It sounds like international intrigue or the basis for an episode of your favorite true crime show. But the fact is, cyberattacks are real on farms and ranches, and they are hitting agriculture with increased rapidity.
How can farmers and agribusiness owners protect themselves and their businesses from cyberattacks? Where are these attacks coming from? What are the main methods in preventing attacks, or at least curbing their frequency? What do you do if your operation is a victim of a cyberattack?
These are questions facing the ag industry. FBI Special Agent Eugene Kowel from the Omaha, Neb., field office spoke to farmers a few years ago at a Nebraska Farm Bureau press conference at Husker Harvest Days. He also has led the way in FBI Agriculture Threats symposiums in Nebraska, talking about these issues, the threat of cyberattacks and effects on the ag industry, and measures to safeguard our nation’s crucial food infrastructure.
The Farm Progress podcast “FP Next,” powered by John Deere, set out to answer farmer questions about cybersecurity in a recent “Deep Dive” episode visit with Kowel.
Burning questions
Gleaned from the podcast, here are some of the questions Kowel answered, giving insights into ways farmers can protect their operations.
Why should farmers and ranchers be concerned about cybersecurity?
We think that in Nebraska, California, Georgia and all points in between, the cyber threat to our farms, ranches, our food-processing facilities, it’s just growing exponentially. A big reason for that is our movement to precision agriculture. American farmers and ranchers are the most productive and efficient in the world, and a lot of that is because of our reliance on data and technology. But it also creates a very “attack-rich surface” for criminal actors in this cyber arena.
The average farmer uploads about 500,000 points of data to the data cloud every day. And that’s only going to grow. It is a target that our cyber adversaries have hit and will continue to try to hit. We all know in agriculture that time is everything. Whether it’s during times of harvest or planting, the ability to grow our foods, feed and biofuels is dependent upon critical timing. And if a cyber adversary can create a ransomware attack or steal our data during that time, it can be extremely damaging.
What can farmers and agribusinesses do to at least reduce the risk of cyberattacks on their operations?
The first thing to do is to listen to podcasts like this to generate awareness that this is a real issue. It doesn’t matter if you are a huge producer with hundreds of employees or a small producer with just a few employees, what these cyber adversaries will look for is how many devices you have connected to the network. To protect your farm, there are several things you can do.
8 things
Update your software. You know how we get notifications on our phones or our devices that we need an update? Often, the reason we’re getting those reminders is because someone somewhere has identified a security issue, and we need to patch our device. So anytime you get any update for your software, piece of ag equipment or personal devices, be sure to do that.
AG THREATS: FBI Special Agent Eugene Kowel spoke at a Farm Bureau press conference a couple of years ago at Husker Harvest Days, discussing the cyber threats to farms, ranches and ag industries in the state and region. He also has been instrumental in developing FDA Agriculture Threats symposiums covering these difficult topics. (Curt Arens)
Use unique passwords. I know this is hard to do, but don’t use weak passwords. Come up with hard passwords, and don’t use default passwords. A password should include a combination of random letters, numbers and symbols. And you need to use different passwords for different things, because once a password is discovered, it often gets posted on the dark web and sold. Other people will try to use it to get into other accounts. Use a password keeper. Nothing is 100%, but you can use a password keeper to store complex passwords, and you don’t have to remember each one.
Use multifactor authentication for as many of your devices as possible. It just means that any time you log in, try to use a system where there is more than one way to log in; not just a password, but a password plus a text message to your phone or a password plus a fingerprint. Whatever it is, it should be more than one thing.
Back up your files. A lot of what criminals will do is hold your data for ransom. If you don’t have backups of data not connected to the network, you will be in a real pinch, and you will feel a lot of business pressure to either pay a ransom or suffer a big loss. Also, maintain backups that encrypt any sensitive data.
Be on the watch. Don’t take the bait. If you get a text message or emails from people you don’t know, or an offer seems too good to be true or imposes some kind of urgency, be careful and take a minute. Stop and think. Find some way to corroborate the message to see where it came from. If it comes from your bank, for instance, don’t respond to that email. Call your bank to see if it is from them. A lot of the way this works is if cyber criminals can get you to click on a link, a text message or an email, they can download malware to your phone, to your computers or to your devices.
Have segmented networks. Don’t have all of your networks connected so that once someone is in your network, they have access to everything. Try to break that up.
Be careful any time you connect to a public Wi-Fi network. If it’s a public network, it is very easy for people to see your traffic back and forth. If you must use public Wi-Fi, then use VPN or some other tool to hide your traffic.
Have a response plan. Be prepared for the fact that you will get hit and how you will respond. Do you know how to get backups in place? Do you know where your local FBI office is and how to contact it? Do you know how to report this? Be prepared.
Taking these little steps every day can save folks a lot of heartache later on.
A couple of years ago, several grain coopers were hit in our region. Some had to halt operations until they could get back into business. A livestock producer in our area was hit by a ransomware attack. These attacks are happening. We don’t always hear about them, but they are happening.
Call the FBI
If you are hit by ransomware, call your local FBI office and report it. The FBI will be there to help. We have cyber-trained agents and analysts throughout the country. You can contact the FBI at fbi.gov.
To listen to the entire podcast with Kowel and other episodes of “FP Next,” visit farmprogress.com/program/fp-next.
About the Author
You May Also Like