The Rise of Tractor Hackers and Smart City Attackers

Protecting the Family Farm

Have you thought about what happens to your food if the internet goes down?

The ransomware attack shut down meat processing plants in North America and Australia, forcing buyers to find other suppliers and causing concerns about retail pricing impacts worldwide. JBS supplies roughly 25 percent of the beef consumed in the U.S. alone, putting it and other major suppliers like Tyson squarely in the category of critical infrastructure. However, the industry isn’t held to the same standards as gas pipelines or the electricity grid.

If the past few years taught us anything, it’s that the supply chain is fragile. Logistics were interrupted not only during rolling lockdowns but also as a result of a successful cyberattack on JBS, the world’s largest meat company.

Even though the JBS cyberattack didn’t have as detrimental an impact as hackers may have hoped, it showed that even the largest companies in this field are susceptible. Now, food production companies with fewer resources than giants like JBS – though carrying just as far-reaching an impact on food supply – are coming under fire from threat actors and going offline.

The food and agriculture sectors are more digitized and automated than ever as companies find new ways to boost efficiency amid narrowing margins. Except, there are few mandatory cybersecurity laws in the industry and the U.S., it even disbanded its cybersecurity information sharing group over a decade ago.

As industries become more digital, the greater their exposure to threat actors grows. Harvesting faces a similar predicament to food production, with tractors now running more software than a modern car – allowing farmers to run them from an iPad while enjoying a cup of tea. Other previously manual activities have gone digital too:

This is terrible news for an industry that faces a unique pressure point with ransomware; if systems can’t run, food supply for the greater population draws to a standstill.

The growing automation has given rise to precision agriculture and remote farming – but not without its drawbacks.

Given the heavy reliance on technology in food and agriculture, could we see hackers – whether they be ethical activists or other persons with malicious intent – bring tractors and food production across parts of the world to a screeching halt in 2022? If we do, unfortunately, we’ll also see large scale disruption of a supply chain that operates under a concise shelf life.

Ethical hackers showed Def Con hacking conference participants an overabundance of vulnerabilities in John Deere and Case New Holland systems – two popular agricultural equipment companies. The presentation claimed the vulnerabilities would effectively give threat actors control over the technology-powered equipment, whether through data logs or weaknesses in the operating systems themselves.

Why would hackers target agriculture?

From Farm to Table

The threats that food production and farming industries face are driven partly by shortcomings in cybersecurity resourcing within these sectors. However, acknowledging the systemic problem still doesn’t answer the bigger question.

• Nation states attempting to disrupt critical infrastructure through the food supply chain.
• Hacktivists trying to raise public awareness on environmental topics through deliberate disruption or data exfiltration.
• Financially motivated cybercriminals picking up low-hanging fruit.

There’s an emerging trend here: widespread disruption through one access point.

There are a few different reasons.

We cannot look beyond the premise that increasingly moving into the digital world means that a global internet outage could conceivably bring down electricity, water and the food supply chain itself. It begs the question: are essential services like electricity, food and water becoming too smart for their own good?

As we incorporate technology into more critical infrastructure, we’ll see the emergence of new technologies as high-value targets for cybercriminals.”