WELLINGTON COUNTY – It’s springtime on the farm and mother nature has finally come around with some good weather – it’s time to get a move on planting and make the daylight count.
You’re waiting for an email from your agronomist with a map file to upload to the cloud and wirelessly connect to the fancy new software you’ve upgraded to automate your planter, hopefully saving time and money. All you have to do is steer – if all goes as planned.
An email comes in and you click the link to download your map.
But there’s a problem: the email wasn’t real. It was masked to appear like the email you were expecting and the file you downloaded was actually ransomware — software encrypting a computer’s data with a ransom demanded in exchange for decryption — that has now spread onto your computer.
Your computer locks up and there’s a demand on the screen to make a deposit to a Bitcoin wallet address to free your property and information.
But what even is Bitcoin? And what do you do now?
It may read like a far-fetched scenario, but as the agriculture sector becomes increasingly driven by technology and the internet, farmers are having to contend with what Janos Botschner calls “cyber hygiene.”
Botschner is a psychologist and lead researcher on a four-year “Cyber Security Capacity in Canadian Agriculture” study currently underway by the Community Safety Knowledge Alliance (CSKA).
Having yet another thing to worry over may seem overwhelming for farmers, but Botschner says it doesn’t have to be.
“None of us wants to feel overwhelmed by a problem, and not know where to turn — that’s a recipe for paralysis,” he said.
One easy-to-follow piece of advice Botschner has is to ensure software is updated regularly.
“One of the easiest ways for someone to carry out an exploit is on legacy equipment that hasn’t been updated,” he pointed out.
Botschner, along with cybersecurity expert Ritesh Kotak, recently spoke at two focus groups targeting farmers in Wellington County, in a coming-together of the county’s four-year Smart Cities initiative and CSKA’s study.
The two events, with one in Harriston and another in Aboyne, focused on themes of prevention, backup and recovery while also hearing from farmers about how they’re thinking of cybersecurity.
“Farm households are households like the rest of us, and farm businesses are also businesses, like many other rural businesses,” Botschner said.
But what makes the agri-food sector unique is how reliant on technology it continues to become, underscoring the importance of getting cybersecurity conversations started now.
Everything from irrigation systems to robotic milkers to point-of-sale systems are controlled by technology and an internet connection, leaving those systems open to vulnerabilities and data breaches.
County Smart Cities program manager Justine Dainard, who facilitated the working groups, said there’s a need to keep the agriculture sector safe from attacks and to help keep electronic information secure.
“If we’re not … then we’re really ignoring an area of national security,” she said.
And while there is significant interest in supporting cybersecurity capacity across Canada’s agricultural sector, Botschner said the subject among busy farmers is “not on the top 10 list” — especially during the growing season.
That could lead to problems with domestic food security but also the livelihoods of farmers and Canada’s economy at large, with much of our agri-food production landing on plates across the globe.
The Australian wool exchange was brought down over several days in February after a ransomware attack targeting Talman Software, used across the county and in New Zealand, resulting in millions of dollars of lost sales and an overabundance of wool supply, reducing market prices.
Closer to home, in the United States, cyber attacks this year on meat and grain suppliers resulted in significant disruptions to the sectors.
The Communications Security Establishment, Canada’s cybersecurity agency, states in its 2021 Cyber Threat Bulletin they have “knowledge of 235 ransomware incidents against Canadian victims” between Jan. 1 and Nov. 16. But it also notes many ransomware attacks go unreported.
Statistics from Emisoft, an anti-virus software company, show there were over 4,000 ransomware attacks in Canada this year, averaging 11 attacks per day.
To bring cybersecurity closer to the field, the CSKA is engaging agri-food stakeholders across the industry to understand things from their perspective and to strike a balance in offering options both understandable and doable, while also not overwhelming farmers.
Farmers were told about basic steps they could take to better protect themselves, including verifying that emails are legitimate, making a list of all connected devices and knowing what information is critical to an operation, like historical crop or livestock data and personal customer and banking information from sales.
“If your vendor says, ‘hey, we’ve got a new payment portal, click on this link so that we can make things work better for you,’ pick up the phone and call your vendor and say, ‘is this legit?’” Botschner recommends.
“Most cyberattacks rely on human error manipulation … it’s a combination of time pressure and urgency that creates the conditions for an exploit to happen,” Botschner added.
He also recommends farmers consider what to do and how to recover in the event of an attack or data breach, giving the example of a barn’s climate control systems crashing, causing animal welfare issues from extreme temperatures and a lack of ventilation.
“Think ahead and think about what would you do?”
Turnouts for the events were small, Dainard admitted, but said there was “some really varied conversation, and it was a nice chance for everyone in different sectors to share some common concerns.”
The county is offering one-on-one consultations, free of charge, for farmers with a security consultant from EliteSec and still has five spots remaining.
“What I hope to be able to offer with these on-farm security visits, is a more deep, one-on-one conversation between the expert and the farmer,” Dainard said of the consults, which are covered by taxpayer dollars through the province’s Rural Economic Development Fund.
The conversation and responsibility for cybersecurity doesn’t end with farmers. There’s also a role for industry associations and governments “to understand what can be done to strengthen the capacity of this critical infrastructure,” Botschner said.
“I think we’ve entered this issue at the right moment, to be able to hopefully stimulate some action and some dialogue that’s going to make a difference.”
To book an EliteSec consult through the county, contact Justine Dainard at firstname.lastname@example.org or call 519-837-2600 ext. 2540.