As technology evolves on farms, producers are opened up to new attacks to their livelihood. A report supported by the Office of the Director of National Intelligence and the Department of Homeland Security outlines the ways in which precision agriculture techniques could provide additional points of vulnerability to farmers.
“Precision agriculture is unique, however, because it took a highly mechanical labor-intensive industry and connected it online,” the report explains, “dramatically increased the attack space available to threat actors. Due to this, otherwise common threats may have unique and far-reaching consequences on the agricultural industry.”
The report defines the following attack categories:
- Data theft
- Stealing resources
- Reputation loss
- Destruction of equipment
- Gaining an improper financial advantage over a competitor
On-farm risks include the improper use of USB thumb drives, spear-phishing and/or malicious cyber-attacks
“The danger is not just cyber-attacks per se, but any danger which could negatively affect… such as natural disasters, terrorist attacks, equipment breakdown, or insider threats,” the report continues.
Here are 13 vulnerabilities for farmers to be aware of:
- Theft of data collected through decision support systems (DSS) or the unintentional leakage of data to third parties. As the number of apps and farm management software systems increase, farmer risk could increase. The report highlights privacy controls, user agreements, third-party applications and system update procedures are “haphazard at best. Many have been built by start-ups or university extension programs which outsource their programming and may not provide updates or patching.”
- Intentional publishing of confidential information from within the industry. This could be from a supplier to damage the company or cause chaos like in the 2014 Sony cyber-attack, the report says. If pricing and market data of farmers from a supplier were released it could be catastrophic for suppliers as farmers would lose all confidence in them.
- Foreign access to unmanned aerial system (UAS) data. Foreign governments or parties gaining access to senor collection data from a UAS provider could create national security issues. It could allow a foreign entity to aggregate agricultural information on the U.S.
- Sale of confidential data. This research indicated on such threat could be a company being approached with offers to sell their data under the table to commodity brokers or hedge funds, for example.
- Falsified data to disrupt crop or livestock sectors. False allegations of animal or crop diseases could greatly impact markets by discouraging foreign importers from buying U.S. product. It could take months to prove or disprove allegations once released, too. For example, if a malicious actor publicly released false data suggesting an outbreak of foot-and-mouth disease it could take months to resolve the export market implications.
- Integrating rogue data into a network to damage a crop or herd. This could have the greatest impact on high-value crops such as vegetables and fruit because they rely on senor technology the most. Hacking into senor systems could over- or under-water the crop and destroy it, among other threats. In livestock it could disrupt an HVAC system and hurt or kill animals.
- Insufficient machine learning models. “Insufficiently modeled algorithms, ‘100-year storm’ data outliers, and inherent biases in the data which creep into the predictive models can all have unintended and adverse effects.” Their research indicates this threat is small now but will grow over time.
- Timing equipment availability. Because planting and harvesting is such a tight window, a malicious actor could hack into one or thousands of machines to delay farmers—potentially causing them to get crops in or out late to negatively affect yield.
- Disruption of navigation, positioning and timing systems—space based. GPS signals are used by many and the U.S. uses 5G broadband for these systems. Crowding issues and loss of signal is routine and because most guidance systems rely on some foreign systems those could be used as leverage or lost during crisis or conflict. This could limit farmer access to these tools.
- Disruption of navigation, positioning and timing systems—ground based. Losing base stations for real-time kinematic (RTK) positioning could be accomplished by natural disasters at county or multi-county levels, severely impacting farmer operations.
- Communication disruption. Data transfer relies on signal and data bandwidth—a weak point for precision ag. Rural broadband isn’t always reliable. It’s the most likely threat to come to fruition impacting farmer availability of technology.
- Foreign access to equipment used in precision ag. There is some risk that foreign-manufactured equipment could be remotely disabled in bulk through either built-in firmware backdoor access or through malicious code. This would be particularly damaging during times of crisis or time crunch such as planting.
- Livestock production facility failure. Internet connected buildings that house and manage livestock could be hacked to disable HVAC or feeding systems both through malicious cyber-attack or through software failure or human error.