Cathy Lennon can’t remember the last time she met a farmer who didn’t have a cell phone.
“Whether it’s your modern farmer or your traditional farmer, even Mennonite, they have cell phones and smartphones in their pockets,” said Lennon, CEO of the Ontario Federation of Agriculture. (OFA), during a telephone interview with her. office in Guelph, Ontario.
She said there is an increasing amount of technology and data on farms and in the agricultural sector. But as agricultural equipment becomes more advanced and internet-connected, there are also concerns that it could become the target of cyberattacks, which could also jeopardize Canada’s food security.
Ali Dehghantanha is a computer scientist at the University of Guelph and Canada Research Chair in Cybersecurity and Threat Intelligence.
Its Cyber Science Lab focuses on cybersecurity, digital forensics, threat hunting, and threat intelligence. In the past year, he has been called upon to investigate 11 cases of cyberattacks involving the agricultural industry. Dehghantanha said a significant number.
He said the most common attacks involve ransomware, where the attacker gains access to a computer system and data and then demands payment to return it to the individual.
“We’ve seen quite a few cases of data leaks…and we normally find these data leaks as they become available on the dark web to be sold,” Dehghantanha said.
In some cases, it is individuals who do the hacking. In other cases, it may be a state-sponsored hack, he said.
He said the majority of cyberattacks reported to his lab are carried out by Eastern European criminal groups that specifically attack North American targets.
LISTEN | Agriculture industry needs to do more to protect technology and data, expert says.
The Morning Edition – KW7:14This expert says the agriculture industry needs to do more to protect its technology and data
Unsecured devices are “easy targets”
Hackers may not always look at targets, but people – farmers or otherwise – who don’t keep their devices up to date or don’t have security measures in place are “soft targets”, says Dehghantanha.
“Unfortunately, due to the absence of any safety standards or safety guidelines in [the agriculture] in the field, we see so many unpatched devices… they are easy targets for hackers.”
Janos Botschner is the Principal Investigator of the Cybersecurity Capacity in Canadian Agriculture Project through the Community Safety Knowledge Alliance, a non-profit organization that researches ways to improve the safety and well-being of communities.
The project aims to help the sector prevent cyberattacks, but also to develop tools to help strengthen cybersecurity in Canadian agriculture. For the past two years, the first project of its kind has surveyed Canadian producers on cybersecurity.
“Digital agricultural cybersecurity is still in its infancy globally, so this is both a weakness and an opportunity to accelerate capacity building within the sector,” Botschner said.
He said that for many, the level of cybersecurity awareness is “not a priority for most producers” at this point, but it needs to be.
He pointed to recent cyber threats targeting the sector, including a warning from the US Federal Bureau of Investigation (FBI) in April this year which included the UK and Australia. He warned agricultural cooperatives to be on high alert for ransomware attacks.
The threat of a cyberattack also hit Quebec farmers last month when the Union des producteurs agricole (UPA), a farmers’ union, announced that it had fallen victim to a ransomware attack on August 7.
A statement on the union’s website says it is still examining the scale of the attack and possible ways to restore its computer systems. The UPA noted that the “day-to-day operations” of agricultural businesses were not compromised and that it was doing everything it could to protect people’s personal information.
Firm, family networks often connected
For many people, a ransomware attack affects them on an individual level. But the attack may be a bigger problem for farmers, Botschner said.
“Agricultural businesses are not like other businesses.”
An attack “could impact their farm business as well as their farm family because … many networks are not separated between home and farm.”
Lennon said she has also heard from farmers who have reported that a company they do business with has been attacked.
“People have had their names, addresses and credit cards hacked when a local business has been attacked, and that has certainly raised concern and awareness at the farm level to make sure you protect that information. .”
An attack could also “sow mistrust”
But Botschner said cyberattacks can be more than ransomware or phishing for information. There could be attacks where information, rather than physical computer systems, are disrupted, he said.
“You might see contaminated information to mask an event as an emerging biosecurity threat like a virus,” Bortschner said.
“Or you might see contaminated information to suggest something is going on that has contaminated a product to sow distrust in a critical part of our agri-food system. You could also see disinformation campaigns being deployed to undermine trust in the Canadian food system. “
These types of attacks may not happen quickly – it can take years in a strategic campaign.
He said people should regard food security as national security.
“If farmers are threatened, so are we.”
Advice for farmers
Lennon said OFA offers technical security guidance to members, including:
- Use strong passwords and a password manager.
- Be careful when sharing personal information on social media.
- Keep devices up to date.
The federation is planning an in-person annual general meeting in November, where it will host a workshop on protecting farmers from cyberattacks.
She said a key message to all farmers is that any device can be compromised.
“There are people who have highly technical equipment in the barn or in their computers at home. GPS technology. That’s the full range, but if you’re connected to the internet, the risk is there.”
Government and tech companies can do more
Dehghantanha said while farmers themselves need to make sure they protect their data and devices, regulators also have a role to play.
There is a need for a standard cybersecurity guideline for the agriculture industry “so that different people, farmers, technology providers, service providers are at least aware of this [is the] safety standard, what safety activities they have to do and they have to follow. »
“Canadian growers are very adaptable. They’re very good risk managers. They’re good at noticing things that might involve risks and threats,” he said.
“But there are other things that need to be done to support farmers because they shouldn’t be alone.”
He said governments and big tech companies can work together to help farmers improve their online security while focusing on protecting critical infrastructure from threats.
It’s kind of a “cybergrange lifted,” he said, “to help each other meet this important challenge in a way that makes sense to producers and really helps the sector as a whole to be more resilient”.