Cyber Threats to Agriculture
Global agriculture has rapidly moved from human or animal powered to mechanical to computer based solutions.
Autonomous agricultural equipment is seen as a solution where human or animal power is difficult to source. Muddy Machines are developing an autonomous asparagus harvester, ‘Sprout’. The Asparagus harvesting season is short and the task labour intensive making the hiring of labour difficult. The Small Robot Company is developing 3 robots for more generalised crop harvesting and monitoring. Drone solutions are in development for surveying fields and monitoring crops. The fist sized robot Crover can crawl through grain silos and detect any potential risk from spoilage.
Kindus are not saying that any of the systems just described are not secure. They are included as examples of how automation is entering the agricultural sector. Computerised systems are also being introduced to make decisions on what to plant and when? Where preparations such as fertilisers or insecticides are to be used? As well as to gather data for government reports destined for tax returns or grant aid.
In the Amazon TV series ‘Clarkson’s Farm’ Jeremy Clarkson invests in a Lamborghini tractor (Feruccio Lamborghini produced tractors before launching his car company) demonstrating how sophisticated farm machinery has become. Another manufacturer, John Deere, installed bespoke control systems on its tractors that could only be repaired by approved John Deere technicians. This pushed up repair and maintenance costs to the farmers. A solution is to replace the factory firmware with hacked systems that cost less than the John Deere technician fees. It is reasonable to argue that the owner of machinery should have the right to repair it but there is no guarantee of the reliability or security of any 3rd party solution.
With increased demand for food and a global supply chain; introducing connectivity brings a cyber risk to a sector that may not be prepared for it.
The majority of farms will not be close to urban areas with reliable and fast data connections to hand. Some may be in remote environments with very limited computer or even electronic infrastructure. Where WiFi is not able to connect to a wired Internet backbone radio signal alternatives will be required. Even a relatively well established solution such as Sigfox only has limited presence outside Western Europe. Agricultural software solutions will be vulnerable not only at the device level but from disruption to key nodes in their connectivity.
Software failure on individual machines will affect some farmers but where machines are remotely connected a failure could disrupt the entire harvest of a crop. Keeping up with the global demand for food requires minimising costs. This cannot be at the expense of ignoring security risks. The potential damage from disrupting the food chain makes it an attractive target for hackers. For example the meat processor JBS paid out $11 million in 2021 to resolve a ransomware attack.
Farmers need to aware of possible security risks and the impact on their income if their systems fail. If a solution is not practical, such as the John Deere software, then a ‘jury rigged’ local fix may override the original project objectives. System suppliers need to consider these human as well as computer risks and threats when rolling out solutions.
As industries become more connected then so does their vulnerability to equipment failure and cyber attacks. Kindus are here to provide information, advice and solutions for all business sectors not just those traditionally considered as reliant on computers.