Farmers think about their industry being Big Iron, but it’s becoming more and more Big Cyber, and that’s where some serious production risks lie.
If farmers don’t take cybersecurity seriously, they might face breakdowns that stop the Big Iron running.
“Farming is very time sensitive,” said lawyer Doug Tait of Thompson Dorfman Sweatman of Winnipeg.
“If your seeder isn’t working … you’ve got such a small (time) window that a cyberattack could cause havoc.”
Adrienne Ehrhardt, a cybersecurity expert with U.S. law firm Michael Best and Frederich, said many farmers don’t realize how vulnerable their production systems are to cyberattacks.
“The consequences are much more dire than just a data breach…. This could have real results in terms of really affecting whether a crop dies or lives, or whether a disease within an animal population is contained,” said Ehrhardt.
The two lawyers spoke at the Grain World conference in Winnipeg Nov. 14 and urged farmers to take digital security seriously.
Hackable devices and systems exist everywhere in modern farming.
“It’s in tractors, it’s in drones,” said Tait.
Sensors in many on-farm systems are vulnerable, but many farmers don’t realize it.
“They’re not coming with security and privacy characteristics baked into them,” said Tait.
Ehrhardt said providers have mostly cared about getting their devices and systems out into farmers’ hands, not ensuring that farmers’ aren’t becoming exposed to cybercriminals.
For instance, many sensors and devices have passwords, but the operators don’t realize that. Often the default password is “admin.” That’s easy to exploit.
- Protect passwords: Change passwords for new devices and sensors, and use passwords that aren’t easy to break.
- Have an incident response plan: “When something happens, what am I going to do?” said Ehrhardt. Many farmers don’t have a plan. What do they do if there’s a problem? How do they mitigate the damage? Who do they call? This should all be written down.
- Buy cyberinsurance: Many companies now offer insurance for breaches, including issues like paying ransom and getting systems back up and operating quickly. However, different insurers offer different types and levels of coverage, so policies must be understood.
- Implement usage policies: Does a farm have policies about who can use and how people can use devices and systems? Are people allowed to use personal devices that interact with a farm’s systems and devices? What happens when an employee quits?
- Backup: Is crucial data backed up independently of other farm systems?
Tait said farmers need to also realize that they are vulnerable to the weaknesses of the companies they interact with.
Getting cybersecurity in place before a situation occurs can prevent a crisis.
“In the event of a breach, somebody’s going to be looking for somebody to blame, and you don’t want it to be you,” said Tait.