Awareness is growing that America’s critical infrastructure is vulnerable to cyber attacks by the country’s enemies. Potential threats to nuclear plants, electric substations, gas pipelines, transit systems, chemical facilities and drinking water supplies have risen to the top of the national security agenda.
In February 2013, President Obama signed Executive Order (EO) 13636: Improving Critical Infrastructure Cybersecurity and released Presidential Policy Directive (PPD)-21: Critical Infrastructure Security and Resilience, which aim to increase the overall resilience of U.S. critical infrastructure.
Efforts to defend infrastructure have focused principally on energy, water, transportation and financial services.
But America has other vulnerabilities that hackers may seek to exploit. One is food production, according to Gary Golomb, Co-Founder of Awake Networks, speaking at Advisen’s Cyber Risk Insights Conference in San Francisco last week. Computerized farm equipment, for example, could be hacked and reprogrammed to plant seeds at the wrong depth, leading to crop failures.
U.S. agribusinesses increasingly rely on satellite-guided tractors and algorithm-driven planting services. Researchers have shown that attackers could create false GPS signals, which could subvert the guidance systems of farm equipment that rely on very precise satellite signals. Data breaches and data manipulation are a growing concern given a growing dependence on new “prescriptive planting” technologies that collect information on soil content and past crop yields to generate planting strategies.
The future of farming is likely more automation – and greater vulnerability. Technology trends point to increased use of drones and nimble robots that not only perform tasks, but also continuously stream data about growth rates, soil composition, water usage, and more to the farm office. More networked devices and more data mean more points of vulnerability.
Is the agricultural sector already being targeted? In 2013, a Monsanto subsidiary, Precision Planting, reported that the system used to manage the agricultural equipment services it provides to about 1,300 farmers was hacked. Credit card data and personal details on customers and employees were compromised, but authorities do not believe that stealing customer information was the goal of the attack.
An FBI investigation of a big cyber espionage operation linked to a foreign government found that the American Soybean Association had been targeted along with strategically significant government agencies and defense contractors.
The motives for the Monsanto and American Soybean Association incidents are unclear, but they highlight the fact that the bad guys indeed are interested in this sector. Undoubtedly other attacks within the agriculture sector have occurred, but have not been reported publically.
“Ag companies have already been hacked, and we tell people that,” said Mary Kay Thatcher, senior director of congressional relations for the American Farm Bureau Federation during a panel discussion a recent farm-outlook forum hosted by the U.S. Department of Agriculture (USDA). “It will happen, so farmers have to know that.”
There is only a “remote chance” of a major cyber attack against US critical infrastructure systems in the short term, according to James R. Clapper, Director of National Intelligence, in a 2013 report to the Senate Select Committee on Intelligence. However, “isolated state or nonstate actors might deploy less sophisticated cyber attacks as a form of retaliation or provocation.” A significant assault within the agriculture sector seems less likely than a major attack targeting the power grid or gas pipelines since attackers probably prefer targets providing more immediate and dramatic results. Nonetheless, the exposure is real and the outcomes are potentially catastrophic.
Farmers and ag companies, as well as their insurers, should be taking steps today to prepare for a future of highly automated farming where attacks are both more likely and potentially more devastating. Seed and farm equipment providers are responding to concerns about vulnerability and are investing more in cybersecurity. But according to Robert Fraley, Monsanto’s chief technology officer, in a Wall Street Journal interview, “As an industry, we’re still new to it.”