Over the past decade, the agricultural industry has experienced a technological revolution. Modern farming has been transformed by state-of-the-art technology ranging from robotic milking parlours and autonomous tractors to GPS-guided automotive sprayers, remote production oversight and data analytics. Undeniably, such advancements have led to improved efficiency and increased yields, however, they have also exposed the industry to a new threat landscape – cyber.
Farming might not immediately spring to mind when we think about industries susceptible to cyber-attack, but food and agriculture is part of the global critical infrastructure, and many farms are now as connected to the digital world as any other industry. With the adoption of smart technologies and particularly the use of the Internet of Things (IoT), the attack surface has increased and the potential impact of cyber risks on food safety, supply chain stability, reputation and financial security is severe.
IoT (Internet of Things) refers to interconnected devices that collect and exchange data. They are commonly used in modern farming, for example IoT-enabled sensors to measure soil moisture, temperature and humidity, allowing farmers to access real-time data and make informed decisions about irrigation, fertilization and pest control. IoT devices can be used to monitor the health and wellbeing of livestock, providing early warning signs of illness or distress. Equipment and fleet management also benefit from IoT technology, as do climate control and supply chain/perishable goods tracking. Vulnerabilities in IoT devices can be exploited by threat actors to gain unauthorised access to the device and its data. Data could be manipulated, processes shut down and operations disrupted. Because of the interconnectedness, a single compromised IoT device could be used to spread malware to other IoT devices throughout a network.
This malware could take the form of ransomware, malicious software that locks and encrypts the victim’s data, files, devices, systems so that they are inaccessible and unusable, with the attacker then demanding payment (ransom) to restore access. Attackers also often threaten to publish sensitive and/or proprietary information online. Data integrity is compromised and operations severely disrupted, if not halted entirely. The consequences of, for example, irrigation systems, processing lines, automated machinery, being shut down for days or even weeks, could be grave. Ransomware attacks against Hood Dairy in 2022 and Dole in 2023 illustrate that threat groups are indeed willing to target the farming and food industry.
Supply chain attacks also take advantage of interconnectivity. These types of attack seek out weaknesses and vulnerabilities within the complex network of producers, suppliers, distributors and service providers within the food supply chain. Threat actors exploit the trusted connections between parties within the chain, usually finding an easy target and infecting their systems with malware in order to gain unauthorised access to the rest of the supply chain. If undetected, the malware can then spread across layer upon layer of organisations within the chain. This becomes especially concerning when we consider the role of technology providers. A single technology provider may work with and connect into many agricultural organisations, so should they be compromised, then the impact could be widespread, affecting multiple downstream businesses. Disruption can lead to delivery delays, spoilage, remediation costs and the resultant financial losses for each and every affected company.
And let’s not forget social engineering, the business email compromise (BEC) and phishing attacks that organisations across all industries can fall victim to, including agriculture. Phishing attacks may attempt to trick users into divulging login credentials or downloading malicious software, which may result in threat actors gaining access to systems and/or data. Users may also be victims of BEC scams where a threat actor purports to be someone they are not (a supplier, or manager) in an attempt to trick an employee into transferring a payment into a threat actor-controlled bank account.
Employment of a diverse and seasonal workforce may mean that employees do not have robust and ongoing cyber security training, so may lack awareness and experience in recognising the signs of fraudulent emails or phone calls.
The consequences of cyber incidents within the agricultural sector can be far reaching. Of significant concern is the potential for compromised food safety, if threat actors have gained unauthorised access to data relating to food quality, contamination testing, traceability, chemical composition. This could potentially lead to the distribution of unsafe food products, result in product recall and reputational damage, with the associated financial implications.
The financial impact of any cyber-attack can be significant. Companies may be unable to access systems and data. Production may come to halt entirely, or at best, revert to slow manual practices. Costs will certainly be incurred for cyber incident response, recovery, investigation and remediation – getting the business back up and running. Revenue loss can be both immediate and direct (if they cannot supply their products, revenue will reduce), and also long term, with customers going elsewhere in the meantime and potentially not coming back.
Cyber risk mitigation methods are many and varied; there is no silver bullet when it comes to cyber security. Best practice would be to take a layered security approach, protecting digital assets with several layers, each providing additional defence. For example, access into a network should be tightly controlled, with users only being able to access what they need to in order to fulfil their duties. Multifactor authentication may be implemented, giving additional security. Firewalls deployed to control incoming and outgoing network traffic and provide network segmentation. Effective backups help in recovery and restoration. Encryption of critical and sensitive data may mitigate if the worst does happen. Of course, continuous employee training is vital, with adoption of a management-led cyber security culture of risk assessment, understanding and awareness being at the heart of all cyber security strategies.
Cyber threats in the agricultural industry are real and growing. Managing and mitigating these threats is a continually evolving challenge, but organisations in the sector need to make cyber security a priority.
If you would like further information or guidance on any aspect of cyber risk management, please get in touch with kay.hargreaves@crawco.co.uk or max.perris@crawco.co.uk.
