Growers are very mindful of their data and the importance of owning the rights to it. Even still, many are willingly giving their data to corporations in order to improve their productivity, increase their yield, and make their farms more profitable. Data ownership and profitability are of course very important, but they are not the only issues growers should be concerned about. They should be asking critical questions about how secure their assets and data are in the first place.
When news broke that growers are using third-party software to access their vehicles, I was surprised to find the focus of conversation was not centered on the fact that third-party software is a susceptible exploit for hacking into equipment.
Combined with the new push for rural broadband Internet access, the fact of the matter is that machines and data have never been more vulnerable from a security perspective. Wherever there are high-speed connections, the vast fields of rural America provide a false sense of security.
How to Get Ahead of Cyber Attacks
There are endless possibilities of what can be hacked. But rather than focusing on scare tactics, I would like to outline three steps growers can take to protect themselves:
1) Secure the Physical Environment:
A secure physical environment is paramount in order to protect critical infrastructure and hardware. Locations that host these assets must be monitored to ensure they are not tampered with by third parties. At its simplest this includes physical locks, and at its most advanced it includes badge readers that digitally log activity.
2) Establish Strong Policies and Procedures:
Policies and procedures govern how technology is implemented across your operation. Procedures must address all aspects of security – from onboarding to use and retirement – and this includes your critical assets (e.g., tractors and pivots). It is important to consider factors such as the locations where assets are stored, who can access and use them, and how they are configured. It is best practice to document and audit these procedures in order to ensure your organization is making a commitment to enforce safety and security.
3) Proactively Analyze Data from Operational Technology:
Just as your computer generates data, so do your critical assets. Using that data to better understand your growing operations enables you to proactively detect security incidents before they escalate into attacks. Insights you can gather from this data include:
- Clearly understanding all of the individual devices that are on your network, and ensuring only authorized devices are permitted.
- Knowing at all times what your devices are talking to, and confirming that they are not communicating with potentially malicious parties.
- Seeing when your devices are talking, and being alerted to any suspicious behavior (i.e., your pivot shouldn’t be talking at 3 a.m.).
Generating these insights enable you to monitor your operations on an ongoing basis, alerting you to anomalous activity that may be indicative of a security breach.
The Path to a Safe and Secure Future
Many growers trust that software and hardware companies are doing a sufficient job of protecting their assets. However, the vulnerability of third-party software should serve as a wakeup call to growers to check and confirm that their assets are indeed being proactively secured. By asking tough questions about what is and what is not being done from a security perspective, growers can better protect their assets from being left vulnerable to attacks.
It is safe to say that most growers do not realize a cyber attack can be as simple as knowing the locations of all your assets. If and when something malicious occurs, it often involves changes that are tough to trace with the human eye, such as switching off a control for a short period of time. There are many instances where turning off a piece of equipment can be catastrophic (e.g., grain bin fans and combine engines).
It is time for growers to start asking the right questions of their software and hardware providers in order to ensure their assets can operate safely at all times. At Uptake, we have some of the industry’s best and brightest cybersecurity leaders who are able to help if you have questions.