Cyber Threats Targeting Food and Agriculture Sector (FA) and Cyber Security

Rajesh Uppal February 20, 2023 BioScience, Cyber Comments Off on Cyber Threats Targeting Food and Agriculture Sector (FA) and Cyber Security 174 Views

Throughout much of the world, food and beverage safety and security is a high priority. Concomitantly, the economics, societal robustness, and security implications of agriculture, foodstuffs and beverages are massive. Extensive quality measures are in place to prevent and mitigate threats from manifesting; outbreak and contamination detection and response systems react when problems are noticed. Packaging and labeling methodology have also been improved.

However, agriculture and consumables in many countries rely on cyber-enabled systems for many aspects of farm management, production-to-consumption, raw materials to finished product, and logistics (Security Security DoH., 2018). Farmers are adopting precision agriculture, using data collected by GPS, satellite imagery, internet-connected sensors and other technologies to farm more efficiently. While these practices could help increase crop yields and reduce costs, the technology behind the practices is creating opportunities for extremists, terrorists and adversarial governments to attack farming machinery, with the aim of disrupting food production.

Therefore health of agriculture and food systems is vulnerable to cyber-attacks. Vulnerable critical links and nodes exist throughout this highly complex global and national ecosystem; which requires cybersecurity measures. The integration of technologies into farm equipment, from GPS-guided tractors to artificial intelligence, potentially increases the ability of hackers to attack this equipment.

In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer, and logistics services, which are critical during the spring planting season. Between 15 September and 6 October 2021, six grain cooperatives experienced ransomware attacks. A variety of ransomware variants were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had to completely halt production while others lost administrative functions.

In 2021 a ransomware attack forced a fifth of the beef processing plants in the U.S. to shut down, with one company paying nearly $11 million to cybercriminals. REvil, a Russia-based group, claimed responsibility for the attack. Similarly, a grain storage cooperative in Iowa was targeted by a Russian-speaking group called BlackMatter, who claimed that they had stolen data from the cooperative. While previous attacks have targeted larger companies and cooperatives and aimed to extort the victims for money, individual farms could be at risk, too.

For example, an attacker could look to exploit vulnerabilities within fertilizer application technologies, which could result in a farmer unwittingly applying too much or too little nitrogen fertilizer to a particular crop. A farmer could then end up with either a below-expected harvest, or a field that has been over fertilized, resulting in waste and long-term environmental ramifications.

A 2018 Department of Homeland Security report that surveyed precision agriculture farmers throughout the U.S. found that many did not fully understand the cyberthreats introduced by precision agriculture, nor did they take these cyber-risks seriously enough.

In April 2022, The Federal Bureau of Investigation (FBI) informed Food and Agriculture (FA) sector partners
that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain. The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.

Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production. Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable.

A significant disruption of grain production could impact the entire food chain, since grain is not only consumed by humans but also used for animal feed. In addition, a significant disruption of grain and corn production could impact commodities trading and stocks. An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed.

FBI Recommendations

Cyber threat actors will continue to exploit network, system, and application vulnerabilities within the FA sector. The following steps can be implemented to mitigate the threat and protect against ransomware attacks.
 Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
 Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
 Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary.
 Implement network segmentation.
 Install updates/patch operating systems, software, and firmware as soon as they are released.
 Use multifactor authentication where possible.
 Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong pass phrases where possible.
 Disable unused remote access/RDP ports and monitor remote access/RDP logs.
 Require administrator credentials to install software.
 Audit user accounts with administrative or elevated privileges, and configure access controls with least privilege in mind.
 Install and regularly update anti-virus and anti-malware software on all hosts.
 Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).
 Consider adding an email banner to messages coming from outside your organizations.
 Disable hyperlinks in received emails.
 Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).

Security Testbed for Agricultural Vehicles and Environments, or STAVE

Research led by a cybersecurity professor at the University of Nebraska at Omaha (UNO) is taking aim at hackers and cyber criminals who may target the agricultural industry in Nebraska and beyond — from farmers in the fields to largescale agricultural facilities.

Fighting cyberthreats that could impact Nebraska’s farmers and agricultural industries begins with identifying vulnerabilities in systems and machinery. However, researching vulnerabilities can be cost prohibitive and logistically challenging given the size of machinery involved.

That’s where STAVE comes in. George Grispos, Ph.D., assistant professor of cybersecurity at UNO, in collaboration with researchers at the University of Nebraska-Lincoln (UNL), built the Security Testbed for Agricultural Vehicles and Environments, or STAVE, as a way to shrink agricultural systems down to a more manageable level.

“As more machinery offer online capabilities such as mapping and automated steering, any equipment from tractors and combines to trailers hauling expensive fertilizers and chemicals could be targeted by attackers,” Grispos said. “Our research provides a framework for future cybersecurity research at a manageable scale, enabling us to close any doors left open for attackers and ultimately keeping the state’s agricultural workforce moving.”

Grispos collaborated with Santosh Pitla, Ph.D., Cody Stolle, Ph.D., and Mark Freyhof at UNL on this project. STAVE is based on Flex-Ro, an autonomous agricultural robot developed by Pitla and his team in the Department of Biological Systems Engineering at the University of Nebraska-Lincoln. The testbed includes electronic components common in farm machinery combined with consumer electronics like Raspberry Pi microcomputers. These components are mounted to a board and connected to a laptop, allowing Grispos and his colleagues to emulate larger machinery and systems.

Testbeds like these are common in the automotive and heating, ventilation, and air conditioning (HVAC) industries. However, researchers believe STAVE is the first such testbed implementation to be used for agricultural purposes.

Worst case scenario, Grispos mentioned, could be a malicious actor taking full control of large machinery, particularly if it’s carrying dangerous chemicals, in a highly populated area or along a busy road.

Researchers hope that STAVE leads to identification of vulnerabilities that can later be patched as well as more testbeds on other machinery in the future.