Please see comment below by cyber security experts on how agriculture organisations can protect themselves against cyberattacks after the FBI’s warning on increased attacks by ransomware gangs on the sector.
Farmers and food production have been on the cyber criminal radar for some time now. The UK National Cyber Security Centre (NCSC) published guidance in December 2020: Cyber security guidance for farmers – NCSC.GOV.UK and it’s no surprise that the US Authorities are following suit. Criminals will always attack their targets at the points of highest vulnerability to maximise pressure to comply with their demands. That’s why planting and harvesting seasons are of particular interest in the farming community. Couple that with the ongoing supply chain difficulties arising from the COVID pandemic and you can see why the sector needs to up it’s game and take these threats seriously. Profit margins are traditionally very slim for farmers so a successful attack could be incredibly harmful to individual businesses or collectives. Basic cyber protection could be the one thing that keeps the lights on if cyber criminals come knocking.
From trucking companies to oil refineries to grain cooperatives, high-impact malware or ransomware incidents against critical infrastructure sectors have increased globally. With the close adjacency between logistics, agriculture, and food and beverage industries, it is key that we not only work on managing risk to our physical supply chain due to the pandemic, geopolitical issues, as well as climate change but also focus on securing digital supply chains.
In the past decade, digital transformation and automation have improved efficiencies across the physical supply chain, but we also need to utilise automation to secure digital supply chains—a growing concern across industries. The 2022 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Centre, found that in the Aerospace, Aviation, Auto, Transportation, Logistics sector, 97% of codebases contained open source, while over 60% of the codebases in that sector also contained vulnerabilities.
As a result, it becomes more important than ever for every CISO today to take inventory of their software risk using an extensive Software Bill of Materials (SBOM). Every security team should work with their independent software vendors and managed services providers to build appropriate controls as part of their overall risk management strategy, patching zero-day vulnerabilities and exploits, and above all prevent cascading bullwhip effects across the nation’s delicate food supply chain.
No organization ever wants to get hit with ransomware as it will interrupt the business and services. However, being impacted by ransomware at a critical time of the year, like the holiday season for product manufacturers or harvesting time for agriculture, can be devastating compared to the rest of the year.
Losing essential systems at the busiest and most crucial time of the year will increase the time frame for those organizations to restore to normal operations and if paying the ransom does that then the loss of payment on the ransom money will outweigh the production and revenue loss of not paying and taking multiple weeks to recover.
There is an element of speculation in the notification. A disruption to the agriculture sector may be more damaging during the harvest and planting season, and so if a threat actor was sufficiently motivated they may be more likely to attack during this time to increase leverage on the victim to pay a ransom. However, as critical infrastructure providers, the agriculture sector must have a good understanding and prioritisation of risks to their service and as such understand the various risks during each phase of the production cycles.
This is solely an FYI from the FBI, to be on guard and to ensure appropriate and proportionate defence.
2021 was the year that ransomware went mainstream, and it was the attack on Colonial Pipeline which was the catalyst. Consumers sit up and take notice when supplies of everyday essentials such as gas, electric and food are threatened. For obvious reason the fallout from these incidents can be massive, so it’s no surprise that cybercriminal gangs will continue to focus on our food supply chain.
Last year we saw food supply disruption following attacks on JBS Foods, one of the largest meat processing firms, multi-billion dollar dairy foods company Schreiber, Minnesota-based farm supply and grain marketing cooperative Crystal Valley, and Iowa-based farm service provider NEW Cooperative to name a few.
Unfortunately, ransomware attacks are increasing at an unparalleled rate and many organizations are still depending on antiquated technologies to defend against them, so the chances of a debilitating attack targeting our food supply is higher than ever before.
We know that the common thread associated with all ransomware attacks is data exfiltration, data is after all the crown jewels of any organisation. If organisations continue to focus on defensive cybersecurity approaches, attackers will continue to focus on and profit from extortion. Only by preventing the unauthorised exfiltration of data can organisations really win the war on ransomware.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics