CFISA CEO Michael Levin Guest Blog Article from F5 can be found here
The sight of empty supermarket shelves during the COVID-19 pandemic brought home the fragility of our food supply chain. We can all see the importance of ensuring the security of the farming and agriculture industry. However, farming is becoming increasingly automated. This means new cybersecurity risks are emerging to stand alongside traditional risks like the weather and pests. Beyond our farmers, technologists and policymakers also need to recognize and address this risk.
Agriculture, like every other industry, is being digitally transformed. The rise of precision agriculture leverages technology to ensure that crops and soil receive precisely what they need for ideal health. Precision agriculture relies on mobile apps, smart sensors, drones, and cloud computing solutions. This change is happening across the entire farming industry, regardless of size.
Precision agriculture includes three common platform types—stationary, aerial, and ground-based mobile—which all rely on IoT tied to APIs. The sensor and robotic IoT devices constantly exchange data via APIs across the Internet, which provides greater freedom to communicate and manage complex agriculture systems. But it also expands the attack surface and exposes many cybersecurity entry points.
These precision agriculture devices and sensors are like other IoT devices, such as smartphones, fitness bands, vehicles, appliances, and even connected medical devices. We have already seen massive security failures in IoT devices in critical infrastructure, such as the cellular gateways emergency responders use. We also have seen IoT devices subverted into massive botnets used for DDoS attacks and credential stuffing. Unless steps are taken, we will see more of these security troubles, but with precision agriculture.
The risk to the farming industry when using precision agriculture solutions could include:
To meet these risks, cybersecurity best practices must be in place to safely implement all technology solutions in farming.1 However, as our recent food-security wake-up call drove home, the greatest impact of a cybersecurity event in precision agriculture would be disruption to our society’s food supply, which would have repercussions far beyond any one business or demographic.
Cybersecurity experts have documented the rapid increase in cybercrime during the COVID-19 pandemic. All organizations are now operating in an environment of elevated risk and uncertainty. Despite numerous warnings from security experts (including F5 Labs’ work on IoT security), the proliferation of poorly secured IoT devices continues. Cybercriminals know this and are constantly sweeping the Internet for SSH and Telnet login pages that use default credentials. SSH and Telnet are common administrative interfaces for IoT devices, and quite often they have weak or no authentication configured. Without basic protections, attackers can harvest IoT devices at will with almost zero effort.
For all the advantages that precision agriculture offers, the potential for mass disruption is also enormous. The likelihood of unsecured devices being located and compromised is certain. The impact is potentially catastrophic. Without proper cybersecurity on the IoT interfaces for the physical devices and sensors precision agriculture uses, data could be easily lost or stolen, the food supply could be disrupted, or human lives could be placed at risk.
When you enable a new sensor or device, take a few minutes to understand all the different ways these devices connect to your network and the Internet. Adhere to the following guidance to protect yourself and your systems:
Every industry that has embraced the growing capabilities of the Internet has eventually needed to reckon with the potential for anyone, anywhere to interfere and subvert their systems. Now it is time for agriculture to confront this reality as well. As farming is one of the most critical components of any society, we must make security part of our business acumen and consider it just as important as anything else we do to make our business successful.
If you do not have an employee who can successfully make cybersecurity part of the daily work duties, consider hiring a well-qualified vendor to serve in this role. Many farming executives wait until after a cybersecurity breach hits to resolve security vulnerabilities. Get proactive with security best practices so you can sleep at night.
If you have been using the same “evil empire” phishing testing and snippet training for…
The Health Insurance Portability and Accountability Act (HIPAA) serves as a critical safeguard for the…
Developing the necessary skills is essential in the rapidly changing field of cyber security to…
In an era where digital threats are ever evolving and becoming more sophisticated, staying informed…
As our work environments change, many employees now work from home as well as going…
In the ever-changing landscape of cybersecurity threats, criminal groups like BlackCat and ALPHV pose a…