The food and agriculture sector governs our daily activities and quality of life, yet it has been rendered invisible in most Americans’ daily discussions and considerations. Like gravity and air, the sector is considered constant. Unfortunately, that false certainty could lead to significant quantifiable risk as the sector becomes continuously under-prioritized and its cyber and physical security is relegated to an afterthought. The US Food and Agriculture sector is often forgotten when discussing critical infrastructure despite accounting for approximately 4 percent of global GDP and consisting of an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities  . Just because US farms are ignored by the zeitgeist’s perception of bleeding-edge technology does not mean that the sector is not currently undergoing a critical phase of modernization and digital transformation. Agriculture 3.0 and 4.0 will depend on securing small to medium-sized operators as much as large-scale commercial farms against disruptive cyberattacks. Ignoring the security concerns surrounding the integration of IoT and internet-enabled systems into Food and Agriculture infrastructure could lead to crippling attacks, devastating shortages, and debilitating inflation.
Digital Transformation on the Horizon
The US Food and Agriculture sector is painstakingly undergoing the digital transformation necessary to meet the modern demands of domestic and international consumers. The recent shift is driven by customer expectations of quality and availability, sustainability, supply chain transparency and traceability, logistics optimization, and other key factors that maximize yield and revenue. Though there is some disparity in the application of the terminology, we are currently experiencing Agriculture 3.0, characterized by the adoption of remote sensors, a reliance on cloud connectivity, a rapid transition towards automation, and the incorporation of real-time variable rate technologies. Data is collected, analyzed, and monitored at each stage of the growth, processing, and transportation cycle. Mission-critical operations are governed by machine learning optimization algorithms that incrementally maximize revenue with each micro-decision.
According to the World Government Summit report, ‘Agriculture 4.0 – The Future of Farming Technology‘, the onset of Agriculture 4.0 is expected around 2030. Success can be gauged according to Demographics, Scarcity of natural resources, Climate change, and Food waste. They assert that “Agriculture 4.0 will no longer depend on applying water, fertilizers, and pesticides uniformly across entire fields. Instead, farmers will use the minimum quantities required and target very specific areas.” The report further states that “farms and agricultural operations will have to be run very differently, primarily due to advancements in technology such as sensors, devices, machines, and information technology. Future agriculture will use sophisticated technologies such as robots, temperature and moisture sensors, aerial images, and GPS technology. These advanced devices and precision agriculture and robotic systems will allow farms to be more profitable, efficient, safe, and environmentally friendly.”
Achieving the technological goals of Agriculture 4.0 is essential because, according to the World Government Summit’s estimation, by 2050, we will need to produce around 70 percent more food at roughly the same or less expected cost and revenue . The metrics above indicate that future needs can only be met through a greater focus on automation and precision agriculture.
As we continue towards Agriculture 4.0, the sector is likely to adopt autonomous systems and artificial intelligence further, incorporate blockchain solutions, and improve system redundancy and resilience; however, progress is currently limited by technological developments and rural access to highspeed broadband, 5G, and LEO satellite internet.
Disruption Jeopardizes the Food-to-Table Spectrum
Attacks against agriculture stakeholders of all sizes have annually increased since 2018 in proportion to the digital transformation and modernization of the sector. In Information Security, risk can often be quantified according to scenarios and impacts against mission-critical assets’ confidentiality, availability, and integrity. In 2018 the US Department of Homeland Security released a 25-page report to raise awareness of ‘Threats to Precision Agriculture,’ which designated the top threats to confidentiality, integrity, and availability in the US Food and Agriculture sector respectively as theft of intellectual property and data, targeted disruption and data-driven attacks, and signal loss and data bandwidth limits common in rural communications networks . Similarly, in 2020, the UK National Cyber Security Centre (NCSC) created a 14-page guide, ‘Cyber Security for Farmers‘, to help educate sole traders, small to medium-sized operators, and large-scale commercial farms on cybersecurity and cyber-hygiene fundamentals . Disruptionware attacks against farms and other agriculture infrastructure became more frequent in 2022 and will continue to increase as food and agriculture infrastructure modernizes. However, the vast majority of targeted or opportunistic attacks can be mitigated through fundamental cybersecurity and cyber-hygiene best practices.
Farming infrastructure is expensive and daily life depends on its continuous operation. Farm owners and operators can help foster Agriculture 3.0 and 4.0 by improving their fundamental cybersecurity and cyber-hygiene according to the following five recommendations:
- Just like how other farm equipment requires maintenance and eventual replacement, computers and internet enabled systems must be regularly updated and eventually replaced.
- Make regular backups of your important data, such as emails, invoices, contacts, orders, quotes., and keep these backups in a separate location.
- Keep your devices safe, as you would any other valuable asset. Phones, laptops, autonomous farming equipment, and other assets should be protected with antimalware, complex passwords, encryption, and multi-factor authentication where possible – most of which can be downloaded from reputable vendors on an app store and feature single button installation. Solutions that enable you to remotely track, lock, erase, or backup and recover data are also useful for virtually and physically securing equipment.
- Be skeptical on phone calls, in email, and online. Rely on judgement, common sense, and critical thinking. Don’t click on emailed links and instead type into a browser search bar instead.
- Practice “stranger danger.” When receiving an email or call do not share information unless you were expecting the contact and take steps to externally verify that the email or call came from the source it claims to be representing. Never share banking or other sensitive information over phone, text, or email. Scams will typically try to hook victims with false authority, urgency, emotion, fear, scarcity, and current events.
- “Food and Agriculture Sector”, 2018. [Online]. Available: https://www.cisa.gov/food-and-agriculture-sector. [Accessed: 23-Jan-2023].
- “Agriculture and Food.” [Online]. Available: https://www.worldbank.org/en/topic/agriculture/overview. [Accessed: 23-Jan-2023].
- “Agriculture 4.0 – the future of Farming Technology,” Agriculture 4.0 – The Future Of Farming Technology, 13-Feb-2018. [Online]. Available: https://www.oliverwyman.com/our-expertise/insights/2018/feb/agriculture-4-0–the-future-of-farming-technology.html. [Accessed: 23-Jan-2023].
- “Cybersecurity threats to Precision Agriculture,” CISA, 2018. [Online]. Available: https://us-cert.cisa.gov/ncas/current-activity/2018/10/03/Cybersecurity-Threats-Precision-Agriculture. [Accessed: 23-Jan-2023].
- “Cyber Security for Farmers,” NCSC, 2020. [Online]. Available: https://www.ncsc.gov.uk/guidance/cyber-security-for-farmers. [Accessed: 23-Jan-2023].
- “Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons,” DHS, 2022. [Online]. Available: https://www.ic3.gov/Media/News/2022/220420-2.pdf. [Accessed: 23-Jan-2023].