Glacier FarmMedia – Farming involves risk.
There’s all manner of weather to deal with, plus shifting markets, crop and animal diseases and unexpected production hurdles.
Related story: Digital defence must start with prevention
Read Also
Alberta crop diversification centres receive funding
$5.2 million of provincial funding pumped into crop diversity research centres
In response, farmers cover their acres with crop insurance, buy policies to protect against livestock price volatility and work feed options into their forage and marketing plans, among other safeguards. But even with risk management, cybersecurity experts worry that farmers and the agriculture sector are vulnerable in the digital parts of their businesses.
Recent ransomware attacks on agri-food companies illustrate the problem. Ontario Pork and national dairy organization Lactanet are among the newest Canadian organizations to fall prey.
“I think it’s going to always just be this ongoing concern for us now,” said Ontario Pork chair Tara Terpstra. “(We) have to evaluate different things when it comes to cybersecurity planning, which is essential going forward in the world we’re living in.”
Maple Leaf Foods in 2022 took an estimated $23-million hit after an attack locked down its systems and the company opted not to pay the ransom demanded by the hackers. The year before that, a cyberattack to meat giant JBS temporarily took down beef and pork plants.
In May 2020, a breach at the Agronomy Company of Canada (Agromart) compromised the personal information of hundreds of farmers, some of which was later sold, according to a lawsuit filed against Agromart and its parent company Sollio Agriculture. A proposed settlement for that lawsuit was announced earlier this year.
The computer is now a standing feature in machinery cabs, and farmers are generating and recording more data than ever before. That data is on farm systems, shared with consultants and agribusinesses and stored digitally on and off the farm.
With greater data comes a greater need to protect it. Many producers understand how to hedge their bets against weather, but the ins and outs of defending themselves digitally remains somewhat arcane.
Brennan Schmidt, an author and expert in cybersecurity from Regina, noted three key concepts farmers should keep in mind when setting up or incorporating new technology:
• confidentiality — ensuring no unauthorized technology or person knows the data;
• integrity — ensuring there’s no alterations made to data; and
• availability — limiting access so only essential persons and technologies can get to the data.
Farms constantly blend informational technology (IT) and operational technology (OT), Schmidt said.
IT is the typical pieces — computers and databases — while OT is the background that helps control systems. Both have online connections that must be protected against hacking, lest they provide a foothold into farm operations.
Darrel Petras, chief executive officer of the Canadian Agri-Food Automation and Intelligence Network, said the organization supports many projects with elements of cybersecurity. Advances in data transmission and agriculture’s heavy reliance on technology make it top of mind.
“When we fund these projects, we want to ensure that appropriate cybersecurity measures are taken,” he said. “So, they’re using either the best practices available or, within the innovation of the overall project, they’re offering innovative cybersecurity technology.”
Innovators and companies in agri-tech development have an obligation to consider cybersecurity in their work, he noted.
One such company is Farm Health Guardian, an Ontario-based livestock biosecurity company.
Its software promises smarter traffic control to help farms prevent and overcome animal disease. It tracks the people and trucks that enter the premises.
In Manitoba, the company’s app allows producers to report wild pig sightings to provincial monitoring and control organization Squeal on Pigs. It also offers alerts when biosecurity measures have been breached, confirmations of truck washes and other data.
The company’s largest customer base is Manitoba swine producers. Cybersecurity is hugely important to them and their sector, said Farm Health Guardian chief executive officer Rob Hannam.
The company says it protects users’ data through EU level data standards, encrypting all data and using North American servers.
Cybersecurity measures must be chosen just as carefully as biosecurity, Hannam said.
“It’s not like you’re a kid with an app walking down the street. It’s a dairy business. It’s a hog business. Some are large companies, some are smaller independent farms, but farming is a business. They need to have business-level software and business-level technology.”
The selected technology must be planned, researched and secured.
“It’s like buying parts,” he said. “They can buy the brand-name parts, aftermarket parts or used parts on a website. And if it meets the specs, it’s probably going to work.
“But in this [cyber]world, the brands they trust are likely working hard, like we are, to provide as much cybersecurity as they can. And if they’re buying other technology, they just need to be asking those questions and reading a bit of the fine print or asking how they’re backing up and securing their data.”
Ontario Pork chair Tara Terpstra said that, despite ongoing staff cybersecurity training, the in-depth education provided by cybersecurity experts after the organization’s breach was eye-opening.
“(At the time) it was just trying to stay calm and listening to what they were advising us to do and what steps to take. We were learning constantly.”
She said the experts simplified technical concepts and advised on safeguards to protect the organization’s system in the future.
Because risk and protection perceptions differ among producers, organizations or commodities, Terpstra said it is challenging to create blanket solutions for the agriculture industry. Like biosecurity protocols, cybersecurity varies by operation. Some might employ basic standards, while others need a more robust system.
“We have to protect our farms and farm businesses from cybersecurity threats, not just disease threats, (and) it’s just one more thing we have added to how we run our every day,” she said.
Ontario Pork’s new cybersecurity protocol with multi-factor authentication protects the organization, but providing producers with farm and business threat mitigation tools is a priority for the industry group.
“We can give them tools on what to do, but we can’t force them to adopt them,” Terpstra said. “Whether it’s a cultural thing or an age thing for those maybe a little more resistant to technology, they have to decide for their family farm.”
