Canada's ag industry would benefit from 'cyber barn raising' to protect farmers from online attacks: experts - Action News
Home WebMail Tuesday, November 26, 2024, 01:05 PM | Calgary | -8.3°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Kitchener-WaterlooIn Depth

Canada's ag industry would benefit from 'cyber barn raising' to protect farmers from online attacks: experts

As farming becomes more reliant on advanced technology and smart devices, the risk of cyberattacks on individuals and the industry grows, experts say, warning that could impact Canada's food security.

'If farmers are under threat, then so are the rest of us,' researcher Janos Botschner says

A computer monitor is seen inside a tractor cab with a farm field in the background.
A computer monitor is seen inside a GPS-equipped John Deere tractor. As farm use of technology and smart devices grows, experts say more needs to be done to protect against cyberattacks that could threaten food security. (Seth Perlman/The Associated Press)

Cathy Lennon can't recall the last time she met a farmer who didn't have a cellphone.

"Whether that is sort of your modern-day farmer or your traditional even Mennonite farmer, they have cellphones and smartphones in their pocket," Lennon, the general manager of the Ontario Federation of Agriculture (OFA), said in a phone interview from her office in Guelph, Ont.

She saidthere's an increasing amount of technology and data on farms and in the agricultural sector.But as farmequipment becomes more advanced and connected to the internet, there also are concerns they'll become targetsfor cyberattacks,something that could also put Canada's food security at risk.

Ali Dehghantanha is a computer scientist at the University of Guelph and the Canada ResearchChair in cybersecurity and threat intelligence.

His Cyber Science Lab focuses on cybersecurity, digital forensics, threat hunting and threat intelligence. In the past year, it has been called to investigate 11 cases of cyberattacks involving the farmindustry.Dehghantanha said thata significant number.

He said the most common attacks involveransomware, where the attacker gains access to a computer system and data, then asks for payment to release it back to the individual.

Portrait of man with facial hair, glasses.
Ali Dehghantanha is a computer scientist at the University of Guelph and Canada Research Chair in cybersecurity and threat intelligence. He says anyone can be an easy target for hackers if devices aren't kept up to date. (University of Guelph)

"We have seen quite a few cases of the data leaks and we normally find these data leakage as they are becoming available in the dark web for selling," Dehghantanha said.

In some cases, it's individuals doing the hacking. In other cases, it can be state-sponsored hacking, he said.

He said the majority of cyberattacks reported to his lab are conducted by criminal groups in Eastern Europe that are specifically attacking North American targets.

LISTEN| Expert says the agriculture industry needs to do more to protecttech and data.

Unsecure devices 'easy targets'

Hackers may not always be looking at the targets, but people farmers or otherwise who don't keep their devices up to date or have security measures in place are "weak targets," Dehghantanha said.

"Unfortunately, due to lack of any security standard or security guideline in [the agriculture] field, we are seeing so many unpatched devices they are easy targets for the hackers."

Janos Botschner is the lead investigator for the Cyber Security Capacity in Canadian Agriculture project through the Community Safety Knowledge Alliance, a non-profit that looks at ways to improve community safety and well-being.

The project is looking to help the sector prevent cyberattacks, but also develop tools to help build cybersecurity in Canadian agriculture. Over the last two years, the first-of-its-kind project has surveyed Canadian producers about cybersecurity.

Portrait of man wearing button-up shirt, suit jacket.
Janos Botschner is lead investigator for the Cyber Security Capacity in Canadian Agriculture project through the Community Safety Knowledge Alliance. (Submitted by Janos Botschner)

"Digital ag cybersecurity is still in its infancy globally. So it's both a weakness and an opportunity for accelerated capacity building within the sector," Botschner said.

He said for many, the level of awareness around cybersecurity is "not a priority among most producers" at this point, but it needs to be.

He pointed to recent cyber threats to the sector, including a warning from the U.S. Federal Bureau of Investigation (FBI)in Aprilthis year that included the United Kingdom and Australia. It warned agriculture co-operatives to be on high alert for ransomware attacks.

The threat of a cyberattack also hit home for farmers in Quebec last month when L'Union des producteurs agricoles (UPA), a farmers' union, announced it was the victim of a ransomware attack on Aug. 7.

A statement on the union's website said it's still reviewing the scale of the attack and possible ways to restore its computer systems. The UPA noted "day-to-day activities" of agricultural businesses were not compromised and it was doing all it could to protect people's personal information.

Farm, family networks often connected

For many people, a ransomware attack impacts them on an individual level. But the attack can be a bigger problem for farmers, Botschner said.

"Farm businesses are not like other businesses."

An attack "could have an impact on their farm business as well as on their farm family, because many networks are not segregated between the home and the agricultural operation."

Lennon saidshe's also heard from farmers who reported a company they do business with had been attacked.

"People have had their names, addresses and credit cards hacked when a local business was attacked,and that certainly caused concern and awareness on the farm level about making sure that you are protecting that information."

An attack could also 'sow mistrust'

But Botschner said cyberattacks can be more than ransomware or phishing for information. There could be attacks where information,rather than physical computer systems, is disrupted, he said.

"You could see information being contaminated to either mask an event like an emerging biosecurity threat like a virus," Bortschner said.

"Or you could see information being contaminated to suggest that something's happening that has contaminated a commodity in order to sow mistrust in a critical part of our ag food system. You could also see disinformation campaigns being rolled out to undermine trust in Canada's food system."

Those kinds of attacks may not happen quickly it could take years as part of a strategic campaign.

He said people should think of food security as national security.

"If farmers are under threat, then so are the rest of us."

Tips for farmers

Lennon saidthe OFA offers tech safety tips tomembers, including:

  • Use strong passwords and a password manager.
  • Be careful about sharing personal information on social media.
  • Keep devices up to date.

The federation is planning an in-person annual general meeting in November, when it will hold a workshop on protecting farmers from cyberattacks.

Portrait of woman with curly hair.
Cathy Lennon, of the Ontario Federation of Agriculture, says the OFA is working to teach farmers about how to protect themselves from cyberattacks. (Ontario Chamber of Commerce/occ.ca)

She said a key message to all farmers is that any device can be compromised.

"There's folks that have highly technical equipment in the barn or in their computers at home. GPS technology. It's the full range, but if you are connected to the internet, then the risk exists."

Government, tech companies can do more

Dehghantanha saidwhile farmers themselves need to ensure they're protecting their data and devices, regulators also have a role to play.

There's a need for a standard cybersecurity guideline for the agriculture industry "so different people, farmers, technology providers, service providers are at least aware of what [is the] security standard, what security activities they should do and they should follow."

Botschner agrees.

"Canadian producers are very adaptable. They're very good risk managers. They're good at noticing things that might involve risks and threats," he said.

"But there are other things that need to be done to support farmers because they shouldn't be in it alone."

He said governments and major tech companies can work together to help farmers improve their safety online while focusing on ensuring critical infrastructure is safeguarded from threats.

It's a sort of "cyber barn raising," he said, "to help one another tackle this important challenge in ways that make sense for producers and that really help the sector as a whole to be more resilient."