It’s a startling statistic that if cyber crime was its own country, it would have the third largest economy after the U.S. and China. That’s how lucrative it is. And that’s why agriculture is the second-largest target, because farming and food is critical infrastructure. Cyber criminals know that there will be a payout to restore those agribusinesses. This the word from Special Agent Byron Franz with the Milwaukee Division of the FBI.
“It’s gotten worse because the attack surface continues to grow with the use on farms of internet devices in all segments of their work… to remotely operate machinery, to record things and all the software… can be under attack,” Franz says. “All segments of the food and agriculture sector, from farm to table, are actually targeted by cyber attacks. Ransomware is a deadly threat against everybody, including the small farmer.”
Even if we just look at headlines over the past few years. We saw cyber attacks on international commodity trading firms, national meat packers and regional grain cooperatives. So agriculture of any size and commodity is at risk. Physical threats also exist.
Franz gives examples of Mo Hailong, a Chinese national, who was sentenced to 36 months in prison for conspiracy to steal trade secrets after being spotted crawling through Iowa corn rows pocketing seed corn; and Haitao Xiang, who was indicted by a federal grand jury on one count of conspiracy to commit economic espionage, after attempting to steal an online field data platform from Monsanto.
Franz says that money is the primary motive for cyber attackers. But there’s more.
“There are countries and individuals that also seek, potentially, to target the United States through its critical infrastructures…. to actually turn off the switch, not only turning off the switch on power or water, but obviously disrupting the food supply or make people distrust it,” he says. “A cyber attack can disable that chain anywhere along the line in transportation, on the farm, or all the different devices that are used, all of which needs to be protected.”
But how can your average agribusiness set up these “cyber fortresses”? Franz says it starts with training employees to understand phishing — that’s phishing with a ‘ph’ — not the fun fishing that gets you out of the house.
“Anyone who has access to the network in a small business, including a farm, needs to be educated about the types of threats,” he says. Hackers use phishing, mass distributed emails, for example, an Amazon scam. Spear phishing are emails that are personally directed at you. In both of these cases, types of malware are included in the links and there is usually a sense of urgency.
But luckily there are several techniques for agribusinesses to use to protect themselves against cyber attacks such as phishing scams, ransomware or other hacks: multifactor authentication (strong password AND a thumb print AND a changing number on a token).
But when it comes to passwords, the FBI reminds us again to make sure those passwords are strong.
“Don’t make it your dog, your kid or something else. The first part of an attack is basically called a dictionary attack. That’s where they’re just using well known phrases and names and stuff really, really fast to see if they can compromise you,” he says. “Don’t make it that easy. You want to have a pass phrase or something that’s long and not easily guessable by the attacker.”
Leave a Reply