Are we giving enough credence to how vulnerable our food and farming technologies are to nefarious actors?
Hacked email accounts, credit card fraud, phishing emails – we’ve all dealt with digital security issues in some form. A recent talk from an agriculture-focused cybersecurity professional, however, prompted me to again wonder if we give enough credence to how vulnerable our food and farming technologies are to nefarious actors, not to mention our own tendency to inadequately prepare for the hazard.
Cybersecurity is absolutely critical for governments, companies, and even the individual to safely function in the modern world. This is a given, and something we’re reminded of each time someone experiences an attack.
The agriculture and food sector has certainly had it’s share of attacks. John Deere’s experience of hackers finding an array of security problems though its X9 combine is an example, though in this case the hackers highlighted and reported the issues instead of going for the company’s financial throat.
Others such as meat processor JBS were not so lucky. Having been crippled by a ransomware attack in 2021, the company was eventually forced to pay millions to recover its system.
Agriculture is big money, and thieves can smell it. This is the reality. But according to Andrew Rose, executive director for CyberAg, an American cybersecurity organization, the sector has been comparatively slow to protect itself. Indeed, he argues companies across the farm and food sector should take a more proactive approach when it comes to protecting their vital electronic systems and all the information contained within.
Hackers looking for a cash payout are not the only risk, either. Espionage and intellectual property theft are a long-standing (arguably ancient) hobby of international actors. Given the amount of investment at stake and technological development happening within agriculture globally – not to mention the fact that food production is, well, kind of important – the sector is bound to attract attention from those looking to make more immediate gains.
Rose targets China as a specific example. Now in its 14’th Five-Year Plan, the Chinese government is investing $ 378 billion in research and development, within which the pursuit of agricultural technologies is highlighted as an area of top interest.
“A lot of that money is used for what we might consider more espionage purposes,” says Rose, listing the country’s “1000 Talents” strategy as a means by which the government has acquired information in the past, including from American academics (allegedly). The 1000 talents plan is now, according to Rose, simply called a “foreign recruitment plan” by the Chinese state.
China is just an example, of course. There are plenty of countries, companies, academics, and other groups which don’t necessarily get along.
It’s not all doom and gloom, of course, and suspecting everyone and everything is not exactly healthy. Proactivity, conversely, is. Rose highlights a variety of strategies by which those in the agriculture and food sector have taken strides to protect themselves and the individuals, such as farmers, whose information is in their possession.
Embracing good hackers – colloquially referred to as “white hat” hackers and “bug hunters” – is a good way companies can test and beef-up their digital security systems. “Embrace bug hunters. These are ethical people doing it for a specific reason and they’re performing a fantastic service…they allow you to fix and address those flaws,” says Rose.
Training employees to be vigilant, and reporting suspicious activity to both IT professionals and law enforcement itself goes a long way. In the United States, for example, residents can even report incidents directly to federal law enforcement via www.ic3.gov. Rose adds aggregated data about cybersecurity issues has increasingly helped governments be more aggressive in going after bad actors, rather than strictly playing defence.
One has to wonder, however, if we’re collectively doing enough. First, consider how utterly and totally we rely on functioning digital systems. Now consider how much of your day is spent thinking about those systems. I’ll wager that, for most of us, the time spent is woefully small compared to the significance of the subject.
Now, add a major cybersecurity crisis to your morning newsfeed, something akin to the JBS example. How long do you and the people you work with spend thinking about the event? Does it cause you to think critically about yourself or the company you work for? Once the headlines disappear, are you still thiking about it?
Again, I’d wager most of us move onto what we (probably incorrectly) perceive to be more immediate concerns. We’ve all lived the disruptions which a pandemic can bring to an inadequately prepared global society. Many have questioned whether we’ll be smart enough to remember the experience once it’s eventually in the rear-view mirror.
Like COVID, cybersecurity crises don’t seem to connect with us unless we’re directly affected – and even then, do we really change our behaviour and focus in the aftermath? I’d like to think so. I hope so, anyway.