November 12, 2024 | Policy Brief

Information Sharing Is the Answer for Improving Cybersecurity in the Food and Agriculture Industry

November 12, 2024 | Policy Brief

Information Sharing Is the Answer for Improving Cybersecurity in the Food and Agriculture Industry

The Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) last week released its first annual Cyber Threat Report. The report, the first of its kind in this sector, represents the organization’s commitment to scrutinizing the increasingly complex cyber threat landscape menacing the sector.

The Food and Ag-ISAC, an industry-led group, identifies and analyzes cyber and physical threats and provides effective mitigation strategies for the sector. The latest report examined more than 200 cyber threat actors and their activities. Jonathan Braley, director of the Food and Ag-ISAC, explained that the assessment revealed 25 ransomware groups that actively target the sector. But not only criminal hackers are doing so. The report identified 13 sophisticated hacking groups backed by nation states that target the food and agriculture sector in order to degrade U.S. critical infrastructure.

Rather than singularly focusing on cyber incidents, the report provides an assessment of the new and previously underappreciated tactics hackers use to compromise and exploit the sector. Malicious cyber operators often deploy malware to exfiltrate or encrypt data and can evade defenses to remain on networks for extended periods of time. The assessment identifies existing mitigation measures for cases like these.

According to the report, the food and agriculture sector is especially susceptible to spear phishing attacks, in which a malicious actor sends an email to individuals in the hope that they will either reveal information or provide access to controlled systems. Approximately 85 percent of hacks in the farming community originate from targeted spear phishing.

Once the hackers have gained access, they often rely on “Living Off the Land” techniques, using remote-access tools readily available on the network rather than deploying malware. In 90 percent of attacks on the sector, hackers using these techniques camouflaged their activity amid standard system and network traffic, thereby making it difficult for small or understaffed cybersecurity teams to detect the hack.

The report also noted that hackers exploited “zero days” in more than 40 percent of incidents. Zero days are previously unknown security lapses in computer code. Usually, hackers exploit known but unpatched vulnerabilities. The high percentage of zero days indicates that the research community that often discovers vulnerabilities in other software is not sufficiently focused on the software used by the food and agriculture community.

The Food and Ag-ISAC can change this dynamic by working with the government and research community to engage in a greater degree of burden sharing. Those with cybersecurity research expertise should find and develop fixes for software vulnerabilities, while the Food and Ag-ISAC should serve as a clearing house for sharing vulnerability information with industry at large.

By robustly participating in the Cybersecurity and Infrastructure Security Agency’s Joint Cyber Defense Collaborative — a coalition of government agencies and private companies working together to tackle shared cybersecurity threats — the Food and Ag-ISAC could also help inform the government about the consequences of cyberattacks in the sector. In turn, the Food and Ag-ISAC would gain insights into emerging threats that it can share with its members across the sector.

The Food and Ag-ISAC is beginning to understand the value of collaboration, having worked with the Information Technology ISAC (IT-ISAC) on this first cyber report. The IT-ISAC provides threat analysis and mitigation tactics for the IT sector and helped the Food and Ag-ISAC establish an adversary threat scoring system used in the assessment. Now in its second year of operation, the Food and Ag-ISAC needs more extensive relationships not just with other industries but also with the federal government and research community to mature its information sharing capabilities.

Johanna (Jo) Yang is a research and editorial associate at Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where she works on issues related to related to nation-state cyber threats, critical infrastructure protection, and U.S. cybersecurity policy. For more analysis from the author, CCTI, and FDD, please subscribe HERE. Follow FDD and CCTI on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.

Issues:

Issues:

Cyber

Topics:

Topics:

Cybersecurity and Infrastructure Security Agency United States Washington