Producers need to be vigilant in protecting their data and business information.
We are constantly thinking of threats to our farming operation — including droughts or floods, predators attacking livestock, wildfires and blizzards, and skyrocketing input costs and market volatility. However, we often do not think about threats that are not so easily observed.
Cybercriminals are out there, waiting to attack vulnerable farming and ranching businesses through technology. That was the frightening message from a press conference hosted by Nebraska Farm Bureau during Husker Harvest Days in September.
“Most of us don’t wake up in the morning thinking about cybersecurity threats,” said Mark McHargue, Nebraska Farm Bureau president. “We wonder if it rained, how are the crops and livestock doing, and how we can be more efficient. That’s what makes us great at production agriculture.”
He noted how much data is collected with the technology in the industry. “There are people out there who would like to see that data,” McHargue said. “That’s not only an ag issue or an issue with the production of food, but it also gets into food security and, ultimately, national security.”
Eugene Kowel, special agent with the FBI, told the audience that cybersecurity risks exist to farms, ranches and food processors, no matter where they live, and those risks are growing every day.
“Our food, how we grow it and process it is a key part of our country’s infrastructure,” Kowel said.
There are three main ways that cybercriminals can attack the ag industry, he explained.
“A ransomware attack is when a criminal element or nation state inserts malware on your systems or anything connected to a network, encrypts all of your data and keeps you from moving forward with your operation. And they won’t give your data back unless you pay an exorbitant ransom,” he said.
“A second way is through the theft of our data. We live our lives more and more connected to the digital highway, and that makes us vulnerable to foreign adversaries.”
He noted that the third way is the installation of malware into industrial control systems by adversarial states.
Attacks on uptick
“Cyberthreats are more pervasive and target a wider variety of victims,” Kowel said. “Over the past year, there has been a surge in ransomware attacks in the ag industry. Last year, there were six different attacks on grain cooperatives. Three of those were in our region. Some attacks hit production, and others hit administration. Another two grain cooperatives were hit earlier this year.
“We investigated those attacks. And we do believe these co-ops were targeted, and the attacks were purposely launched to coincide with planting season and harvest.”
How did they get in? It was through shared network resources or compromised managed service providers. In January 2021, Kowel said, there was a ransomware attack against a U.S. farm that contributed to the loss of nearly $9 million, because the attack shut down operations through administrative access.
“We expect these kinds of cyberattacks to continue,” he said. “Ag is increasingly reliant on technology, the use of wireless and precision ag technologies. It has made us better at production, but also more vulnerable to attacks.”
Farmers and ranchers often don’t have access to sophisticated resources to prevent these attacks, Kowel said. “The FBI is working hard to detect, disrupt and deter, because cybersecurity is national security,” he said. “Our FBI special agents are ready to help and remain vigilant, so if you become a victim of cyberattack, call us and we will come out to help, mitigate the attack, identify where it came from and get you back in business.”
Prevention
Don’t be an easy target, Kowel advised. “Install updates and patches to your systems as quickly as you can,” he said. “We all get these alerts and put them off. Don’t put them off. Update your systems. Update to multiple factor authentication to log into anything. Change your passwords.
“Be careful of any link you click on. Maintain backups on a hard drive so you can quickly get back up to speed if you are attacked. Have a cyber response plan, and call the FBI as quickly as you can if attacked. If we work together, we can protect your business.”
“We have to understand that people want your data,” Nebraska Attorney General Doug Peterson said. “They can monetize your data in so many ways. We appreciate the FBI. They are there to help as much as they can. We have to be as smart as we can to thwart attempts to get our data.”
Farms, ranches and agribusinesses have a duty and obligation to contact the Nebraska AG office if their data has been hacked, Peterson said. “We will evaluate the type of safeguards you have in place,” he added.
To learn more about implementing those safeguards, Peterson said producers can visit the AG website at protectthegoodlife.nebraska.gov. If there is a cyberattack, you also can contact the FBI at fbi.gov/investigate/cyber.
