personal or financial data on browsers and auto-fill features are recommended too.”
Dehghantanha also recommends that producers know the people and companies who provide the precision agriculture and smart farming systems for their farm, and that they consider using companies that monitor cyberthreats.
“It’s too late if you search for a responder when you see a ransomware message.”