Spotlight: Cybersecurity and Small Businesses – Farming

October 11, 2017
Categories: Cybersecurity

Farming may not be in the top three of technology-enabled industries, but its technology landscape is certainly changing. The sector is evolving and new applications have been developed with the potential to be beneficial to farmers. Sensors tell a farmer when to water crops and how much fertilizer to use and global positioning systems (GPS) on a tractor can help maximize the land for planting. But with this advent of ‘smart farms’ comes the risk of cyberattack. In our interconnected world, devices connected to a network can introduce risk into an enterprise. This technology in the farming context could include:

  • Sensors
  • GPS tracking
  • Satellite imagery
  • Automated irrigation and fertilization systems

As these devices are used, data is being generated and stored for analysis and use by the farmer. That data is transferred from the devices to a central program that can analyze the data and display it in an easy to understand manner to inform the farmer’s decisions. This transference of data from sensor to central network for analysis leaves that data open to attack if the network is compromised in any way. Many threats faced by farmers are the same as those faced by other small- and medium-sized businesses (SMBs) in other sectors. Phishing schemes via email and malware pose a threat for a farm’s network, as well as the threat of ransomware.

Many would not find much use for hordes of data regarding soil composition in a corn field, however government-authorized big data analytics could show the value of aggregating farm-level data to track and potentially anticipate crop availability and pricing. Individuals who steal or illicitly gain access to that data and its trends can aggregate it on their own to exploit agricultural resources or market trends.

The FBI and USDA issued joint notification in 2016 to raise awareness among farmers that their smart farms are at risk of being hacked. According to the FBI and USDA, the most important protection measure against the threats farmers face is to implement a vigorous data back-up and recovery plan. These back-ups should be kept in a separate and secure location so that malevolent actors can’t easily access them from local networks. Other recommendations from the FBI included:

  • Monitor employee logins that occur outside of normal business hours.
  • Use two-factor authentication for employee logins, especially remote logins.
  • Create a centralized Information Technology (IT) e-mail account for employees to report suspicious e-mails.
  • Provide regular training to remind and inform employees about current social engineering threats.
  • Monitor unusual traffic, especially over non-standard ports.
  • Monitor outgoing data, and be willing to block unknown IP addresses.
  • Close unused ports.
  • Utilize a Virtual Private Network (VPN) for remote login capability.

As farmers benefit from the utilization of technology in everything from almond groves to corn fields, the number of cybersecurity threats they face will grow. Those threats and the measures required to mitigate them will have to be balanced with the potential savings in resources and the increase in yield.