A new report from the U.S. Department of Homeland Security called Threats to Precision Agriculture warns against the cybersecurity risks faced by the emerging technologies being adopted by the agricultural industry. Known as “precision agriculture,” the technologies include internet of things (IoT) devices such as remote sensors and global position systems (GPS) and the communications networks that support them. These devices generate large amounts of data which is then analyzed by machine learning systems to improve crop yield and monitor the health of livestock.
"Confidentiality, Integrity, and Availability (CIA) are the bedrock principles of information security," stated the report. "Threats against precision agriculture systems can threaten any one of these. The danger is not just cyber-attacks per se, but any danger which could negatively affect CIA, such as natural disasters, 4 terrorist attacks, equipment breakdown, or insider threats. Based on the diverse nature of the crop and livestock sectors, different aspects of the CIA model were identified as assuming greater importance at different points in the agriculture production chain. Key threats, unique to precision agriculture or where an impact would be magnified by precision agriculture adoption, have been identified under each principle in the CIA model."
The report warns that common cyber threats, such as spear phishing, malware, and improper use of USB thumb drives, could compromise these automated systems that the agricultural industry is coming to rely on. A successful cyberattack could lead to theft of confidential data, destruction of equipment, loss of resources, and reputational damage.
There are several hypothetical scenarios that the report puts forth as potential risks. One of these imagines a situation where a hacker activist–or “hacktivist”–who is against the use of antibiotics in livestock, steals data collected to monitor the health of cattle herds from a farmer. The hacker then modifies the data to make it look as though the herd is suffering from foot and mouth disease, releases it onto the internet, and falsely claims there is an outbreak. This could create a panic that may take weeks or months for researchers to disprove. But in the meantime, the industry would suffer large financial losses as sales plummet and exports are brought to standstill.
Agricultural cyberattacks pose a threat not only to farmers, livestock producers and workers, but also industries that provide supplies to them, such as fertilizer producers and seed companies. Organizations that support agriculture, like trade associations, food processors and commodity brokers are also at risk.
To prevent the worst from happening, the report recommends agricultural firms adopt computer security best practices. In addition, they should develop industry-wide standards for equipment interoperability, data transfer between proprietary systems, and create privacy standards for users.