Precision agriculture systems are vulnerable to numerous threats that could harm national security, according to a report commissioned by the U.S. Department of Homeland Security.
The new report, “Threats to Precision Agriculture,” was co-written by a group of analysts from the government and private sector who found the potential hazards “were often not fully understood or were not being treated seriously enough by the front-line agriculture producers.”
Connecting the traditionally “highly mechanical” agriculture industry to the internet through yield-tracking software and other tools has greatly increased “the attack space available to threat actors,” the report said.
For example, there has been a recent “explosion” in “decision support system” applications for mobile devices that were often created by start-up companies and university staff who may not properly update security patches for the programs, leaving them prone to exploitation.
Such weaknesses could lead to the “unintentional leakage” of confidential farmer information, but some applications may also “be malicious by design to steal data,” the report said.
An attack may focus on injuring the reputation of a farm supplier or related agribusiness company by releasing confidential data to the public, similar to the 2014 Sony Pictures hack that revealed salaries, gossip and other embarrassing information.
“There is no such thing as 100 percent protection. We see data breaches at all levels,” said RJ Karney, director of congressional relations with the American Farm Bureau Federation.
The report examines the possibility of a farm cooperative becoming compromised, either unwittingly or because of a disgruntled insider or hostile outsider.
“Many co-ops are also aggressively entering the precision agriculture market from an agronomy standpoint, offering detailed consulting and prescription plans for members, which requires the members to provide access to sensitive land use information,” the report said.
Beyond just publicizing data, a “malicious actor” could actually falsify information to simulate an outbreak of a crop or livestock disease to potentially roil markets for months before the fraud is debunked, the report said.
“It is an easy threat to potentially manifest as it does not rely on original access to real data,” the report said.
Entering fake data into a system of “smart sensors” — either on purpose or by mistake — could result in the destruction of crops by over- or under-irrigation or livestock losses from faulty heating, cooling or ventilation in barns.
Disruption to rural communication networks and tools such as global positioning systems and “real time kinematic” positioning would be damaging to agricultural production as well.
“That would almost paralyze us in the farming community,” said Fred Ziari, president of IRZ Consulting, an irrigation engineering firm.
Vulnerabilities in farm machinery, which often includes components from oversees, could allow the equipment to be “remotely disabled” in bulk during “key planting or harvesting windows” to create havoc for food security or the manufacturer’s reputation, the report said.
Farmers may introduce such weaknesses themselves by using third-party software to “jailbreak” their machinery to conduct their own diagnostics and repairs instead of using manufacturer-approved technicians.
Such software may include a “built in backdoor” to steal information or even immobilize machinery and demand a ransom payment, the report said.
The American Farm Bureau Federation has several concerns about “big data” in agriculture, such as growers being able to own and control the information collected about them, said Karney.
“The farmer who owns the data should be able to move it from one device to another,” he said.
How such “interoperability” and the “right to repair” machinery will interact with security concerns will be the subject of more discussion, Karney said.
In the past, machinery manufacturers had different hydraulic components that eventually got standardized across the industry, which is something that’s already occurring with the portability of data, said Joe Luck, a precision agriculture engineer and biological systems engineering professor at the University of Nebraska-Lincoln.
“We have get better at sharing those data sets between different interested parties” while also securing sensitive information, Luck said. “You can see how they’re both pretty critical.”
While ignoring the threat of data breaches and other problems would be “foolish,” companies that work in precision agriculture are aware of the dangers, said Ziari of IRZ Consulting.
Progress is being made, with information increasingly moving away from local computer servers to “cloud” servers with multiple levels of security, he said.
“If it’s at the local level, it’s a lot more prone to a breach,” Ziari said.
In general, the threats to precision agriculture are something the industry must recognize and prepare for, he said. “You cannot stop technology advancement by being so fearful of it.”