Farm business cybersecurity an ongoing concern

“In ag and agri-food, most businesses are small and medium-sized. We are talking about a sector where the impact of an attack could be getting out of the business completely.” – Ali Dehghantanha, Canada Research Chair in Cybersecurity and Threat Intelligence.

Cybersecurity is a best practice in farm business risk management, but requires collaborative support to be successful and accessible.

Read Also

Farm business cybersecurity an ongoing concernFarm business cybersecurity an ongoing concern

We must protect farmland for the sake of future generations

Ontario farmers know better than most that this province is home to some of Canada’s richest and most fertile farmland….

“(Our food system) is a critical infrastructure at the intersection of every other critical infrastructure. When things go a little bit wobbly in the agri-food sector, we’re all affected,” says Janos Botschner, who leads the Community Safety Knowledge Alliance.

“But this isn’t just an issue of individual food security for the economic vitality of our particular sector. It’s also an issue of national security.”

Why it matters: Agricultural cybercrime events are threat to Canada’s food systems in terms of economics and consumer trust. Botschner moderated a panel discussion on cybersecurity in Canadian agriculture at the Future of Cybersecurity in Agriculture event held in Guelph last month.

Cybersecurity encompasses technical and engineering issues alongside a human component that no producer should negotiate alone, said Botschner, and the knowledge alliance has developed agricultural cybersecurity resources for producers.

Its “cyber barn raising” framework aims to increase awareness and provide guidance to producers by identifying agri-food sector issues, legislation, incentives and standards.

“(This) can really help everyone across the agri-food ecosystem do their part from the standpoints of innovation, support, regulation and ultimately resilience,” Botschner said.

Greg Wootton, OMAFRA’s assistant deputy minister and research and corporate services CAO, said cost is the initial concern, whether paying a ransom or implementing defence systems.

As cybercriminals become more proficient, and their attacks become more frequent and disruptive, he said the erosion of trust in Ontario and Canada’s food systems carries an equally heavy price.

“Food is not only a necessity, but it is also a cultural touchstone, a societal touchstone, so there’s that trust element,” said Wootton, adding that even with consistent inspections, digitalized systems increase vulnerability.

Greg Wootton, OMAFRA assistant deputy minister and research and corporate services CAO, says agri-food cyberattacks carry a heavy economic, public trust and producer welfare cost.

photo:
Diana Martin

It becomes a new mental health concern for producers who already bear the stress of managing crop or animal disease, weather and market challenges.

Katherine MacDonald, Agriculture and Agri-Food Canada director general of strategic management, information systems branch, said Statistics Canada figures indicate 20 per cent of Canadian businesses have been affected by cyber incidents, with an average downtime of 36 hours and an overall ransom payout of $600 million.

Of those, 0.8 per cent fell within the agriculture, forestry, fishing and hunting category, and 0.1 per cent paid ransom. MacDonald said the small percentage could represent approximately 1,600 producers with a much higher ransom payout than other sectors.

In early 2024, AAFC interviewed 1,300 people for a public opinion study that included cyber incident readiness. Here are some highlights:

  • Forty per cent of producers are concerned or very concerned that a cyber incident could disrupt their operations;
  • Larger operations were more likely to be concerned than smaller ones;
  • Nine per cent said they were victims of cybercrime, but MacDonald theorized a fair percentage were unaware of attacks;
  • Thirty-five per cent are somewhat or very prepared to ward off a cyberattack, 28 per cent are slightly prepared, and 37 per cent are unprepared;
  • Dairy operations are less likely than other businesses to report feeling prepared.

Ali Dehghantanha, University of Guelph associate professor and Canada Research Chair in Cybersecurity and Threat Intelligence, said a recent Accenture report showed that 60 per cent of small- and medium-sized Canadian businesses go bankrupt within six months of a cyberattack.

“In ag and agri-food, most businesses are small and medium-sized. We are talking about a sector where the impact of an attack could be getting out of the business completely.”

Dehghantanha said vendors won’t implement security protocols beyond the minimum required unless there are greater investment incentives, security requirements or standards.

“That lack of security and protection monitoring, all those things, is not only on the producer or the client side.”

Additionally, cybersecurity is a relatively niche skill set, and attracting talented people to work in the agri-food sector requires ag businesses to compete with other sectors.

Dehghantanha said the Netherlands, where government agencies collaborate and prioritize cybersecurity on a similar level as biosecurity, has initiated incentives and assistance for the agriculture and agri-food sector to achieve a higher level of cybersecurity.

“We are yet to see a very big cyberattack impacting society,” he said. “That will be a wake-up call for everyone.”

Source: Farmtario.com

Share