Ag-sector at high risk of cyber attacks, espionage

The risk of cyber attacks on agricultural businesses is ever-present and that risk might be increasing.

According to Andrew Rose, digital security expert and executive director for CyberAg, an American cybersecurity organization, companies across the farm and food sector should take a more proactive approach to protecting vital electronic systems and all the information they contain. 

Why it matters: Cyber security has been comparatively lax in much of the agriculture and food sector, leaving it vulnerable to attack. 

In a presentation during the 2021 virtual Precision Agriculture Conference, Rose said cyber attacks on the sector are increasing. As a recent example, he cited John Deere’s experience of hackers who found an array of security problems in its X9 combine. 

While the hackers in the John Deere case were not acting in a nefarious context — they highlighted and reported the issues, from which Rose says the company has learned — other companies have not been so lucky. Meat processor JBS, for example, was crippled by a ransomware attack earlier this year and forced to pay millions to unlock its system. 

Individuals and criminal groups are not the only villainous skulkers of cyberspace. Rose says the risk of espionage and intellectual property theft by state actors, such as the government of China, is a real concern for agricultural companies and institutions.

He says China is now in its 14th five-year plan, a governance method originally crafted in the Soviet Union, where the government identifies its central goals for the next five years. Within the current plan is a $378 billion investment in research and development, and pursuit of agricultural technologies is highlighted. 

Given the time frame and enormous investment, Rose says it is unlikely every technological advancement will come directly from domestic research. 

“A lot of that money is used for what we might consider more espionage purposes,” says Rose, listing the country’s “1000 Talents” strategy as a means by which the Chinese government has acquired information in the past. The 1000 Talents plan, which recruits Chinese citizens that are successful entrepreneurs or have studied in leading universities abroad, is now being called a “foreign recruitment plan” by the Chinese state, according to Rose. 

Embracing good hackers, colloquially referred to as “white hat” hackers or “bug hunters,” is a good way for companies to test and improve their digital security systems, says Rose. Employing the services of individuals or companies that try to gain access to a system, either by digital means or by direct access to an office, helps fix problems and build muscle memory in responses to security breaches. 

“Embrace bug hunters. These are ethical people doing it for a specific reason and they’re performing a fantastic service… They allow you to fix and address those flaws,” he says. 

Employees are often cited as a company or organization’s greatest risk when it comes to cyber attacks. While true in a sense, Rose says the network and observation that employees provide can also make them essential security assets. 

More eyes wary for suspicious activity allow law enforcement and IT professionals to get ahead of potential issues. 

For this reason, Rose says everyone who encounters something suspicious or abnormal should report the incident. Within a company, that means talking to the IT department. In the United States, residents can report incidents directly to federal law enforcement via www.ic3.gov.

Rose adds that the United States and other countries are trying to be more proactive and aggressive in preventing cyber crime and intellectual property theft, with some success.