Cybersecurity in the agri-food industry

Updated on 22/08/2024
Autor
INCIBE (INCIBE)
Portada del blog La ciberseguridad en el sector agroalimentario

Today, the agri-food sector is considered one of the most important sectors, being a critical sector, since without its outputs the life of human beings could be considerably affected.

In addition, current problems, such as the lack of water and the increase in production costs, have led to increasingly automated and digital processes, making it possible to increase production efficiency, reduce water consumption and reduce costs.

To realize this digitization and automation of production processes, companies in the agri-food sector have to implement new devices, such as sensors, probes, routers, etc. This implementation brings many advantages, thanks to the connectivity provided by Industry 4.0, allowing to have a control of everything that happens in real time.

Sector exposure

The big problem with the implementation of these devices is the increased exposure to the outside world, which makes the chances of suffering a cyber-attack much higher. The following is an explanation in several points that will help to understand the real exposure of the agricultural sector to cyber-attacks:
 

  • This is a critical sector for society, which, coupled with the trend of cyber-attacks against the supply chain, makes it a prime target for cybercriminals.
  • The low cybersecurity maturity of this sector, such as the lack of procedures or policies, makes it more susceptible to attacks.
  • Its lack of adaptation to the continuous evolution of technology: it is a sector more focused on productivity and less on cybersecurity, such as, for example, unsecured inter-device communications, vulnerable device configurations or having more exposed services.
  • In this sector the companies that form it are mostly SMEs, micro SMEs and self-employed, which may cause that they do not have enough maturity in cybersecurity.

To provide context on the damage that the sector may suffer, different cyber-attacks on the agriculture sector are listed below:

  • Attack against a farm in the USA, in January 2021, which generated losses of approximately US$9 million, due to the temporary closure caused by a ransomware attack.
  • Attack against a food and agriculture company in the US in November 2022, preventing access to multiple systems due again to a ransomware attack.
  • Attack on an agricultural cooperative in Iowa in September 2021, leaving the company without computer networks used to maintain food supply chains and animal feeding schedules.
  • Attack against a U.S. distribution company in February 2023, causing losses of $10 million. This attack was a ransomware that gained access to the systems.
  • Attack on automated irrigation in northern Israel in April 2023. This attack resulted in crop losses and that the farm must perform manual irrigation.
  • Attack against John Deere tractors in August 2022. This attack focused on replacing the tractor software with a famous 1990's video game DOOM. The cyberattackers claimed to have done so to demonstrate their low cybersecurity capabilities to industry suppliers.
     

Protection

Although the points mentioned above may cause pessimism in this sector, there are different measures that can be adopted to counteract the damage that can be caused by a cyberattack or even prevent them from occurring. To this end, we will explain a series of points that will increase cybersecurity maturity in this sector.

  • The most important thing is people, since many cyber-attacks are caused by employee error, such as downloading a document from an inappropriate place, accessing a malicious link in an e-mail message, etc. In order to solve this problem, employee cybersecurity training and awareness is very important. For this purpose, training and awareness sessions can be held on the problems that a cyber-attack can entail and good practices on how they can be avoided.
  • Implementation of multifactor authentication, especially for accessing sensitive data or personal accounts.
  • Performing back-ups of the the company's most important devices and data to enable production to continue quickly and easily in the event of an incident.
  • The creation of cybersecurity policies and procedures will increase the maturity of the sector, providing employees with guidelines for action when faced with different processes or problems.
  • Updating devices, although in the industrial world and the IoT is more complicated, this practice reduces exposure to cyber-attacks since any vulnerabilities that may exist would be mitigated by the supplier.
  • Securing and hardening of devices is a very important aspect so that the devices already have basic security. This includes the elimination of unused services, the implementation of communication security methods, the closing of vulnerable or unused ports and the implementation of secure protocols. Likewise, the reduction of users, the management of roles and permissions and administrator accounts would also be associated with the hardening of the equipment.
  • Implement specific cybersecurity technologies and devices, such as firewalls, IDS, anti-virus, etc. All this will allow you to have greater visibility and control of all assets that can be introduced to your devices. In addition, external access management should be done through commonly accepted methods in the industry, such as a VPN or ZTNA. Wireless networks are also a point to take into account since their use can be exploited in an attack either by interfering in the signals, denying the use of the network, or intercepting the different credentials.
     

Conclusion

Although the ‘Threat Landscape 2023’ report published by ENISA, places the agri-food sector with 1% of reported cybersecurity incidents, we cannot forget that the sector is experiencing an increase in digitalisation due to the implementation of Industry 4.0 which, added to its low cybersecurity maturity, could arouse the interest of attackers. Therefore, it is crucial to monitor the evolution of threats and adapt cybersecurity strategies to the specific needs of the sector, thus mitigating risks effectively, in order to anticipate and be prepared.