The FBI and Department of Agriculture have issued a Private Industry Notification to increase awareness among farmers that growing reliance on precision agriculture technology, aka “smart farming,” brings increased vulnerability to cyberattacks. While the notification did not suggest attackers could gain control of physical machinery, unauthorized access to farm-level data regarding crop availability and pricing could be used to exploit US agriculture resources and market trends. Earlier this year, for example, the USDA and Microsoft hosted a worldwide competition to design data visualization tools that will allow farms to make sustainable and efficient decisions that may impact the global food supply, based on the information gathered by “smart farm” sensors, Drones and other technologies to measure factors contributing to crop growth. In addition to market manipulation, such data may be vulnerable to ransomware and wholesale destruction by hacktivists “to protest, for example, the use of genetically-modified organisms (GMOs) or pesticides.”
The Private Industry Notification provided guidance in protecting this important data, explaining: “The single most important production measure against these threats is to implement a robust data back-up and recovery plan…maintained in a separate and secure location.” The notification provided a number of additional recommendations to mitigate computer intrusion threats:
- Monitor employee logins that occur outside of normal business hours.
- Use two-factor authentication for employee logins, especially remote logins.
- Create a centralized Information Technology e-mail account for employees to report suspicious e-mails.
- Provide regular training to remind and inform employees about current social engineering threats.
- Monitor unusual traffic, especially over non-standard ports.
- Monitor outgoing data, and be willing to block unknown IP addresses.
- Close unused ports.
- Utilize a Virtual Private Network (VPN) for remote login capability
As an increasing number of “things” operate via connection to the internet, business owners in all sectors must take steps to protect all data, including information gathered and maintained down on the farm.