Data Security

Cyber Threats Are A Real Threat To Modern Agriculture’s Expanding Digital Infrastructure

Wed, 12 Jan 2022 13:05:40 GMT

A malicious cyberattack in late May 2021 forced the shutdown of all of JBS’ beef plants and many of its pork and poultry plants. This attack on the world’s largest meat processor spotlighted the vulnerability of another critical American industry. This time, agriculture was the target.

According to the Harvard Business Review, the amount that companies paid to hackers grew by 300% in 2020. In the first 10 months of 2021, just six ransomware groups were responsible for breaching the cybersecurity defenses of 292 organizations. From those attacks, these criminal organizations had tallied up more than $45 million in ransom money.

Of all the cyberattacks and ransomware attacks in 2021, the breach of Colonial Pipeline in late April had the most news coverage. A ransomware group known as DarkSide with ties to Russia was responsible for the attack that shut down 5,500 miles of pipe and halted the flow of countless barrels of gasoline, diesel and jet fuel from the Gulf Coast to the Eastern Seaboard. To avoid further disruption, Colonial Pipeline eventually gave in to the ransomware group’s demands and paid the group $4.4 million in bitcoin.

Agriculture Is An Easy Target

Experts warn that as an industry, agriculture has a very soft digital underbelly that’s easily breached due to very limited investment in cybersecurity to date.

For an industry that is betting the farm on becoming increasingly digitally connected and automated, this should set off alarm bells in all sectors and all levels of agriculture—from the back 40 to the halls of Congress. As more devices are hooked up to networks and more tasks are turned over to automation, the opportunity and potential reward for cyberattackers will only grow exponentially during the next several years.

According to Vantage Market Research, the size of the global agricultural robot market is expected to reach $15.93 billion by 2028. That’s up from $3.63 billion in 2020 and represents a compound annual growth rate of 20.31% during the forecast period—2021 to 2028.

A private industry notification issued by the FBI’s cyber division on Sept. 1 listed five major attacks that occurred in the food sector since November 2020. The list included everything from a bakery company to a well-known beverage company to a large farming operation. Two more attacks—on grain co-ops, Iowa’s NEW Cooperative and Minnesota’s Crystal Valley—came less than a month after the FBI’s warning.

As with many of these “events,” the aftermath involves plenty of finger-pointing. In the fallout of the JBS attack, a good deal of blame was shifted on the government for not creating cybersecurity guidelines and compliance mandates for agriculture.

Sens. Chuck Grassley and Joni Ernst from Iowa recently went to the floor of the Senate to stress that more must be done related to cybersecurity within agriculture. They advocated: “Agricultural security is national security.”

It is foolish to think government alone can fix the issue or prevent future attacks. But, government can develop guidelines and performance goals. One of the first things that could be done is to adopt standards related to manufacturing automation equipment that is secure by design. IoT devices need to have additional security measures before they are deployed to the field. Because of the lack of a law, both the users and manufacturers blame each other for not adopting even minimum security measures for these pieces of equipment. This issue has become a significant cybersecurity liability.

What you can do

The rest of us must become increasingly aware and vigilant in fighting this war. Pardon the pun, but one could “lose the farm” because of an unforeseen cyberattack. Whether you are a CEO of a multilocation co-op or an individual farmer who has connected your operations and data to the “cloud,” you are a target, and this threat is not going to go away.

FBI Puts Ag on Alert: Ransomware Attack Potentially Timed to Critical Seasons

Fri, 22 Apr 2022 20:40:53 GMT

Farmers and ag cooperative employees need to be on high alert this spring. That’s according to the FBI , which is predicting cyber criminals might attack the industry during planting and harvesting seasons.

Why? Cyber criminals believe their prey could be more vulnerable and willing to pay off the extortion.

Since 2021, FBI reports multiple agricultural cooperatives have been impacted by a variety of ransomware variants:

In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer, and logistics services, which are critical during the spring planting season.
In February 2022, a company providing feed milling and other agricultural services reported two instances in which an unauthorized actor gained access to some of its systems and may have attempted to initiate a ransomware attack. The attempts were detected and stopped before encryption occurred.
Between Sept. 15 and Oct. 6, 2021, six grain cooperatives experienced ransomware attacks. A variety of ransomware variants were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had to completely halt production while others lost administrative functions.
In July 2021, a business management software company found malicious activity on its network, which was later identified as HelloKitty/Five Hands ransomware. The threat actor demanded a $30 million ransom. The ransomware attack on the company led to secondary ransomware infections on a number of its clients, which included several agricultural cooperatives.

These attacks resulted in service issues, production disruptions and loss of access to administrative functions.

In a public advisory , federal officials say a major disruption of grain production would impact the entire food chain.

What You Can Do

The FBI is asking those in agriculture to take defensive measures against the potential threat. Those steps include:

Regularly back up data, air gap and passwords. Make backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
Identify critical functions and develop an operations plan if systems go offline. Think about ways to operate manually if it becomes necessary.
Implement network segmentation.
Install updates/patch operating systems, software and firmware as soon as they are released.
Use multifactor authentication where possible.
Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong pass phrases where possible.
Require administrator credentials to install software.
Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.
Install and regularly update anti-virus and anti-malware software on all hosts.
Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).
Consider adding an email banner to messages coming from outside your organizations.
Disable hyperlinks in received emails.
Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).

Tools and Resources

Tips for Protecting Yourself Against Ransomware Attacks

For additional resources related to the prevention and mitigation of ransomware, visit Stopransomware.gov

CISA’s Ransomware Readiness Assessment (RRA) is a no-cost self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident.

CISA offers a range of no-cost cyber hygiene services to help critical infrastructure organizations assess, identify, and reduce their exposure to threats, including ransomware. By requesting these services, organizations of any size could find ways to reduce their risk and mitigate attack vectors.

Watch our report on AgDay TV:

Read More

Popular Online Farm Equipment and Land Auction Service Sites Crippled by Ransomware Attack

John Phipps: Is a Possible Cyberwarfare Attack Looming for Your Farm? Why Tractors May Be Next

John Phipps: Is North Korea the New Breeding Ground for Cyber Warfare?

Cyber Threats Are A Real Threat To Modern Agriculture’s Expanding Digital Infrastructure

Is your produce business prepared for a cybersecurity attack?

Wed, 31 Aug 2022 21:25:03 GMT

In response to what it says is a “significant increase in the frequency of ransomware and other cyberattacks,” ProduceSupply.O rg, a consortium of North American produce suppliers working together on technology initiatives in fresh produce, has released the first revision of the PSO Cybersecurity Best Practices for Produce Suppliers to provide produce companies with a framework to defend and protect themselves from cyberattack.

“There have been high-profile, invisible cyberattacks on members of the agricultural community in just the last five or six months and as recently as April, [which prompted] the FBI to put out their cybersecurity advisory for the agricultural sector,” Eric Regnier, information and technology security manager at ZAG Technical Services, told The Packer.

Cyber criminals are specifically targeting agricultural companies when they’re at their most vulnerable or most operationally sensitive, like when they’re trying to get crop out of the ground, added Regnier. This timing improves the cyberattacker’s ability to extract a ransomware payment.

The growing threats prompted the PSO to form the PSO Cybersecurity Council in December 2021. The council is comprised of 16 information technology professionals from 10 produce companies, including Calavo Growers, Duda, Foxy Produce (The Nunes Company), Grimmway Farms, L&M Companies, Oppy, and Tanimura & Antle. ZAG Technical Services, a provider of information technology for Western agribusinesses, donated its technical expertise to the initiative as subject matter experts.

“As a commodity-based industry, PSO members are reliant on each other and our ancillary suppliers to deliver fresh, perishable produce into the supply chain on a 24/7 basis — and cyberattacks can thwart those efforts,” said Johnny McGuire, chairman of the PSO Cybersecurity Council and IT director for The Nunes Company, in a statement. “The PSO wanted to introduce some actionable best practices that suppliers can take back to their IT departments and implement immediately.”

Based on the National Institute of Standards and Technology Cybersecurity Framework and tailored to meet the specific demands of the fresh produce industry, the guidelines are broken down into three tiers — high, middle and low — and meant to provide actionable guidance to improve cybersecurity defenses for companies of all sizes. Companies can determine what their tier is with the implementation tier calculator.

“Thinking about security is quite daunting for any organization, and particularly for resource-constrained organizations,” said Regnier. “It’s easy to get paralyzed in the process, and it can become so overwhelming that it’s hard to understand where to even begin.

“What we endeavor to do with these standards is to take the NIST cybersecurity framework, which is a globally recognized standard for cybersecurity, and develop a roadmap for the implementation of cybersecurity standards and best practices that are sized to the organization to make it achievable and easily understandable,” added Regnier.

Small companies are targets, too

Everyone with a presence on the internet is at risk, said Regnier, including smaller companies that think they’re flying under the radar due to their size. “Oftentimes, cyber criminals are actively looking for ways to get into small companies every bit as much as larger ones,” he added.

The PSO is offering these standards, which are free and open to all, with the goal that anyone who needs or wants them can access them. The consortium hopes that, by creating a forum for transparency and the sharing of best practices, the produce industry can better protect itself.

“We hope that people will go to our website, download our standards and start talking about them internally,” McGuire told The Packer. “A lot of this starts with management. They have to buy into it, and we certainly see a lot of analogies between preparing for a cyberattack and with what happened with food safety in the Salinas Valley in 2006.”

Seeking to be a resource across the industry and its organizations, the PSO formed the Cybersecurity Council and established cybersecurity standards to be openly shared for the benefit of all.

“There’s nothing more important than protecting the nation’s food supply,” said Erik Larsen, chief operating officer of PSO. “These standards provide a framework for building safeguards across the industry we care so much about.”

2024 AgTech Predictions: 5 Trends To Watch

Tue, 09 Jan 2024 16:51:10 GMT

In 2023 the agricultural industry faced challenges from extreme weather to supply chain issues.

Ron Baruchi, CEO of Agmatix, outlines the key trends he anticipates impacting the agricultural industry over the coming year:

#1 - Generative Artificial Intelligence in AgTech

Of all the 2024 trends in digital agriculture, the role played by Gen AI, or generative AI, is likely to be one of the most significant. The potential of Gen AI on the global economy is already being calculated in trillions of dollars. There is a historic opportunity to optimize processes, cut costs, and importantly, fuel innovations through improved modeling to fuel decision-making. Companies are already using Gen AI through Digital Crop Advisors, allowing agronomists to distill agronomic data into actionable recommendations for farmers.

These tools enhance crop management by analyzing big agronomic data, providing AI-supported insights to optimize production practices. This helps farmers understand patterns affecting the performance of crop varieties and production on their specific farms, and tracks climate trends to help farmers become more resilient to the changing climate.

#2 - Using Digital Twins to Optimize Field Trials

An interesting 2024 trend is increased integration of digital twins into field tests and field test planning. A digital twin is a digital model or a virtual representation of an actual physical product, system, or process. These allow researchers and designers to experiment as though they were handling its physical counterpart, reducing the need for expensive and time-consuming field trials.

Generating real-world data is a costly and time-consuming process, averaging more than 150 studies and over 11 years to register a new active ingredient. From 2010-14, developing a new crop protection product cost around $286 million, of which, $47 million (approximately 16%) was budgeted for field trials.

Synthetic data can enhance the performance of digital twins. Based on real-world data, synthetic data can supplement data gaps, significantly reducing the time, cost, and effort in bringing new agricultural products to market. These tools provide a competitive edge for agricultural input suppliers seeking regulatory approval, or seed companies that rely heavily on experimentation to improve their seed genetics.

#3 - Technical Innovation in Regenerative Agriculture

Greater technical innovation and research into regenerative agriculture will continue over the coming year. Essentially mimicking natural process and biodiversity on agricultural land, the ultimate aim of regenerative agriculture is to improve soil health in order to boost yield.

To address the challenges of climate change and feed a global population of over 8 billion, regenerative agriculture is vital. Digital tools use accurate, up-to-date data to create tailored regenerative agriculture solutions. These consider soil conditions, weather conditions, microclimates, and current crop growth or land use, as well as individual budgets and local regulations.

Platforms offering site specific data will likely reign supreme in 2024. A view of sustainability that extends beyond simple carbon metrics and one-size-fits-all solutions is necessary and will enable the establishment of realistic, actionable objectives for growers, promoting sustainability and formulating strategies tailored to local environments.

#4 - Managing Data with Advanced Cloud Solutions

Innovation in agriculture is often data-dependent and the cloud gives researchers the ability to collate, manage, and extrapolate information from data in a way that was previously unimaginable. Anticipated exponential growth in farm data emphasizes the transformative impact - IDC has estimated that by 2036 the amount of data collected on the farm will increase by more than 800-percent. Cloud tools enabling real-time access to field trial data reduces trial duration and cost, and the volume and scope of trials can be increased.

Cloud applications span every aspect of agriculture, optimizing crop management, soil insights, multi-season crop monitoring and analysis, and leveraging local knowledge for decision-making. Cloud-based solutions foster collaboration between researchers, agronomists, and farmers, providing R&D companies with an efficient, cost-effective and scalable solution.

#5 - Innovation Across the Agricultural Spectrum

Agriculture’s innovative history is turning towards sustainability and environmental protection, marking a transformative era. The new year will see progress in climate-resilient crop development.

At the farm level, digital technologies empower farmers to process and use the data they collect. AgTech solutions can help farmers and agronomists measure and demonstrate the return on investment of agricultural technologies. Amidst global challenges, stakeholders using AI and machine learning will drive unprecedented innovation in food production.

About the Author - Ron Baruchi, President & CEO, Agmatix

With over 20 years of experience in the technology sphere, Ron is passionate about using data to solve complex problems. He has used his expertise in technology and AI with Agmatix to improve crop yields and quality while limiting environmental impact.

Agroterrorism: Webinar Explores Multiple Threats to U.S. Food and Ag Supply Chain

Mon, 26 Sep 2022 16:23:05 GMT

Andrew Rose, agriculture industry consultant, will join Clinton Griffiths, host of “AgDay TV” and editor of Farm Journal magazine, to discuss the threat of agroterrorism to America’s food supply during Farm Journal’s next Farm Country Update .

The free online event is titled “Agroterrorism Remains a Significant Threat to U.S. Farms and Food Supply” and is set for Wednesday, Sept. 28, 2022, at 3 p.m. CDT.

“There are many threats to our food and ag supply chain including climate, geopolitics and those who seek to harm our ability to provide reliable food for our country,” said Rose. “Clinton and I will explore some known threats to the food and ag supply chains and delve into the agroterrorism aspects of perception, actions and remedies.”

The event will address all aspects of agroterrorism from property vandalism and biological weapons to cyberattacks and corporate espionage. The discussion will include how those events can impact food production, distribution and profitability of agriculture businesses as well as how U.S. farmers can protect themselves from these risks. Audience participants will be able to submit questions to the discussion.

“America’s farmers do a fantastic job focusing on producing an abundant food supply,” said Griffiths. “Unfortunately, for a host of reasons, there are bad actors hoping to stop, steal or destroy their ability to do that work. Andrew is the person to tell them what to watch for, who may be trying to impact their farm and why.”

Register now for this free online event at www.farmjournal.com/farm-country-updates /. All registered attendees will receive on-demand access to the session when available.