FBI warns farming industry about equipment hacks, data breaches

As Internet-connected equipment is increasingly used in many industry sectors, alerts like the latest one issued by the FBI to US farmers will likely become a regular occurrence.

farming cyber risks

“While precision agriculture technology (a.k.a. smart farming) reduces farming costs and increases crop yields, farmers need to be aware of and understand the associated cyber risks to their data and ensure that companies entrusted to manage their data, including digital management tool and application developers and cloud service providers, develop adequate cybersecurity and breach response plans,” the FBI and the US Department of Agriculture (USDA) warn.

Farming cyber risks

The FBI and USDA believe that cyber attackers might target individuals and entities in the farming industry:

  • To steal farm-level data in bulk (information about soil content, past crop yields, planting recommendations, etc.) or to destroy it in protest
  • To encrypt collected data and hold it for ransom (with ransomware)
  • To disrupt food production and processing (by messing with plants’ Industrial Control Systems).

“Historically, the farming industry has lacked awareness of how their data should be protected from cyber exploitation, likely reflecting low industry demand for adequate cybersecurity. In fact, drone manufacturers are focused on offering low pricing structures for farmers by developing data platforms that are interoperable with legacy systems, a hallmark of networked devices with poor cybersecurity,” the alert informs.

In order to foil attackers wielding ransomware, the FBI advises farmers to implement a robust data back-up and recovery plan, and to keep the back-ups in a separate and secure location.

Additional security tips provided include monitoring employee logins, using two-factor authentication for employee logins (especially if they are remote logins) and VPNs, security awareness training for employees, data and traffic monitoring, closing unused ports on the equipment, and creating a centralized service/email account where employees can report suspicious emails or other things.