August 28, 2024 | Policy Brief

Mitigating Threats to American Farming Starts With Secure Technology

August 28, 2024 | Policy Brief

Mitigating Threats to American Farming Starts With Secure Technology

Earlier this month at its Omaha Agriculture Threats Symposium, the FBI briefed farmers and cybersecurity professionals from across 30 states on the increasing cyber threats to agriculture. The FBI’s engagement with this industry helps farmers, ranchers, and other stakeholders implement critical cybersecurity measures to better protect the American food supply.

The special agent in charge of the FBI’s Omaha field office, Gene Kowel, warned, “The cyber risk and the national security risk to our farms, our ranches, our food processing facilities — it’s growing exponentially.” He detailed three major cyber concerns: criminal ransomware attacks, nation-state cyberattacks, and data and intellectual property theft. “The threats are evolving,” he cautioned. “They’re becoming more complex, more severe.”

Farmers use internet-connected sensors and cameras to track crop behavior, soil characteristics, and weather patterns. The farmers also employ drones to capture high-quality images of their fields, detecting diseases or pests and monitoring irrigation. Aggregating and analyzing vast amounts of information enable farmers to tailor practices to the needs of each crop or plot to gain higher yields. This precision farming is cost-efficient and sustainable, with a more effective allocation of resources. However, it begets cybersecurity risk.

As farming has become increasingly reliant on data, cloud computing, and remote monitoring, the sector has suffered a growing number of cyberattacks. In 2021, a ransomware attack on major meat producer JBS shut down its U.S. facilities and crippled those in Australia, causing meat prices to spike.

In 2022, U.S. farming equipment manufacturer AGCO fell victim to a ransomware attack that disrupted operations and stalled tractor sales during a crucial planting season. During the busiest and most high-priority time of the year, customers could not place equipment orders. Ransomware actors know that the seasonal nature of farming and the limited shelf-life of some foods mean that companies may be inclined to pay high ransoms to protect production.

Until recently, Congress had largely focused on the threat of foreign acquisition of agricultural lands. Chinese companies have been buying up land near U.S. military installations, primarily with the goal of surveilling and monitoring activity. Often, this land is agricultural, presenting yet another threat to the integrity of American farming. Members of the House of Representatives introduced the Protecting U.S. Farmland and Sensitive Sites From Foreign Adversaries Act, restricting foreign purchases and permitting the federal government to monitor foreign investment in American agriculture.

Congress is now beginning to weigh in on securing agricultural technology as well. House lawmakers have introduced the Farm, Food, and National Security Act of 2024, which requires the secretary of agriculture to conduct an assessment of “the cybersecurity challenges facing precision agriculture, including cybersecurity threats for agriculture producers and agriculture supply chains.”

This legislation incorporates the assessment and briefing components from the bipartisan, bicameral Farm and Food Cybersecurity Act and retains provisions authorizing a cross-sector exercise to help prepare farmers for “food-related emergency or disruption.”

While Congress is focused on these important issues, farmers also need guidance to help identify the most secure, internet-connected devices for the food and agriculture sector. The U.S. Cyber Trust Mark Program, which the Biden administration launched a year ago, could accomplish this. Cyber Trust Mark certifies and labels internet-of-things (IoT) devices that adhere to cybersecurity standards established by the National Institute of Science and Technology. Upon purchase, consumers see a voluntary product label that confirms that manufacturers adhere to national cybersecurity standards.

To date, the U.S. Cyber Trust Mark has initially focused on consumer products. When the program becomes more well-established and begins to incorporate more sectors, the agriculture industry should be a priority. Aligning with the guidance from the FBI’s comments in Nebraska, the program would promote the use of safe IoT devices, mitigating at least some cyber risks; help consumers avoid unsafe devices such as those manufactured in adversary nations; and begin to resolve critical weaknesses within the digital farming infrastructure — weaknesses that Americans cannot afford to ignore.

Johanna (Jo) Yang is a research and editorial associate at FDD’s Center on Cyber and Technology Innovation (CCTI), where she works on issues related to related to nation-state cyber threats, critical infrastructure protection, and U.S. cybersecurity policy. For more analysis from the author and CCTI, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focused on national security and foreign policy.

Issues:

Issues:

Cyber

Topics:

Topics:

AGCO Americans Australia Chinese Eugene Kowel Farm Federal Bureau of Investigation Food JBS S.A. Joe Biden NIST University Omaha Protecting Americans from Foreign Adversary Controlled Applications Act U.S. Congress United States House of Representatives