Hacker threat to Australian ag machinery says FBI


The FBI has issued a warning about hacker threats to US farmers that applies equally to Australian businesses that introduce networked machinery to agricultural processes. Source: CSO

Backend data management systems are not the only equipment that companies in Australia’s $60 billion agricultural sector need to protect from hackers, according to the FBI.

As networked-aided machinery, otherwise known as the Internet of Things, is integrated with production processes, these also can be exploited by hackers and could cause significant problems to an industry that traditionally hasn’t been sensitive to computer security threats.

Sunrice, a large Australian agriculture company, recently noted after purchasing hardware from US security firm Palo Alto Networks, that the devices would help it ward off file encrypting ransomware.

Farmers and agriculture firms also fall within critical infrastructure, as key suppliers of food to a nation.

Like other industries, agriculture firms are venturing into new technologies, ranging from analytics to robotics, to boost productivity. That trend introduces new cyber risks, the FBI highlights in a recently published document that zeroes in businesses that adopt precision “smart farming” techniques, singling out poorly-secured drones as a potential threat to a sector that may be naive to hacker threats.

“Historically, the farming industry has lacked awareness of how their data should be protected from cyber exploitation, likely reflecting low industry demand for adequate cybersecurity,” the FBI notes in a private industry document published by Public Intelligence.

“In fact, drone manufacturers are focused on offering low pricing structures for farmers by developing data platforms that are interoperable with legacy systems, a hallmark of networked devices with poor cybersecurity,” it continued.

The FBI urges agriculture businesses to take caution with their own network equipment and IT suppliers, such as app developers and cloud service providers.

As an example, it points out that attackers may use the same big data techniques the US government has used to forecast crop supply and prices to hack US agriculture resources and market trends.

As a recent spate of ransomware attacks on hospitals in the US have illustrated, some organisations are prone to such attacks due to the potentially high cost of lost lives if a ransom is not paid.

The FBI warned that farmers may also be targeted by ransomware or data destruction attacks, where no ransom is demanded but data is destroyed anyway.

A high profile example of the latter case is Sony Pictures Entertainment, which was subjected to malware attack, suspected to originate from North Korea, that wiped the firm’s hard drives.

In agriculture sector the FBI imagines that hacktivists may target a farm that uses genetically modified organisms or pesticides.

The FBI urged farmers to invest in data backup processes. Since antivirus products cannot guarantee to catch all malware variants, the only way to ensure data is not destroyed or held ransom is by backing up to offline storage.

“The single most important protection measure against these threats is to implement a robust data back-up and recovery plan. Back-ups should be maintained in a separate and secure location so that malicious actors cannot readily access them from local networks,” the FBI said.

It also recommended adopting VPN and two-factor authentication for employee logins and to monitor them for access during unusual hours.