• The Internet of Things is making it harder to implement prevention programmes. The diversity of connected devices and systems means that appropriate cyber security measures and risk modelling are essential.
• Mary Lancaster of the US Department of Energy’s Pacific Northwest National Laboratory talks about the Food and Agriculture Risk Modelling (FARM) tool, which aims to quantify the impact of cyberattacks on agricultural production and to develop the necessary counterstrategies.
Why should cybersecurity be a priority for the food industry?
It is vital to improve the security of the entire agri-food industry, particularly in view of the growing automation of agriculture, which is increasingly making use of artificial intelligence and machine learning tools. Given that successful attacks could undermine product availability and food safety, and even disrupt the entire agricultural and food production process, all the industry players should take steps to evaluate the risks and vulnerabilities of their systems.
In agriculture, the Internet of Things poses unique challenges due to the diversity of connected devices and systems involved
What risks are we talking about?
Today, the main risks for farmers include classic vulnerabilities such as passwords that have not been changed from factory defaults, a lack of network segmentation and the widespread use of shared login credentials across companies. These vulnerabilities along with concerns about ransomware, notably prompted by the 2021 incident involving the meatpacking company JBS, have highlighted the potential negative impact on food security and the significant component of the economy that is tied to agriculture.
Has the Internet of things (IoT) added a further layer of complexity?
In agriculture, the Internet of Things poses unique challenges due to the diversity of connected devices and systems involved. Unlike some other sectors, agricultural technology often lacks standardised cybersecurity measures, making it more susceptible to attack. The potential large-scale impact of any disruption to these systems underlines the importance of effectively addressing these challenges. This is one of the reasons why we developed the Food and Agriculture Risk Modelling tool (FARM).
How should these risks be modelled?
The FARM project focuses on modelling the risks of cyber-attacks on agricultural systems along with their possible consequences. In analysing potential vulnerabilities and attack paths, the aim is to quantify the probability that some attacks might be successful and to assess their impact on production, for example on livestock or crop yields. This data is crucial to understanding what the potential consequences could be and guiding decision-making on cybersecurity measures. We are fortunate to have access to United States Department of Agriculture statistics, which provide valuable data on production at state and county levels. By combining this data with an understanding of automated agricultural systems, we can assess the potential losses in output resulting from cyber-attacks. And once we have quantified the impacts, we can then develop effective strategies to mitigate the risks.
Are you planning to extend the scope of this model?
We intend to expand our model to include more agricultural systems and products, as well as different levels of adversary capability. This expansion will allow us to assess a wider range of potential risks and develop more robust cybersecurity strategies. The idea is that the lessons learned from the FARM project will inform decision-making at both government and industry level. Today, it covers the production of beef, milk, cheese, eggs, chicken, pork, and certain crops such as maize, wheat, soya, almonds, potatoes, and greenhouse tomatoes. There are plans to extend its scope to include a wider range of foods including more fresh produce, and to integrate strategic data on the storage and transport of agricultural produce.
Mary Lancaster
