The Rise of Tractor Hackers and Smart City Attackers
Welcome to the fourth post from Forcepoint's Future Insights series, which offers insights and predictions on cybersecurity that may become pressing concerns in 2022.
Here is the next post from Audra Simons, Senior Director of Global Products, G2CI:
Protecting the Family Farm
Have you thought about what happens to your food if the internet goes down?
By trying to remove the overhead of humans through automation, food producers and farmers have incidentally built their businesses on an increasingly frail system. Because of it, the internet might have more of an impact on your food supply than you think.
If the past few years taught us anything, it’s that the supply chain is fragile. Logistics were interrupted not only during rolling lockdowns but also as a result of a successful cyberattack on JBS, the world’s largest meat company.
The ransomware attack shut down meat processing plants in North America and Australia, forcing buyers to find other suppliers and causing concerns about retail pricing impacts worldwide. JBS supplies roughly 25 percent of the beef consumed in the U.S. alone, putting it and other major suppliers like Tyson squarely in the category of critical infrastructure. However, the industry isn’t held to the same standards as gas pipelines or the electricity grid.
The food and agriculture sectors are more digitized and automated than ever as companies find new ways to boost efficiency amid narrowing margins. Except, there are few mandatory cybersecurity laws in the industry and the U.S., it even disbanded its cybersecurity information sharing group over a decade ago.
Even though the JBS cyberattack didn’t have as detrimental an impact as hackers may have hoped, it showed that even the largest companies in this field are susceptible. Now, food production companies with fewer resources than giants like JBS – though carrying just as far-reaching an impact on food supply – are coming under fire from threat actors and going offline.
This is terrible news for an industry that faces a unique pressure point with ransomware; if systems can’t run, food supply for the greater population draws to a standstill.
As industries become more digital, the greater their exposure to threat actors grows. Harvesting faces a similar predicament to food production, with tractors now running more software than a modern car – allowing farmers to run them from an iPad while enjoying a cup of tea. Other previously manual activities have gone digital too:
The growing automation has given rise to precision agriculture and remote farming – but not without its drawbacks.
Ethical hackers showed Def Con hacking conference participants an overabundance of vulnerabilities in John Deere and Case New Holland systems – two popular agricultural equipment companies. The presentation claimed the vulnerabilities would effectively give threat actors control over the technology-powered equipment, whether through data logs or weaknesses in the operating systems themselves.
Given the heavy reliance on technology in food and agriculture, could we see hackers – whether they be ethical activists or other persons with malicious intent – bring tractors and food production across parts of the world to a screeching halt in 2022? If we do, unfortunately, we’ll also see large scale disruption of a supply chain that operates under a concise shelf life.
From Farm to Table
The threats that food production and farming industries face are driven partly by shortcomings in cybersecurity resourcing within these sectors. However, acknowledging the systemic problem still doesn’t answer the bigger question.
Why would hackers target agriculture?
There are a few different reasons.
- Nation states attempting to disrupt critical infrastructure through the food supply chain.
- Hacktivists trying to raise public awareness on environmental topics through deliberate disruption or data exfiltration.
- Financially motivated cybercriminals picking up low-hanging fruit.
There’s an emerging trend here: widespread disruption through one access point.
As we incorporate technology into more critical infrastructure, we’ll see the emergence of new technologies as high-value targets for cybercriminals."
We cannot look beyond the premise that increasingly moving into the digital world means that a global internet outage could conceivably bring down electricity, water and the food supply chain itself. It begs the question: are essential services like electricity, food and water becoming too smart for their own good?
We welcome automation and greater resource efficiency with open arms, but we can’t digitalize the world without a backup strategy in place for when that technology doesn’t work. We all have a responsibility to plan for going offline or outages. If we don’t consider the potential for widespread disruption, then getting from ‘farm to table’ may take a great deal longer than we expect.