Risk of cyber attacks in agriculture increasing

Agriculture an easy target for criminals due to limited investment in cyber security

Machinery
There are several factors that make agricultural businesses an easy target for cyber criminals. Picture: Getty Images

There are several factors that make agricultural businesses an easy target for cyber criminals. Picture: Getty Images

Aa

Whether it's modern tractors, automated milking or automated feeding systems, ultimately these machines are controlled by computers or devices that can be compromised.

Aa

When it comes to cyber security in the agricultural sector, everyone has a part to play.

That's the view of cyber security expert and Forcepoint APAC strategy director Nick Savvides.

Mr Savvides said the threat of cyber attacks was increasing as the agricultural sector becomes more automated and more devices are hooked up to networks.

"Agriculture is one of the critical industries; we depend on it to feed ourselves and to feed the world," he said.

"That makes it an attractive target to cyber criminals."

Mr Savvides said cyber criminals pick victims based on several parameters.

Considerations included the likelihood of a business paying, ease of access to the environment and how critical the technologies are, and how prepared the business is to deal with an attack.

So what makes agricultural businesses an easy target?

Mr Savvides said it was generally because they haven't spent much money on cyber security.

"They don't have the same level of sophistication, they don't have the same level of investment in security, they haven't traditionally considered themselves with such issues," he said.

"If you're a cyber criminal and you're looking to target a financial institution or government department, well you're definitely facing an uphill battle; you'll need to be very sophisticated, very smart, very switched on and well resourced.

"While when you are looking at industries that have traditionally not really considered security and also have traditionally run on what I'd call separate networks or air gap networks, that are now connected, it makes them really attractive targets."

Forcepoint APAC strategy director Nick Savvides has been involved in the cyber security sector for more than 20 years.

Forcepoint APAC strategy director Nick Savvides has been involved in the cyber security sector for more than 20 years.

Mr Savvides said this was being seen not just in agriculture but in other industries where factories and utilities now had networks that were not previously connected to the internet or broader networks.

He said one of the other reasons these industries were relatively easy targets was the technologies being used were not easily secured.

"Even if they want to secure them, they're not as easy to secure as other corporate style environments," he said.

"The reason for that is the systems and tools and technologies that are typically used in these operational technology environments, as we describe them, are very old in design.

"It's not like a laptop where you can just push out an update that fixes a security vulnerability; if you've got a piece of equipment that's running a production line or a mill or something of that nature, you can't just change the software on them quickly to adapt to things."

Automation increasing access points for attack

Whether it's modern tractors, automated milking or automated feeding systems, ultimately these machines are controlled by computers or devices that can be compromised.

And Mr Savvides said the trend of automation on farms was not going to go away.

In fact, he said it was going to get stronger because more automation will be needed in order to drive up productivity.

"We live in a world where the future looks incredible from an automation perspective but we also have to ensure we do that safely and securely," he said.

"Because once we become dependent on that automation and technology, taking it away is extremely disruptive and very hard to recover from."

Mr Savvides said cyber criminals usually sat in one of two camps.

There are the ones who go broad base, attacking people at home for smaller sums of money like $500.

These groups need to churn through a lot of victims to build up a sizable payout.

The other camp was usually a smaller, sophisticated crew working to take down a single business.

These groups might spend a month on a campaign and request a payout of $100,000 to $500,000.

We live in a world where the future looks incredible from an automation perspective but we also have to ensure we do that safely and securely. - Nick Savvides

When it comes to Internet of Things enabled devices, Mr Savvides said attacks also fall into two categories.

"You have farms or systems that are connected to their own network within that farm," he said.

"So where an issue would occur it would affect that one farmer; that's tragic for that farmer but for the rest of the industry it's not that big of a deal.

"Now what you have is systems being connected to bigger systems and it might be monitored via a cloud service.

"A regional dealer has access to 30 or 40 different farms for maintenance and instead of compromising or taking offline one farm, you take off all of them that are using that equipment; that is much more terrifying."

Be prepared and ask questions

Mr Savvides said manufacturers need to do a better job at building more secure device systems and to make it easier for these systems to be maintained.

He said the people who install and service these devices also need to take responsibility for ensuring security patches or software updates are applied.

There are also steps farmers and agricultural businesses can take to be prepared before a potential attack occurs.

Mr Savvides said it was important to have a fallback plan and to consider how operations could continue in the event a network goes dark.

Read more:

When buying new technology he recommended asking questions and requesting a risk assessment from suppliers or the technicians integrating the devices.

The Australian Cyber Security Centre can be contacted for advice or independent cyber security consultants can be engaged to review the work being done.

"We can't expect the people who install, maintain and operate these to be cyber security experts, in the same way we can't expect people in the non-agricultural industry to be cyber security experts," he said.

"But we need to have a functional, working knowledge in order to at least understand what we are doing to try and protect ourselves, and defer to the experts who can help us in those scenarios."

Start the day with all the big news in agriculture! Sign up below to receive our daily FarmOnline newsletter.

The story Risk of cyber attacks in agriculture increasing first appeared on Farm Online.

Aa

From the front page

Sponsored by