Building Digital Security into Autonomous Tractors
Security by Design mindset keeps the farmer in control
To increase our cybersecurity posture and promote the security of John Deere’s systems, we have made cybersecurity a critical component of our new machines. We have added protective features to our hardware and software and updated the way new vehicles are engineered. Employees are thinking about security through every step of the development process and continuously evolving cybersecurity processes and solutions to minimize vulnerability to cyber-attack.
"In 2019, we established a Product Cybersecurity Organization which is providing the necessary expertise to protect vehicle software systems and customer data," said James Johnson, Chief Information Security Officer. "This allows us to build the right security controls into our vehicles as our teams are developing them. This is a culture change and a journey, and we’re excited about the partnership between our cybersecurity and product development teams."
The process for building security into all new Deere technologies begins with a risk assessment. The teams use the data obtained through the assessment to evaluate potential threats, such as possible safety concerns, and loss of customer data.
The assessment is especially critical for autonomous vehicles and understanding how to mitigate the risk of malicious attempts to access the tractors remotely. The results of the risk assessment funnel directly into the prioritized work of product development and software engineer teams, which leverage the information to modify and update the system’s software code.
"We work hard to ensure security is considered with every line of code we write," said Carl Kubalsky, Business Information Security Officer for Tech Stack and Cloud. "We know the agriculture industry isn’t immune to cyberattacks and we have to remain vigilant."
Instilling a vigilant, cybersecurity awareness mindset within the development community is further integrated into the “Security by Design” program that ensures Deere equipment is well protected, Kubalsky said. The program is led by security professionals with engineering expertise, who work with software engineers across the company and teach them how to think about security in everything they do.
"We’re on a journey to make security second nature to all employees, including our product engineers," Kubalsky said. "We see it as a core value, like we do integrity and quality. It’s critical for us to have this mindset so we can protect our customers and the equipment on which they rely."