Cybersecurity outreach efforts are increasing as digital bandits target agriculture
Anyone who has watched John Wayne movies or read the likes of Zane Grey or Louis L'Amour knows that stealing a rancher’s cows was one of the most heinous crimes in the old West — a hanging offense, to be sure.
Cattle rustling is rare these days. Now, farmers have to guard against a completely different threat. Instead of desperados with horses and lassos, it’s anonymous bandits sitting behind computer monitors and keyboards. It’s the wild West meeting science fiction — except that it’s all too real.
“When you’d watch these movies about the wild West, you'd see people rustling cattle,” said Kenny Sherin, the community and economic development program manager for North Carolina State University (NC State) Extension. “You had to be local to be involved in stealing cattle. But when you introduce digital technology to a farm, the opportunity expands globally. That cattle rustler turns into a data rustler.”
Cooperative Extension has a long history of helping rural communities adapt to change, supporting them through major shifts including electrification and the adoption of farm machinery.
Today, the shift is digital. Extension’s programs run from helping implement the latest advances in artificial intelligence on farms to basic digital literacy programs — email, web navigation, applying for jobs and benefits online — in areas that previously lacked access to broadband.
More opportunities to use modern technology also mean more opportunities for bad actors in the digital space. Consequently, Extension’s programs increasingly include an emphasis on cybersecurity to help people operate a modern farm and live safely online.
“Anytime you put a connected device on your farm, it's a window,” Sherin said. “There are so many rural places in North Carolina that just haven't had access to connectivity, so people may not be aware of the dangers that come with being connected. We are building awareness of how your devices are protected and who can get access. Extension is working to relate cybersecurity to farms and farmers, to see where there are vulnerabilities in the food supply chain and in agriculture.”
Farmers face the same threats as anyone who is online — identity theft, phishing, ransomware, malware. Large companies typically mandate annual employee training that offers best practices to mitigate risks. Extension’s efforts include providing similar training for producers who might have only recently gained access to broadband.
“You don’t have to be a coder or a cybersecurity expert,” Sherin said. “Guarding against attacks includes simple things that you could and should do every day — changing default passwords, using multifactor authentication on all your accounts, being able to identify phishing practices and not taking the bait, and updating software across all systems. These are known as the Core 4.”
As farms become more automated and adopt digital agricultural technology, including artificial intelligence, they are increasingly exposed to both opportunistic and targeted attacks from data bandits ranging from nation-states to environmental hacktivists. Potential consequences include equipment lockouts, disrupted operations, and even large-scale livestock die-offs.
“A recent example is a nation-state actor targeting grain storage monitoring systems seeking to rot the strategic wheat reserves of another nation,” Sherin said. “There was a recorded case of a dairy’s automated milking machine being hacked and taken over. There was a case where an irrigation system was hacked. As more and more people adopt these technologies, it's going to be more prevalent that these things are going to happen.”
It doesn’t take a vivid imagination to envision a worst-case scenario.
“Think about a group targeting poultry operations in North Carolina,” Sherin said. “The controls that regulate the airflow and the watering system in barns are automated now. It wouldn't take long to do some major damage. I think there will be more and more cases where farms are intentionally targeted. It's not rampant. It's not out of control now, but it's something we have to take into consideration with the adoption of technology. We have to stay ahead of the threat.”
With 101 centers across North Carolina, Extension is perfectly positioned to address the threat.
“Organizations that have IT support make sure their employees are trained,” Sherin said. “But who's that going to be for farms? Extension could be the ideal place. We need to make sure that farmers aren't the weakest link in the chain when it comes to cybersecurity.”
Sherin is working with Amir Lawrence, a cybersecurity analyst with NC State’s William and Ida Friday Institute for Educational Innovation, to develop farm-focused materials. The CyberPest Management resources could be incorporated into required pesticide credit training sessions.
“We’re working on creating materials that ag Extension agents can use to help build awareness for cybersecurity on farms,” Sherin said. “Farmers have to renew their pesticide education credits to keep them up to date. Offering training at the beginning of those sessions will start creating that awareness that's needed.”
Education efforts also include raising awareness about potential threats to the agriculture community. In February Sherin, Laura Rodgers and Ahmad Patooghy spoke at the North Carolina Cybersecurity Symposium in Raleigh.
Rodgers is director of cybersecurity practice at NC State’s Secure Computing Institute, and Patooghy is interim director of the Center of Excellence in Cybersecurity Research, Education and Outreach at North Carolina A&T State University. Their session, titled Moving Cybersecurity from the Nerds to the Herds, emphasized agriculture’s importance to the nation.
“The federal government has designated 16 areas of our economy as critical infrastructure, including water and medical. Agriculture and food is on that list,” Sherin said. “We wanted to create an interest in moving knowledge from IT people and cybersecurity people to farmers, and how to give them clear and relevant guidance.”
Sherin, Rodgers and Patooghy are collaborating under an initiative they call the Ag Defenders Coalition.
“We’re bringing industry people and ag business folks together,” Sherin said.
Sherin is also building partnerships with federal government initiatives and national nonprofits focused on cybersecurity efforts in the agriculture sector, including the FBI’s InfraGard, Food and Ag-ISAC and Bio-ISAC.
“Laura and I did a presentation to an InfraGard group that meets in the Triangle,” Sherin said. “They were very interested in making sure they appear at spaces where farmers gather to start generating that awareness campaign also. We’re bringing InfraGard in, we’re bringing ag businesses and cybersecurity consultants in, we’re bringing Extension in, and creating this program and awareness to benefit producers."
The InfraGard organization plans to attend Extension’s Blackland Farm Managers Tour on Aug. 5 to help build awareness of cybersecurity risks with producers.
“The concept of cybersecurity is gaining momentum," Sherin said. "I'm proud to say Extension was a little bit in front of that, and now it's getting more attention.”
Read more from NC State Extension here.