Cybersecurity Threats to Precision Ag10/24/2018
One of the most common questions I am asked when speaking about ag data privacy issues is: Why would an outsider want to breach my ag data? The Department of Homeland Security (DHS) just released a report addressing this question: Threats to Precision Agriculture. This post summarizes the DHS’s findings when analyzing this same question.
Although cybersecurity issues are similar across many industries, the DHS report says ag technology is also unique because agriculture is traditionally a highly mechanical, labor-intensive industry which is now moving control to cloud based-platforms.
The DHS report outlines three bedrock principles for information security: Confidentiality, Integrity, and Availability. Although we often think of nefarious outsiders (i.e. terrorism) as the main concern to data security, the DHS report explains that threats can come from carelessness, disgruntled employees, or an outsider. The damage could be the same, regardless of where the threat arose.
Threats to confidentiality are a problem for farmers, agribusinesses, equipment and software manufacturers. The report explains that the explosion of data support systems (DSS) and farm management information systems (FMIS) has created a new threat to confidentiality for on-farm data. Many companies and universities outsource programming and don’t regularly provide updates and patching. Privacy controls, user agreements, and system update procedures are “haphazard at best.” A breach of data could destroy customer trust or be used against farmers on the commodity markets.
Threats to data integrity are a new problem created by increased adoption of precision agriculture tools. DHS reports that integrity could be compromised by “introduction of rogue data” into existing networks, creating disruption of systems, such as faulty sensors that monitor a poultry building. Additionally, the report states that insufficiently modeled algorithms could create “false predictive models.”
The third concern surrounds availability. The report worries that standardized equipment might be disrupted across a wide spectrum, creating a large problem for a time-sensitive food supply chain. DHS also worries that “smart livestock facilities” could be victims of malicious cyber actors, causing software failures and killing thousands of animals or causing major reputational damage to entire industries.
I have three takeaways from DHS’s findings. First, the report confirms my suspicion that confidentiality of ag data is a present-day, real risk for farmers. Second, cyber threats to farms and livestock facilities can arise not just from intentional, malicious conduct, but also from negligence caused by company employees. Many companies don’t appreciate this. Either way, the damage can be equally bad. Finally, many of the cybersecurity concerns can be mitigated by avoiding one-size-fits-all solutions to problems. The report provides an example of how a bad patch uploaded to corn planters might render them all unusable during the narrow corn planting window, but this is only true if all farmers used the same planter. We are light years from that happening, but its another reminder why monopolies are bad and competition is good for agriculture.
Source: Todd Janzen, Janzen Ag Law