In our earlier columns, we explained that the agriculture sector has lately become one of the hot favorites for hackers. A more recent example is the attack on a dairy processing company in Green Bay. Malicious actors held their data hostage for $2.5 million, halting their business operations for three days.
That wasn’t an isolated incident in the year. Two renowned farming cooperatives were also victims of a significant cyberattack earlier this year. Ransomware attack on meat producer JBS was another prominent example. The supply chain attack forced JBS to close operations of all its US-based beef plants temporarily. Not just that, it also affected one of its Canadian plants, and its Australian operations were also paused until the other plants in various nations were back online. The meatpacking company confirmed that it made a very difficult decision to pay a ransom of $11 million. If agriculture businesses continue to ignore these big signs, the problems will only aggravate.
For the most part, the blame was shifted on the government for not creating cybersecurity guidelines and compliance mandates for the agriculture sector. Well, for one, that is clearly changing.
Senator Chuck Grassley (R-IA) and Senator Joni Ernst (R-IA) recently took the floor to note that with farmers adopting new technologies, their exposure to cyber vulnerabilities is also increasing exponentially. According to Senator Joni Ernst, “The ag sector is designated as critical infrastructure but historically has not received robust cybersecurity support from the government.”
She added, “Advancing technology and fulfilling food demands while also working to improve soil and water quality demands heavy reliance on interconnected devices and the internet, creating vulnerability.”
According to Davis Hake, co-founder and vice president of policy at Resilience Insurance, a cyber insurance solutions company, “There’s been an estimated 300% increase in ransomware money taken in by the Ransomware Task Force. Cybercriminals will focus on people making the attacks, and then they have a market that sells those victims to folks who go through the extortions. Then there’s a whole separate system for laundering that money.”
The senators urged congress to stress on cybersecurity of the agricultural sector. They said, “Agricultural security is national security.”
In a recent article, Alliant Cybersecurity warned that the rise of automation and the Internet of Things (IoT) had raised concerns about the security of agriculture. Many of the machines that operate in the industry are now prone to exploitation due to outdated software.
On the bright side, the government is now taking agricultural security more seriously. We believe the government should also incentivize companies and individuals who can provide solutions for securing these areas.
Strengthening the equipment
In July, the Biden administration has outlined a new national security memorandum to strengthen the country’s critical infrastructure sectors, including agriculture. The memorandum directs the Department of Homeland Security (DHS) to work with the Department of Commerce (DOC) to develop cybersecurity performance goals that will drive the adoption of effective practices and controls. National Institute of Standards and Technology (NIST) will play a role in that collaboration. NIST is revising its Guide to Industrial Control Systems (ICS) Security for these sectors.
Senators Ernst during her address to the congress pointed out the loopholes in the National Security Memorandum released by the Biden government. She noted, “the plan is voluntary and would severely limit its effectiveness.”
We believe, the first step can begin by making the guidelines mentioned in the memorandum, mandatory. Also, Adopting NIST standards to manufacture automation equipment that is secure by design is the key. IoT devices need to have additional security measures before they are deployed to the field. Because of the lack of a law, both the users and manufacturers blame each other for not adopting even minimal security measures for these pieces of equipment, which has become a significant cybersecurity liability.
Stay vigilant during the holiday season
Meanwhile, the CISA and the FBI have urged critical infrastructure companies to stay vigilant against threats during the Thanksgiving holidays and weekends. “Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” the agencies said in a statement.
They have also urged users and organizations to take the following actions to protect themselves from becoming the next victim:
- Identify IT, security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links, and conduct exercises to raise awareness.
Additionally, CISA and the FBI recommend maintaining vigilance against
- Phishing scams
- Fraudulent sites spoofing reputable businesses
- Unencrypted financial transactions.
