U of G researcher says farmers need to ensure their technology can ward off threats
James Pascual
Farmers Forum staff
GUELPH — World-wide farm agriculture equipment maker AGCO suffered a crippling cyberattack on May 5 when access to its computer system was shut down by ransomware. Ransomware is malicious software designed to block access to a computer system and hold it hostage until money is paid. The Duluth, Georgia, based company, has not divulged how much money, if any, it paid out to criminals but stated that the majority of its operation was secured and back up and running after a week.
AGCO has 1,810 dealerships in North America. Immediately following the ransomware attack, dealers were struggling to keep up with orders that were already backlogged, Reuters reported.
The world’s largest meat packer JBS SA, suffered a partial shutdown in 2021 also due to ransomware. Much smaller companies have been targeted. So have hospitals and schools. In late August, Canadian recreational vehicle maker Bombardier was cyrberattacked for the second time.
More than 1.2 million ransomware threats per month have been detected by Barracuda Networks between January to June 2022, which was higher than the same period in 2021, TechRepublic reported.
Canadian farmers should also be concerned as they adopt more on-farm smart technologies.
A University of Guelph computer scientist is now in charge of the only Canadian university research centre investigating an increasing number of cyberattacks on farm networks. Besides helping farmers fight off hackers, Dr. Ali Dehghantanha hopes his pioneering research helps to arm producers in preventing such attacks and spurs governments to develop data security standards for the agricultural sector.
“We need to think about it before things get out of control,” said Dehghantanha, whose Cyber Science Lab is part of the School of Computer Science at the university.
Smart farming and the increasing interconnected sensors, smart meters, cameras and other devices leave farmers more vulnerable to “data insecurity” and potential cyberattacks, the Guelph researcher said.
But spending on cybersecurity in smart agriculture accounts for only about three per cent of total cybersecurity spending in North America, far outpaced by spending on security in other applications from finance to health care.
“The level of cybersecurity protection in agriculture is minimal to non-existent,” Dehghantanha said. “The agricultural sector is a soft underbelly from a cybersecurity point of view.”
To ensure on-farm security – and, ultimately, food security in Canada and abroad – he said farmers need to make sure their technology can ward off three main kinds of threats.
Threat 1: Ransomware
One threat comes from cybercriminals using ransomware to effectively lock up digital systems and demand a ransom payment from the producer.
Threat 2: Hackers stealing data
Another growing problem involves hackers stealing confidential information on anything from production rates to greenhouse temperatures to animal feeding schedules to supply chains. Those hackers then sell that data to clients, including competitors.
Threat 3: State-sponsored hackers
He said the most dangerous threat – and one that continues to grow – is posed by state-sponsored hackers aiming to help disrupt or control network systems. Interrupting farm supply chains, for instance, may mean farmers lose crops and ultimately lose time and money in replacing them. “Any disruption of infrastructure could cause disruption of the supply chain and affect food security.”
Worldwide, most cyber threat activity involves Chinese and Russian hackers, although he added that hacking has also been detected from North Korea and Iran.
His research group of digital investigators is called roughly once a month by farmers or security companies to help in tracing suspected cyberattacks on farming networks. He said he expects the number of calls to increase.
His group is developing techniques and procedures to detect, analyze and respond to cyberattacks on smart farming systems.
He said farmers need to practice “cyber hygiene” by updating systems, protecting private information and using authentication and password procedures. He urges producers to consider deploying cyberthreat monitoring systems available from various companies. And he suggests that producers build relationships with system vendors to ensure prompt response if problems occur.
“It’s too late if you search for a responder when you see a ransomware message,” Dehghantanha said.
He also hopes to alert legislators and government officials about the need for cybersecurity standards and regulations for the farming sector.
Dr. Ali Dehghantanha can be contacted at the University of Guelph at adehghan@uoguelph.ca.