Ransomware actors are targeting food and agriculture organizations, potentially disrupting business. Luckily, there are already formal structures in place to boost the IoT security defenses they need. Knowing them keeps the lifeblood of industrial farms and food delivery going. Businesses in the sector could “suffer significant financial loss,” the FBI said. That loss is “resulting from ransom payments, loss of productivity and remediation costs.” They could also lose customer trust along the way.

In mid-October, a dairy company suffered a ransomware attack that took down its systems. The attack jumped from the digital realm to disrupt plants and distribution centers. It took about a week to restore affected tasks. In September, a Minnesota-based farm supply and grain marketing cooperative suffered a ransomware attack, reported Threatpost. The incident knocked its website offline, infected its computer systems and disrupted daily production.

Ransomware actors struck another agriculture group around the same time, which affected the company’s devices and systems. In response, the group took its systems offline to contain the threat.

Which IoT Security Issues Harm This Sector?

According to the U.S. Department of Homeland Security, some of the most prevalent security issues in the food and agriculture sector can be sorted based on the Confidentiality, Integrity and Availability Triad. Let’s examine how below.

Confidentiality

Data confidentiality is essential to farms and other organizations that engage in precision agriculture. It also makes a big difference to those who use smart tech to increase crop output using fewer resources like water and fertilizer. Farmers need to protect their yield data, farming methods and other proprietary information to make a living. Imagine if someone steals that data through decision support systems. Or, what if it leaks out to third parties by mistake? Businesses could suffer a loss of trust that could threaten to close them down.

Integrity

Precision agriculture and ‘smart farming’ use data collection and analysis to help farmers make decisions about their work. What if a threat actor were to falsify this data? They could disrupt crops and livestock. That, in turn, undermines the food supply at the local, regional or national level. On the other hand, attackers could introduce rogue data into a sensor network to endanger crops and herds.

Availability

Much of the heavy equipment used in the farm and agriculture sector relies on embedded tools consisting of communication and guidance systems. If the networks used by that major farm equipment suffer disruption or if a smart livestock production facility fails, people might not be able to tend to their crops and livestock on a timely basis. Similar risks can arise from natural disasters such as earthquakes and fires.

Assess Devices to Improve IoT Security

The threats discussed above, along with their potential consequences, highlight how food and agriculture groups operate as critical infrastructure. And just like other critical infrastructure organizations, farms are struggling with Internet of Things (IoT) devices. Those products have introduced vulnerabilities into their networks, weaknesses that attackers can use to disrupt farming equipment and monitoring in such a way that interrupts harvesting and other mission-critical operations.

The University of Maryland (Baltimore County) used this premise to build a potential threat scenario involving a denial of service attack. The incident used IEEE 802.11 vulnerabilities to prevent sensor data from making its way to the remote cloud, thus disrupting sensors in the field. The researchers then expanded the attack from there to prevent devices from connecting to the network.

Understanding the Scope of These Threats

Not all food and agriculture businesses use smart technologies. As a result, the entire food chain isn’t at risk yet. But given the projections made about smart agriculture, that’s quickly changing.

Food production needs to speed up to keep up with a growing population. As noted by IEEE Spectrum, the global population will reach 8.5 billion people by the end of this decade, with the number of people affected by acute hunger climbing to 840 million. These figures, when coupled with the World Food Programme’s goal of zero hunger by 2030, mean that more farms might begin using smart farming tech in the near future.

Best IoT Security Practices for the Farm Sector

Farm and agriculture organizations can take several steps to defend themselves against the cybersecurity risks confronting them. They can do this by applying network segmentation to keep IoT devices separate from other parts of the network. That will help to limit the scope of an attack.

They can also focus on using both passwords and multi-factor authentication (MFA). Towards that end, security teams need to make sure they change the default password on an IoT device. They can also leverage MFA to protect access to those devices in the event that someone breaches their credentials.

Finally, use vulnerability management and penetration testing services. This will provide a way for infosec personnel to close known flaws affecting their devices. It will also give them a means of testing their existing defenses. With thorough defenses such as these, the global food chain will be more secure.

more from Incident Response

IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management

Organizations today are faced with defending a complex technology landscape — with cyberattacks targeted at constantly changing cloud, distributed, and on-premises environments. Often escaping security scans and periodic assessments, these changes represent windows of opportunities for attackers looking to bypass defenses. While there always have — and always will be — unknown risks, having a […]