With the ongoing war in Ukraine upending markets and the lingering COVID-19 pandemic continuing to affect daily life, additional concerns could seem overwhelming to anyone. But a rising threat for businesses – compromised cybersecurity – is on the rise. Unfortunately, for dairy the risk isn’t theoretical as hackers have successfully shut down operations at dairy and beef processing plants, adding more stress to the food supply.
Cybersecurity threats in agriculture can affect all levels of the supply chain, from farm to retail. They also pose a significant threat to national security. Immediate action and continued vigilance are necessary to reduce the risk of a damaging cyber intrusion.
Dairies are full of data
Dairy farms, at first glance, wouldn’t seem to be a likely target for hackers who literally have the entire world to choose from. But that thought ignores all the data-sharing that occurs in the industry.
Milking systems track production; pedometers track movements; feed-tracking apps monitor diets and feed inventory; global positioning systems (GPS) tell tractors where to plant or apply fertilizer; payroll is used for employees. Every single one of these applications are potential targets. A Finnish study on six dairy farms showed that farm owners installed computers and networking equipment designed for consumer use while keeping security measures and passwords in factory default settings, making it extremely easy for someone to hack into the system.
Clay Detlefsen, senior vice president of regulatory affairs at the National Milk Producers Federation (NMPF), serves as chairman of the Food and Agriculture Sector Coordinating Council. The council is the primary private policy coordination and planning entity collaborating with the Food and Drug Administration (FDA), United States Department of Agriculture (USDA), the Department of Homeland Security, and the Food and Agriculture Government Coordinating Council, among others, to address a range of critical infrastructure security and resilience activities. Detlefsen advises the U.S. government on the unique cybersecurity considerations for agricultural producers and processors. These efforts have resulted in the prioritization of cybersecurity at the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS-CISA) and with Food and Agriculture Sector Coordinating Council, with a new focus on food and agriculture-related cybersecurity concerns in council meetings and webinars.
Most recently, DHS-CISA has released “Shields up,” a guide to cybersecurity best practices for all organizations. DHS-CISA recommends that all organizations, including dairy farms, regardless of size, adopt a heightened posture when it comes to cybersecurity. “Shields up” provides a list of free cybersecurity services and tools to use.
CISA urges four main factors to stay cyber-safe:
- Implement multi-factor authentication on your accounts. A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you 99% less likely to get hacked. Enabling multi-factor authentication on your email, social media, online shopping, financial services accounts – as well as gaming and streaming entertainment services – will ensure improved security.
- Update your software, using automatic updates. Bad actors exploit flaws in systems. Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices, too. Leverage automatic updates for all devices, applications, and operating systems.
- Think before you click. More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it’s a link you don’t recognize, trust your instincts, and think before you click.
- Use strong passwords, and ideally a password manager to generate and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
The world is a dangerous place.
As the Ukraine war unfolds and global efforts to restrain Russia invite retaliation, cyber-vigilance will be necessary. NMPF will continue to monitor and provide any pertinent information to the dairy industry.