August 19, 2015

By Garrett Baldwin

The threat of cybercrime in farming is expected to continue to rise in the coming year. In this two-part series, Global AgInvesting sat down with Dr. Timothy Summers, one of the leading experts on hackers, who is responsible for developing the field of hacker cognitive psychology. This article outlines the threats and several solutions to addressing targeted attacks on the agricultural sector.

In order for international food suppliers to support a population of nine billion humans, farming and agribusiness companies will need to boost global food output by 50% by the year 2050.

Part of the equation to ensure that is possible is the broad adoption of data collection and technological integration into farming operations and the global supply chain. But for every positive that technology offers in order to address a global problem, a threat emerges.

The global food and agribusiness industry has remained largely untouched by cyber criminals over the last decade. But the growth of data collection and automation has created a slice of opportunity for hackers and rogue nations to attack a nation’s food supply chain.

The Threat to Farming

The rise of algorithmic-driven planting and satellite-operated tractors continues to boost the emphasis on technology and not humans for growing purposes. The challenge, unfortunately, is that the individuals who develop these technologies typically do so with security ranking behind functionality and ease-of-use during their construction.

Meanwhile, critical data is an attractive hacking target by individuals targeting the agricultural sector for financial gain, activist/political purposes, cyber warfare, or to obtain technological gains and intellectual property. However, the bulk of these attacks are happening at the corporate level where large swaths of information are being collected for the purposes of broader analysis. In fact, Monsanto announced last May that a hacking attack left customers’ payment data exposed, while activist hackers have attempted to gather corporate data to expose and embarrass the company. The concerns over cybersecurity have seen datacentric companies like Monsanto Co. and Deere & Co. invest significantly.

At the farm level, however, operations remain susceptible to interference by cyber criminals. According to the October 2014 Farm Bureau survey, 87% of farmers lack a response plan to what they would do if the company holding their data experienced a security.

Putting the Threat into Perspective

During a conversation with the Wall Street Journal, Corey Reed, a senior vice president with Deere, admitted that hackers have put a bull’s eye on farming information. “There are people around the world waking up every day figuring out how to get into this data,” he said.

In 2013, in California alone, the most recent year for which a full crop year report is available, California’s 77,900 farms and ranches received $46.4 billion for their output.

For industrial farmers, data breaches and manipulation are especially worrisome, considering that many rely on new farm-management services that collect information on soil content and past crop yields to generate planting recommendations.

So, how can a company reduce its exposure and begin to address the threat of cybercrime?

“In regard to boosting the education about cybercrime, it would be advantageous for organizations like the U.S. Department of Agriculture, Monsanto, and Deere & Co, to build a cybersecurity forum geared toward agriculture to work to educate and inform farmers about the risks that come with precision agriculture,” said Dr. Timothy Summers, CEO of Summers & Company, which specializes in organizational design and cyber strategy.

Cyber Forums are Slowly Emerging

Companies and farmers need to operate under the assumption that a breach has happened or that one will happen in the near future, according to Dr. Summers. That simple mindset has the capacity to boost communication and understanding in how and why cyber-attacks occur.

Universities are working diligently to lead the academic and political efforts to ensure that companies and organizations dedicate themselves to sharing information and ensuring that data platforms reduce the potential of security breaches.

Purdue University, for example, operates the Open Ag Data Alliance, a project designed to integrate third-party auditing in security and to boost data privacy and security. Companies engaged in the project include AgReliant Genetics, CNH Industrial, GROWMARK, WinField, and The Climate Corporation.

However, some companies are overly protective of any information about possible breaches or personal data security. Food and agribusiness would benefit by adopting many of the security protocols adopted by financial companies and other sectors that are boosting information-sharing in order to ensure better preparation and reaction time to software glitches or cyber events. This includes the creation of cooperatives that share best practices, assigning a Chief Information Security Officer to the Board of Directors, and adopting a philosophy of “assumed breach” to accompany external evaluations of employees and potential weaknesses to their software platforms. As Dr. Summers notes, roughly 90% of cyber breaches are rooted in human error, meaning that every employee is a potential source of a breach due to factors of which they may or may not be aware.

For farmers, companies that are selling expensive, precision-based equipment must make them aware of the associated risks and help them implement best practices on how to handle sensitive data.

—

In the next installment in this two-part series, Global AgInvesting looks at who and where cyber threats to a food and agriculture are coming from.