FBI Cyber Bulletin: Smart Farming May Increase Cyber Targeting Against US Food and Agriculture Sector

The FBI and the US Department of Agriculture (USDA) assess the Food and Agriculture (FA) Sector is increasingly vulnerable to cyber attacks as farmers become more reliant on digitized data. While precision agriculture technology (a.k.a. smart farming)a reduces farming costs and increases crop yields, farmers need to be aware of and understand the associated cyber risks to their data and ensure that companies entrusted to manage their data, including digital management tool and application developers and cloud service providers, develop adequate cybersecurity and breach response plans.

Threat

The FBI and USDA assess the farming industry’s growing adoption of precision agriculture technology may increase cyber targeting activity against the FA Sector with the intent to steal farm-level data in bulk. A recent example of government-authorized big data analytics demonstrates the value of aggregating farm-level data to track and even anticipate crop availability and pricing. Similarly, criminals could aggregate stolen data or steal analyzed data to exploit US agriculture resources and market trends.

The Wall Street Journal in March 2014 reported concerns that the FA Sector will face increased cyber targeting with the growing adoption of equipment and services that collect and analyze farm-level data, including information about soil content and past crop yields as well as planting recommendations (i.e., precision agriculture).

On 27 January 2016, the USDA announced the winners of a contest in which Microsoft hosted a century of public climate and crop data for competitors worldwide to design data visualization tools for farmers. For example, the winning tool allows users to follow trends in local crop availability and prices. The intent of the contest was to explore how to render big data in agriculture into a tool that allows farmers to make sustainable decisions that have an impact on food supply.

Other Potential Cyber Risks to Farm-Level Data

In addition to theft, farm-level data may also be vulnerable to ransomware and data destruction. Ransomware has become a significant threat to US businesses and individuals. Perpetrators use ransomware to encrypt a user’s important files, rendering them unreadable until a ransom is paid. Hacktivists may also destroy data to protest, for example, the use of genetically-modified organisms (GMOs) or pesticides.

The single most important protection measure against these threats is to implement a robust data back-up and recovery plan. Back-ups should be maintained in a separate and secure location so that malicious actors cannot readily access them from local networks.

Lessons from the Healthcare and Public Health (HPH) Sector

In October 2014, the US Food and Drug Administration (FDA) sponsored a public workshop to discuss the cybersecurity challenges facing the HPH Sector. With regard to medical device manufacturing, expert panelists discussed how hospitals’ financial constraints and focus on patient safety and convenience have resulted in the improper use of legacy devices and a high demand for user-friendly, interoperable devices. This industry pressure has resulted in manufacturers prioritizing usability over security, thereby rendering connected hospital networks vulnerable to cyber attacks. Panelists discussed how industry leaders’ procurement demands—or “market pressures”—for manufacturers to prioritize device cybersecurity very likely are the key to ensuring cybersecurity standards are raised for medical devices overall.

Source: Capital Reporting Company; “Public Workshop: Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Tuesday, October 21, 2014”; 15 December 2014; http://www.fda.gov/downloads/MedicalDevices/NewsEvents/WorkshopsConferences/UCM426854.pdf; accessed on 9 March 2016; Transcript for the first day of the FDA-sponsored public workshop on medical device and healthcare cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>