Farms vulnerable to cyber security threats, new research shows
How to protect your farm against cyber security risks
By Lilian Schaer
As Canada’s farms become more connected and more digital, there is a consensus among experts that it’s a matter of when and not if a farm business will experience a cyber security problem.
This can result in disruptions of farm operations, financial losses, unauthorized access to sensitive information, and on a larger scale, challenges to Canadian food security if the problem impacts the broader supply chain.
Agriculture is a particularly vulnerable sector because it is made up of many independent businesses – and cyber attackers by nature will go after the most vulnerable targets.
“The biggest risk right now is the level of maturity and capacity related to cyber security in the ag sector,” says Dr. Janos Botschner, lead researcher behind the Cyber Security Capacity in Canadian Agriculture project.
It’s a multi-year research project funded by the federal government to help get a better sense of cyber security readiness across the agriculture sector and includes a literature review of digital systems in agriculture; interviews and focus groups with the ag sector; a producer survey, and resources created specifically for farmers.
According to Botschner, most other economic sectors, from finance and health to energy, have fairly sophisticated cyber security frameworks in place, but agriculture has lagged at least in part because there is a relatively low perception of risk.
“If you’re looking at tight margins already, it might be difficult to see yourself paying for some additional services you don’t necessarily see the value of,” he says.
Most farms, the research showed, are family operations that manage their own networks and often run them off a residential system. Except for very large operations, most family farm businesses do not have a family or staff member with cyber security expertise, and while there are some cyber security practices in place, they are uneven and not as strong as they could be.
Botschner’s research revealed that a key barrier to cyber security action on the farm is not knowing where or how to start. In fact, 52% of respondents to his team’s producer survey didn’t see cyber security as a priority, 47% didn’t know where to find help, and 25% said they didn’t have to resources to act.
To help farmers get started, Botschner and his team developed a list of practical steps a farm business can take to reduce their cyber security risk:
- Make sure hardware and software is kept up to date, and basic physical and electronic safeguards are in place like locked server cabinets and strong passwords.
- If you’re using social media, consider what kind and how much information you share about your family and your farm business in your posts.
- When you’re away from the farm, never use public WiFi to check your on-farm systems or somebody might be able to access your communications without you knowing it. If you have to monitor operations from public places, purchase and use a Virtual Private Network (VPN) or connect to your monitoring apps using the cellular data on your device.
- Take time to understand what information is critical to the farm business, where it sits and how it moves, and what would happen if it were corrupted or not available. Think about what would happen if you lost access to your herd or flock data, fertilizer or pesticide application records or other information needed for on-farm food safety and other audits and certifications.
- Consider how to get things up and running again following a disruption – who can help you and what items are a priority.
- Back up your most important information regularly and store it in a safe place.
- Make a sketch of the devices, sensors, computers, servers, mobile devices, automated equipment, environmental control systems, financial systems, and other hardware that are connected in your on-farm networks. This will help you understand just how many things are connected and identify potential vulnerabilities – and can help you have a more informed conversation with an IT provider or cybersecurity consultant.
- List all the suppliers whose services involve points of electronic contact with your on-farm systems. Question your suppliers about their information or cyber security safeguards, like the “Top Questions for AgTech Vendors” resource compiled by Botschner’s team.
- Reach out to IT service providers and sector associations to get technical help and to stay informed about new threats and how to manage them. There are many free resources available.
- Conduct periodic cyber ‘fire drills’ so you know what to do and who to call in the event of a cyber incident.
- Most cyber attacks rely on human error or manipulation. Stay alert to the ways this can occur:
- don’t click on un-verified links in emails or text messages.
- don’t overshare information about operations and vacation plans.
- never reveal sensitive business or personal information to unsolicited callers. Always check back with a caller who says they are from a financial services provider.
“Over 90% of cyber attacks leverage human error or psychology, so make sure your family and your team understand how to identify suspicious emails, change your passwords regularly, and remove digital access to your systems from any employees who have left your business,” he adds.
Cyber security could be integrated into a farm’s existing business risk management strategies, but Botschner believes farmers shouldn’t have to bear that burden alone. His team has developed a framework called Cyber Barn Raising that focuses on the system as a whole and identifies industry stakeholders and opportunities to strengthen cyber resilience.
This article was printed in the November 2023 edition of Milk Producer. It was provided by Livestock Research Innovation Corporation (LRIC) as part of its ongoing efforts to report on research developments and outcomes affecting the Canadian livestock industry. LRIC is funded in part by the Sustainable Canadian Agricultural Partnership (Sustainable CAP), a five-year, federal-provincial-territorial initiative.