SoylentNews

upstart writes:

Without an information sharing and analysis center, the country's food and agriculture sector is uniquely vulnerable to hackers:

If hackers wanted to debilitate American society, they would have trouble taking down the entire power grid or financial system, but they could do serious damage to the companies that make and deliver Americans' food.

The US food and agriculture sector lacks the resources, expertise, and government support to protect itself and its products from a rapidly expanding range of cybersecurity threats, according to lawmakers, policy experts, and former government officials. These shortfalls leave gaps that foreign government operatives or cybercriminals could exploit to remotely disable farming equipment, contaminate fertilizer, cripple milk supplies, and kill chickens.

In the past few years, cyberattacks on the meat processing giant JBS Foods and the Iowa farm services firm NEW Cooperative have laid bare the industry's widespread vulnerabilities. And new technologies, including advances in artificial intelligence, are creating previously unimaginable risks, overwhelming a workforce not accustomed to dealing with digital security. Making matters worse, food and agriculture is one of only a few critical infrastructure sectors that doesn't have an information sharing and analysis center, or ISAC, helping companies fight back.

All of these shortcomings make food and agriculture companies a prime target for Russian operatives bent on vengeance for Western sanctions, Chinese spies seeking a competitive advantage for their domestic firms, and ransomware gangs looking for victims that can't afford downtime.

The federal government has recently begun addressing these dangers. Lawmakers are introducing bills and spotlighting the issue at hearings, and a presidential directive has spawned a series of reports and reviews. To the people most informed and worried about the chaos that hackers could cause, these developments are long overdue.

"Agricultural and food security is the foundation of American security," says US congressman August Pfluger, a Texas Republican who has sponsored a bill on the subject. "Without a stable food supply, society stops functioning."

Precision agriculture uses GPS sensors and satellite imagery to determine the right kind of fertilizer for every patch of soil and send instructions directly to tractors that automatically move around and spray the appropriate mixes. If hackers breached these systems, they could poison the crops of every farmer using them. The impact wouldn't be clear until months later, when the crops would begin to grow poorly or fail to grow at all.

Farmers are also vulnerable to more immediate sabotage. The same remote-access technology that enabled John Deere to remotely disable a batch of Ukrainian tractors stolen by Russian forces could let hackers turn off millions of tractors across the United States.

America's meat supply faces huge risks too. Inside the massive industrial facilities where most chickens are raised and slaughtered, the temperature and humidity are precisely controlled by internet-connected computers. With control of this system, hackers could engineer a catastrophe.

"You could lose tens of thousands of birds literally within 10 to 15 minutes," says Marcus Sachs, deputy director for research at Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security. "We've seen this happen before. It's almost like a wave goes through the chicken house, where they all just die."

Just-in-time logistics mean that even short-term cyberattacks can have serious consequences. Hacks that disrupt fertilizer or pesticide production can force farmers to sit out planting seasons. Breaches at meat-packing plants can cause destabilizing supply shortages. Tampering at a food processing firm can lead to deadly contamination. Already, ransomware attacks that have forced companies to shut down operations for a week have left schools without milk, juice, and eggs, according to Sachs.

"A major disruption in this sector leads to immediate public health and safety issues," says Mark Montgomery, who served as executive director of the Cyberspace Solarium Commission.

Despite being increasingly vulnerable, Sachs says, the food and agriculture sector still "doesn't really understand the threat mindset" as well as higher-profile sectors, like financial services and energy, do.

[...] "One vulnerability and attack," Pfluger says, "can lead to catastrophe for everyone downstream."

Original Submission