A John Deere Publication
Person holding a computer chip with a metal lock on it

Cyberattacks are crimes of opportunity. Other sectors of the economy have taken major steps to make it more difficult to breach their systems. But because data security isn't even on farmers' radar, they're becoming low-hanging fruit for hackers.

Ag Tech, Education   November 01, 2023

Password 123

.

How secure is your farm's data?

By Lorne McClinton

The clock is ticking; it's just a matter of time before a cyberattack will cause a major disaster for a farm in North America. Dr. Ali Dehghantanha, Director of the University of Guelph's Cyber Science Lab (CSL) in Ontario, expects the first bad one will happen any time now at one of the large dairies in the United States. All their servers and automated systems will be locked down and encrypted. Unless they pay a ransom, or a cyber security company bails them out, they'll be milking, feeding, and watering manually.

"Cyber security is close to nonexistent in agriculture," Dehghantanha says. "It's not even on farmers' radar."

It's a growing problem too. The CSL investigated just four cyberattacks in all of 2019 but had already received 20 reports from farmers and food processors in Ontario by the end of July 2023. Roughly 2/3 of these were attacks on farms. Part of the reason for this, Dehghantanha says, is other sectors of the economy have improved their cyber security and agriculture hasn't. So, farmers are becoming the lowest hanging fruit for hacking groups.

"Almost all were cyber-crime related, primarily ransomware," Dehghantanha says. "But we just saw our first case of an activist group hacking a farm. The group used a ransomware-as-a-service to lock down an Ontario hog farm's server. Their screens showed a message saying they wanted the farm to publicly apologize for how they treated their animals. Fortunately this type of ransomware was known to us, so we were able to unlock them."

Dehghantanha says hacktivist attacks are more troubling than ransomware attacks because ransomware attacks are done by professional criminals, so in the worst-case scenario you can just pay the ransom through a cyber security company. Hacktivists don't want money though. They just want to further their cause.

What can be done? "The most critical thing that needs to be done at the industry level is for Agriculture and Agrifood Canada (or the USDA in the United States) to convene a working group to develop a cyber security standard for the farming sector like the energy and financial sectors have done," Dehghantanha says. "Once they're in place all vendors can build to that standard and farmers know what standards they need to follow."

  • brown haired person smiling with white shirt
  • closeup of white flash drive with sticker with the word spray on it
  • closeup of hands holding cellphone
  • pixelated image with yellow red and green stripes

Above. Shirene Garner urges farmers to install end-point protection, like anti-virus programs, on any device that allows it. And use auto-update functions to keep programs and systems current too. Cyberattacks on farms are still rare but they're rapidly becoming a problem.

 

Cyber-hygiene. "First and foremost, utilize good cyber-hygiene starting with a strong password," says Shirene Garner, Principal Architect for Global IT Security with John Deere in Moline, Illinois. "It should not be Password123. It should use a variety of capitals, numbers, and special characters. Don't use the same password for every account you have. A password manager program is the number one way to keep them all straight. Wherever possible use multifactor authentication to add a second level of protection. Change the default passwords on your routers and other network devices too."

"This is critical because you are the one that's responsible for your devices' security, not the vendor," Dehghantanha says. "If your computer is the source of an attack that causes 3 million dollars damage to say the Royal Bank of Canada, be absolutely sure they'll come after you for it."

The top way cyber criminals get into your system is through phishing attacks, Garner says. Some are very sophisticated. If an email supposedly from UPS comes in saying there is a problem, go to the UPS site, don't click on the link in the message.

Identify your most critical data and take extra steps to protect it, Garner says. Store it in an external drive that's not always connected to the system. That way if worst comes to worst, you won't have lost it.

Dehghantanha recommends building a relationship with a cyber security firm, so you'll have someone to contact if you get into trouble. If you do fall victim to a ransomware attack don't just pay it, handle it through your cyber security vendor. That way if there ever is an investigation you won't be shut down for funding a criminal enterprise. ‡

Read More

Dry landscape with hills and trees

AGRICULTURE, RURAL LIVING

Food Desert to Foodshed

Local food takes effort in dry farm country.

Food Desert Full Story
Group of people standing in a barn

AGRICULTURE, FARM OPERATION

Rising to the Occasion

Family steps up during time of crisis.

Rising to the Occasion Full Story

More from The Furrow

Read Latest Articles Browse Back Issues