Tackling Cybersecurity in the US Agri-food Sector

Climate change is a growing concern for farmers and food producers around the world. In the US, farmers can expect to see an increase in rainfall, leading to soil degradation and nutrient loss. To manage food security, farmers have turned to technology to enhance agricultural methods and improve the efficiency of production. 

As the sector moves to embrace technology and develop smart farms, small-scale and commercial farmers are increasingly deploying GPS, robotics, IoT, and cloud-connected devices. The inclusion of AI-driven tools has been widely adopted and deployed to improve the efficiency of farms, but this is a double-edged sword. The widespread use of technology also leaves the agriculture sector vulnerable to cyberattacks. 

Reports indicate that ransomware attacks are a major threat to the industry, contributing to more than half of all cyberattacks in the sector. With a vast network of suppliers, hackers have various entry points, and farmers will need to balance innovation against cybersecurity. 

Understanding Cyber Risks in the Agri-food Industry

Farmers, ranchers, and food producers typically have extensive supply chain networks. With multiple third-party vendors within their network, threat actors have various potential entry points and backdoors to target systems within an agricultural network. Typically, these vendors do not have the same level of security standards, which provides hackers with easy access to accounts. 

One of the key reasons hackers choose to target farmers and food production companies is because of the widespread disruption it can cause, as well as the easy nature of targeting these businesses. By disrupting the production of food, hackers can hold companies at ransom, compromise their reputations, and gain access to sensitive information. 

With the increased adoption of technology and the interconnected supply chain, the industry is especially susceptible to ransomware attacks. According to Cory Brandolini, the co-founder of Railtown, an AI solutions provider, the automation of farming operations has created fertile ground for cyberattacks.

In his experience, there’s been a stark increase in “robotic systems managing farms, automated feeding systems for livestock, and even AI-based optimization tools to improve crop yields. But all this automation brings significant cyber risk if Infrastructure leaks or Personal Identifiable Information leaks within the underlying software that are not constantly protected. Imagine if a hacker could tamper with the feeding schedules for livestock or the storage temperatures for perishable goods; that’s not just an inconvenience, that could lead to massive financial losses and food scarcity.”

Typically, hackers will try to breach industrial control systems, which would allow them to remotely control temperature sensors, manipulate ingredient lists, and even allergen labels. These actions have potentially devastating impacts and could put customers at risk while significantly disrupting operations. 

The Impact of Agri-food Cyberattacks 

Hackers can create widespread disruption when they target food producers and farmers. One of the key risks to companies that sell food is spoilage. Threat actors use this knowledge to their advantage by holding companies at ransom, knowing they’re more likely to pay rather than risk losing produce. 

“Any downtime caused by an attack could lead to a chain reaction of delays, potentially causing late planting or harvesting windows,” says a report from the Food and Agriculture-Information Sharing and Analysis Center. 

An Iowa-based grain cooperative called NEW Cooperative faced a ransomware attack by a hacking group called BlackMatter in September. The hacking group demanded a total of $5.9 million in ransom when they infiltrated the cooperative’s supply chain network. 

Just one month later Wisconsin’s dairy supply was impacted by a cyberattack on Schreiber Foods. Hackers once again demanded a ransom to the tune of $2.5 million in exchange for returning control of the manufacturer’s IT systems. During the attack, operations came to a halt for five days, affecting the State’s milk supply. 

The prevalence of these attacks continues to rise, with approximately 40 cases reported in the US agri-food sector in the first quarter of 2024. However, these incidents are not limited to the States. In Switzerland, a ransomware attack on a small-scale dairy farm targeted the milking robot and impaired the data collection systems. This resulted in a loss of information on the cows’ health and vitals, resulting in the death of a pregnant cow, and severely impacting the farm financially. 

Cybercriminals are taking advantage of the numerous loopholes and entry points in the agricultural tech ecosystems. They know the supply chains are vulnerable, and that food producers are eager to pay ransoms to get operations up and running as quickly as possible. 

Combating Cyber Risks in the Sector

What is clear is that the industry is overwhelmed by these attacks, and much still needs to be done to prepare commercial and small-scale farmers to combat the threats cyberattacks pose. Farming is wrought with overheads, and the lack of investment in cybersecurity is one of the key reasons hackers continue to target this industry. 

In the UK, for example, the hospitality and food industry was found to contribute the least toward investment in cybersecurity, averaging approximately £1,080 annually. In comparison, the top spender in the country is the finance and insurance sector, which spends about £22,050. The same is true of the US. 

The US Department of Agriculture has recognized the challenges in the sector and worked closely with government agencies to introduce the Farm, Food, and National Security Act of 2024. Under this bill, the Secretary of Agriculture is mandated to assess cybersecurity risks and deploy part of the $1.5 trillion package to assist food producers in procuring adequate cybersecurity tools. 

AI is another solution that has come to the fore with its ability to quickly scan for vulnerabilities in the vast supply chain ecosystem and proactively deal with emerging threats. By deploying AI-driven security systems, farmers can rely on these tools to assess risks in third-party systems and respond in real time by eliminating backdoor entry and strengthening weaknesses. 

According to Brandolini, the industry “cannot afford to wait for another major cyberattack before taking action. AI offers the food industry a way to not only protect itself from current threats but also to future-proof its operations.”

Conclusion

Food insecurity is a major challenge for countries around the world, and farmers and food producers are working hard to ensure supply meets demand. To enhance operations, smart farming has come to the fore and both small scale and commercial farmers have adopted technology to improve crop yields, minimize disease among livestock, and improve irrigation. 

While technology has enabled significant advancements, it also presents new vulnerabilities. The industry must take a proactive approach to cybersecurity by investing in secure infrastructure, enforcing strict security protocols, and fostering collaboration between public and private sectors. The future of food security depends on it.