Prof says state sponsored hackers may be targeting Canada’s agriculture industry, possibly to disrupt food supply
Canada’s agriculture industry has “non-existent” cyber-security and the sector is an easy target for hackers, says an expert from Ontario’s University of Guelph.
Other sectors of the economy, such as health care, finance and utilities, have built up their defenses against hackers, but farmers and the ag sector are lagging.
“This is the 21st century. Everything is digital,” said Ali Dehghantanha, a computer scientist who runs the Cyber Science Lab at the U of G.
“The level of cybersecurity protection in agriculture is minimal to non-existent. The agricultural sector is a soft underbelly from a cybersecurity point of view.”
Read Also
Manitoba Parkland research station grapples with dry year
Drought conditions in northwestern Manitoba have forced researchers at the Parkland Crop Diversification Foundation to terminate some projects and reseed others.
Dehghantanha, a Canada Research Chair in Cybersecurity and Threat Intelligence, said leaders in the ag sector need to act now to avoid the cyberattacks that have crippled hospitals and municipalities across North America.
“The farming sector reminds me of the situation that we were warning about a few years ago in the health sector,” he said from his office in Guelph. “And you have seen a disaster at the hospitals.”
As an example, an attack nearly shut down health care and hospitals in Newfoundland and Labrador last fall. Hackers disrupted the “brain of the data centre” that powers the health-care system, the CBC reported in early November. The hack interfered with emails, diagnostic images and lab results and forced the cancellation of thousands of medical appointments.
In July, a cyberattack shut down the computer systems in the town of St. Mary’s, Ont., locking down its internal server and encrypting the municipalities data, The Beacon Herald reported.
Ransomware attacks, in which hackers demand a ransom payment to restore the computer systems, have become common in North America.
The agriculture industry and farms are vulnerable to such attacks because producers now use a network of sensors, cameras and other devices as part of the shift to precision agriculture and use of big data in agriculture.
Dehghantanha and his colleagues recently published a paper in Applied Sciences, reviewing the cyber-security risks to agriculture and producers.
“SF (smart farming) and PA (precision agriculture) have the potential to enhance global food security and reduce agriculture’s impact on the environment. However, to be able to realize this potential these technologies need to be protected from cyberattacks,” the paper stated. “These attacks can impose serious disruptions to global markets and especially to the economies of developing nations that are heavily dependent on the agriculture industry.”
The paper explained that precision agriculture and smart farming are part of the Internet of Things, where sensors, machines and other devices are connected.
In agriculture, an example would be sensors and computer systems that control how much fertilizer is applied to a crop, or precisely steer a tractor down a field.
“These IoT-based technologies create new cyber-security vulnerabilities and cyber-threats, which can be exploited to gain control of on-field actuators, sensors, and autonomous vehicles such as tractors, drones, sprayers, and planters, as well as related databases and applications,” the paper said.
The threat to agriculture boils down to the amount of technology used in the sector, versus the amount of money and time dedicated to cyber-security.
In a survey from 2019, Dehghantanha found that the global market for smart farming technologies was worth more than $10 billion. But spending on cyber-security in smart agriculture accounts for only about three percent of total cybersecurity spending in North America. Other sectors, like health care and finance, spend way more on security.
He said criminals don’t care if their target is a large farm in Saskatchewan or a small utility in Ontario. They are looking for something easy to infiltrate.
“Most of the cyber-criminals are scanning a whole range of IP addresses… and if they find one that is (vulnerable), they would not discriminate. They are going to target.”
In many cases, cyber-criminals may not shut down the computer system with ransomware. They could be looking for credit card numbers or other private information to sell.
The bigger threat to Canada’s ag industry is state-sponsored hacking.
Countries like China, Russia and North Korea support, allegedly, teams of hackers that penetrate computers and networks in North America.
Dehghantanha has seen cases where cyber-criminals, or lower-level hackers, attacked a farm business. On those computer systems, Dehghantanha found evidence of state-sponsored hacking.
“When we go there and investigate a ransomware attack… we find these machines were targeted in the past, by these more advanced hackers,” he said.
“It seems to us… that farming is (a) sector (that) is in the interest of the state-sponsored hacking teams. So, you need to think about that and act on it.”
He said the state-sponsored hackers may be creating “weapons” or looking for ways to disrupt farming and food production in North American for use at a later date.
“In every warfare, you are building airplanes. You are building missiles,” he said.
“I know the (goal) of the cyber hacking teams is to provide the weapons… for the decision makers to (take action).”
He said any disruption of infrastructure could disrupt supply chains and affect food security.
The paper said producers and ag businesses can take basic steps to prevent a cyberattack.
“There are some cyber-safe behaviours… to reduce the security risk. These include dynamic and secure passwords, frequently password changeover, data encryption, 2-factor user authentication, and updating software when prompted,” the paper said. “Avoidance of suspicious emails, links, and not saving personal or financial data on browsers and auto-fill features are recommended too.”
