Advancements in technology have not only benefitted Silicon Valley but have extended into agricultural valleys and fields. Since the mid-2000s, precision agriculture techniques have grown in use and accuracy to decrease agricultural production costs and increase outputs. As technology use increases, the cyber threats common to other industries are finding targets in agricultural technology as well. These risks have hit the Department of Homeland Security’s (DHS) radar, which it highlights in its recent report, “Threats to Precision Agriculture.” In that report, DHS cautions all those involved in the supply chain of precision agriculture, which includes everybody from farmers to industries that support farmers to the people who process and distribute the food produced, to increase cybersecurity measures around their precision agriculture technology and practices.
Precision agriculture uses embedded and connected technologies that rely on remote sensing, global position systems, and communication systems, allowing for a more precise application of fertilizers, seeds, and pesticides. A consequence of this new technology is the increased risk of cyber-attacks. Below are key threats DHS identified that the agricultural industry must mitigate against.
The DHS research group uncovered potential threats to the crop and livestock sectors using the Confidentiality, Integrity, and Availability (CIA) model of information security. Data privacy is a top concern when implementing precision agriculture. According to the DHS report, the following four unique threats were identified related to confidentiality:
- Intentional theft of data collected through decision support systems or unintentional leaks of data to third parties;
- Intentional publishing of confidential information from within the industry, such as from a supplier, to damage the company, or cause chaos;
- Foreign access to unmanned aerial system data; and
- Unscrupulous sale of confidential data.
As precision agriculture adopts equipment automation, robotics, machine learning, and edge computing, threats to data integrity are emerging in the agriculture sector in ways never thought possible. For example, a malicious actor could publicly release false data mimicking actual farm data prior to or during a livestock disease outbreak, or allege a crop disease, which could take months to resolve and affect the agriculture and foreign trade markets. Rogue data introduced into the sensor network could result in issues like under-watering or over-watering of a crop and destroying it. Faulty sensors in “smart” farm buildings could disrupt an HVAC system potentially adversely impacting the health of animals.
Farming and livestock operations heavily rely on equipment. According to DHS, threats to equipment availability manifest from both cyber-related issues and natural disasters. One scenario that DHS describes as threatening equipment availability is the potential of a malicious actor to disrupt several pieces of equipment at once during the small window of time for planting and harvesting, resulting in crop loss. GPS signals could also be disrupted as the signal spectrum is becoming increasingly crowded. In addition, DHS warns that foreign-manufactured equipment could potentially be remotely disabled through built in firmware backdoor access or through a malicious code sent to equipment during times of crisis or during key planting or harvesting windows.
What Should Farmers and Precision Agriculture Technology Companies Do To Mitigate Against Cyber Threats?
Farmers, precision agriculture technology providers, and any other parties in the supply chain, should implement recognized security controls to maintain and protect embedded and digital tools used in precision agriculture. While many of these controls are designed to be implemented by the equipment and software service providers of the precision technology, farmers should also implement some of these controls as part of their business. The DHS report recommends some key security controls to mitigate these cyber threats, consistent with security controls in other industries.
- Implement email and web browser protections;
- Limit and control network ports, protocols, and services;
- Inventory and control hardware assets;
- Inventory and control software assets;
- Account monitoring and control; and
- Separate operational technologies and business operations.
Farmers would also benefit from adopting the following data security controls:
- Data recovery capabilities;
- Data protection;
- Understanding who owns the data and including contractual provisions relating to data protection with service providers;
- Incident response and management plan; and
- Implement physical controls restricting access to key technology areas.
In its report, DHS highlights three overall areas to improve protection of systems and data and build resiliency into precision agriculture.
- Implementation of recognized information security controls to maintain and protect embedded and digital technologies used in precision agriculture.
- Development of agricultural industry standards for data and equipment, and privacy/use standards for data generated by precision agriculture.
- Building resiliency into rural navigation, communication, and embedded tool applications by developing multiple communication and computer processing paths.
Cybersecurity is no longer an issue reserved for tech companies. Because of the growing use of digital technology in traditionally non-technical industries, it is an issue that nearly all businesses, including agriculture, will have to confront.
A copy of the DHS report can be found here.