The adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities into an industry which had previously been highly mechanical in nature, according to the Department of Homeland Security.
Potential threats not fully understood
A research group visited and/or interviewed several large farms, and precision agriculture technology manufacturers located throughout the United States. “The group identified that the potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers,” says Homeland Security.
Text continues underneath image
Potential threats to precision agriculture are often not fully understood or are not being treated seriously enough by the front-line agriculture producers. - Photo: Hans Prinsen
Most of the information management/cyber threats facing precision agriculture’s embedded and digital tools are consistent with threat vectors in all other connected industries. Malicious actors are also generally the same: data theft, stealing resources, reputation loss, destruction of equipment, or gaining an improper financial advantage over a competitor.
Therefore, improper use of USB thumb drives, spear-phishing, and other malicious cyber-attacks, are readily available threat vectors for an attack; and the generally accepted mitigation techniques in other industries are largely sufficient for creating a successful defense-in-depth strategy for precision agriculture.
Precision agriculture is unique
Precision agriculture is unique, however, states the report. “Because it took a highly mechanical labor-intensive industry and connected it online, dramatically increasing the attack space available to threat actors. Due to this, otherwise common threats may have unique and far-reaching consequences on the agricultural industry.”
Text continues underneath image
Major farm equipment is, a system of systems, relying on complex embedded tools, and a sophisticated suite of communication and guidance systems.
The project uncovered potential threats to the crop and livestock sectors using the Confidentiality, Integrity, and Availability model of information security. “These threats have a potential impact to agriculture resiliency to withstand new types of disruptions which did not previously exist, or dramatically scale up the impact of legacy threats.”
Threats to Confidentiality
Data privacy is a top concern when implementing precision agriculture. Farmers are very protective of their information, such as yield data, land prices, and herd health. Loss or misuse of the data can have dramatic financial and emotional impacts on farmers. There is also a potential reputational loss for equipment and software manufacturers. Four unique threats were identified under the confidentiality standard.
Intentional theft of data collected through decision support systems (DSS) or the unintentional leakage of data to third parties.
Intentional publishing of confidential information from within the industry such as from a supplier to damage the company or cause chaos.
Foreign access to unmanned aerial system (UAS) data.
Unscrupulous sale of confidential data.
Threats to Integrity
Precision agriculture has aggressively moved into “smart farming” with the introduction of massive sensor nets being built in the crop and livestock sectors. Data collection and exploitation is a valuable tool assisting in real-time farming and livestock decisions. As precision agriculture increasingly adopts equipment automation, robotics, machine learning, and edge computing, threats to data integrity are manifesting in ways never contemplated in the agriculture sector.
Intentional falsification of data to disrupt crop or livestock sectors
Introduction of rogue data into a sensor network which damages a crop or herd
Insufficiently vetted machine learning modeling
Threats to Availability
Farming and livestock operations are heavily equipment reliant. Major farm equipment is, a system of systems, relying on complex embedded tools, and a sophisticated suite of communication and guidance systems. Threats to equipment availability manifest from both cyber-related issues, and natural disasters. What became evident was the impact to equipment loss is very uneven and is heavily timing dependent.
Timing of equipment availability
Disruption to positioning, navigation, and timing (PNT) systems – space based
Disruption to PNT systems – ground based
Disruption to communication networks
Foreign supply chain access to equipment used in precision agriculture
Smart livestock production facility failure
Key Controls
While the threats to precision agriculture technologies are unique, the baseline security controls necessary to mitigate these threats are consistent with security controls in other industries.
Implement Email and Web Browser Protections
Limit and Control Network Ports, Protocols, and Services
Inventory and Control Hardware Assets
Inventory and Control Software Assets
Account Monitoring and Control
Separate Operational Technologies and Business Operations
Many of the key threats to precision agriculture relate to data security issues are not completely addressed by the above controls. Farmers may benefit from adopting some data security controls.
Data Recovery Capabilities
Data Protection
Understanding Data Ownership
As precision agriculture companies increasingly face technological threats, developing various controls such as incident response and physical security would provide deterrence.
Incident Response and Management
Implement Physical Controls
