DHS Warns of Threats to Precision Agriculture
7.10.2018 securityweek
BigBrothers

Relying on various embedded and connected technologies to improve agricultural and livestock management, precise agriculture is exposed to vulnerabilities and cyber-threats, a new report from the United States Department of Homeland Security (DHS) warns.

The adoption of precision agriculture technology has increased, which has also introduced various cyber risks. By exploiting vulnerabilities in precision agriculture technologies, an attacker could not only access sensitive data and steal resources, but also tamper with or destroy equipment.

Technologies used in precision agriculture “rely on remote sensing, global positioning systems, and communication systems to generate big data, data analytics, and machine learning,” the DHS report (PDF) says.

The findings of the report stem from visits and interviews at large farms and precision agriculture technology manufacturers in the United States. Technologies that allow for a more precise application of agricultural and livestock management inputs (fertilizer, seeds, and pesticides) to lower costs and improved yields, also expose the agricultural sector to vulnerabilities, the paper reads.

Cyber threats facing precision agriculture’s embedded and digital tools, however, are consistent with those other connected industries are exposed to as well. The malicious attacks targeting these tools usually have the same purpose too, including data and resource theft, reputation loss, destruction of equipment, or gaining an improper financial advantage over a competitor.

“Therefore, improper use of USB thumb drives, spear-phishing, and other malicious cyber-attacks, are readily available threat vectors for an attack; and the generally accepted mitigation techniques in other industries are largely sufficient for creating a successful defense-in-depth strategy for precision agriculture,” the report notes.

What makes precision agriculture unique, however, is the fact that a highly mechanical labor-intensive industry is now connected online, which dramatically increases the attack surface for threat actors. Thus, threats that would otherwise be viewed as common, “may have unique and far-reaching consequences on the agricultural industry,” the DHS says.

According to the report, precision agriculture isn’t only exposed to cyber-attacks, but also faces dangers such as natural disasters, terrorist attacks, equipment breakdown, or insider threats.

Key threats to the sector include intentional theft of data, intentional publishing of confidential information, access to unmanned aerial system (UAS) data, sale of confidential data, falsification of data for disruption purposes, introduction of rogue data to damage a crop or herd, disruption to positioning, navigation, and timing (PNT) systems, and disruption to communication networks.

The report also reveals a series of key controls designed to mitigate the threats: email and browser protections, control over network ports and hardware and software assets, account monitoring, data recovery capabilities, data protection, and incident response and management, among other.

“Adoption of information security standards for precision agriculture is important for the future success of precision agriculture, along with industry efforts for equipment interoperability and data use / privacy. Vetted best practices, borne from hard experience learned in other sectors which have proceeded agriculture in the digital revolution, offer a proven path for data security,” the report reads.