Today marks one year since Russian hackers targeted the world's largest meat processing company.
JBS endured a five-day shutdown of its meat processing plants in Australia, which affected 10,000 workers.
Operations in other parts of the globe were also impacted and the attack was only brought to an end after the company agreed to pay $14.2 million in bitcoin to the hacking group known as REvil.
An investigation by the Biden administration later found the hackers had gained access through an old network administrator account with a weak password that had not been deactivated.
The cyber attack on JBS wasn't the first to impact the agricultural industry; In 2020 Australia's wool sales and food and beverage company Lion's production both came to a halt due to separate attacks.
However, for many Australian farmers and agricultural businesses what happened to JBS shifted cyber attacks from a far-off possibility into the realms of reality.
There have been a number of important changes - at a local and global level - in the 12 months since.
Read more:
According to one cyber security expert with 25 years of experience in the field, the JBS and Lion incidents spurred on 'awareness raising' about cyber attacks within the food and beverage sector.
Lani Refiti is the ANZ regional director of Claroty - a cyber security firm focused on securing critical infrastructure such as power substations, dams, and manufacturing plants.
Mr Refiti said of all the sectors he has been involved in, food and beverage was by far the weakest in terms of its cyber maturity.
He said businesses had been prompted to find out exposure levels from a risk perspective, identify potential attackers and determine what their motives could be.
This coincided with the federal government amending the Security Legislation Amendment (Critical Infrastructure) Bill 2021, which boosted the number of industries recognised as critical infrastructure from four to 11.
The food and beverage sector's inclusion in this list also put cyber security on the agenda at a board level.
Cyber criminals linked to nation states
When people think of cyber attacks, the notion of a man in a hoodie operating in isolation from his basement usually comes to mind.
In reality cyber attacks are carried out by professional criminal organisations.
"When I started back in the industry in 1997 it was that, they were what we called script hoodies who basically ran scripts and just hacked for the fun of it," Mr Refiti said.
"Fast-forward 25 years it's now organised criminal groups, primarily they operate out of India, they operate out of eastern Europe, the old USSR in terms of the states, and they operate out of south east Asia.
"Over the last three years we've started seeing intel that they were operating either in conjunction with or under the auspices of nation states."
The geopolitical landscape has also changed significantly due to the Russia-Ukraine war.
As a result of this the Five Eyes intelligence alliance, of which Australia is a member, has warned its countries to expect more attacks on critical infrastructure.
Mr Refiti said if a sustained attack were to happen to Woolworths, Coles, AACo or Goodman Fielder it could cause food shortages.
"It's an attractive target for a nation-state or a cyber criminal group that's aligned to a nation state," Mr Refiti said.
"The reason I think agriculture, food and beverage, meat processing is most at risk is because compared to the other sectors like power, water and financial services, it is pretty immature from a cyber perspective.
"Now we believe they will be a tool used by the Russian government for cyber warfare against its enemies or countries that have supported sanctions and supplied weapons to Ukraine."
Securing infrastructure and improving cyber maturity
The risks posed to the agricultural industry is also being examined in a two-year research partnership between King Abdulaziz University in Saudi Arabia, Aix-Marseille University in France and Flinders University in South Australia.
The researchers' recently published an article titled, Cyber-security threats and side-channel attacks for digital agriculture, in the journal Sensors.
When it comes to the use of digital agriculture, this can be broken down into four layers.
- Sensing/actuation layer - where sensors are used to monitor plants or environmental conditions, and can perform specific operations.
- Gateway layer - the gateways between these sensors and the internet, which are typically a form of wireless communication.
- Storage/processing layer - Where the data collected from these devices is stored and processed, such as in the cloud.
- Application/user layer - where the user can control the sensors, see analytics extracted from the data and take action.
Flinders University senior lecturer in cyber security and networking Dr Saeed Rehman said these four layers increased the attack surface and there were potential vulnerabilities for each of them.
Dr Rehman said the research project was specifically looking into side-channel attacks, which is the leaking of the cryptographic key used for encrypting data.
"Typically in the information network we are encrypting the data and that encryption is the scrambling of plain text into ciphertext," he said.
"Those encryptions are applied to some hardware and that hardware if it's being accessed it can reveal the key for the encryption.
"If you have the encryption key, then whatever text has been encrypted is very easy to decrypt."
Dr Rehman said this hardware was pretty secure in devices like smartphones, however in agriculture this data was often not secure and could be easily compromised.
"What we have found out historically is there are different threat actors and they have different motivations," he said.
"Research shows farmers' networking equipment can be very easily physically accessible and there's often no incident response plan."
Dr Rehman and Mr Refiti agreed it was important to continue creating awareness as most attacks occur as a result of human error.
Improving cyber maturity - in people, processes and technologies - was the next stage of the process to protect an organisation and its assets from cyber attack.
"Almost 100 per cent of attacks on critical infrastructure originate by a user clicking on a link, downloading something, or opening an attachment they aren't meant to," Mr Refiti said.
"Almost 100pc of the time it will come in via the corporate IT - so your standard user in the corporate environment - and then the attacker will be able to get in and spread all the way down to plant, manufacturing, substations etc."
