The provision chain that produces our fresh-tasting Thanksgiving dinners is without doubt one of the most fragile and fragmented of any trade–and one of many hardest to safe.
Earlier this month, white-hat hacker Sam Curry disclosed on Twitter that he and a bunch of different white-hat hackers quietly spent 10 days in July discovering 100 distinctive vulnerabilities on farming machine large John Deere’s company networks and web sites, together with exploits that will allow attackers to take over buyer accounts or entry worker credential data. The corporate had since patched every little thing, Curry added, however the train speaks to a a lot bigger problem that’s choosing up steam within the meals and agriculture trade.
Inside the final 12 months, a number of meals retailers and processing vegetation throughout the U.S. have been focused by ransomware, prompting the FBI to alert the sector of the elevated threat and President Biden to just lately signal an govt order defending America’s meals safety. States, too, have taken motion to guard their meals and water from rising cyber threats, together with latest motion in California and Nebraska to develop response plans and educate farmers.
The system required to ship a vegetable or a processed good from a farm on one finish of the U.S. to a dinner desk on the opposite finish is an absolute spiderweb of logistics, involving quite a few suppliers, transporters, and retailers with their very own particular person methods and instruments to maintain themselves secure.
The additional help from state and federal companions is vital to mitigating the chance that the provision chain carries, however it have to be paired with extra training from the cybersecurity trade on how farmers and retailers can shield themselves from threats.
White-hat hackers like Curry are already doing this–however it’s not simply company networks which can be probably in danger. A hacker who goes by the moniker “Sick Codes” demonstrated an exploit on the DefCon safety convention in August of this 12 months that permits anyone with bodily entry to a number of fashions of John Deere and Co. tractors to jailbreak the equipment, overriding the digital locks that farmers placed on their machines.
Whereas the hacking show was partially finished to help farmers’ rights to restore their very own equipment, Sick Codes additionally shared a glimpse right into a terrifying hypothetical with real-world penalties. In a single presentation, Sick Codes confirmed how a single motivated attacker may take down widespread agricultural tools–and threaten international meals safety with just a few keyboard strokes.
The thought of focusing on one enterprise to trigger chaos in lots of others is, after all, the character of any provide chain assault (Keep in mind SolarWinds?). The distributed nature of the meals provide chain system–which additionally has to work internationally, convoluting the chain even additional–isn’t any completely different. Attackers solely have to focus on one section of the provision chain to throw your entire meals manufacturing or supply system off stability.
Few industries maintain thinner revenue margins than meals and agriculture, and infrequently doing their due diligence on whether or not a third-party accomplice has the correct safety controls goes by the wayside to be able to maintain meals transferring. Sadly, when the meals provide chain breaks in a particular area, the implications are felt by just about everybody by means of increased costs and scarcely stocked cabinets, paying homage to the early days of the COVID-19 pandemic.
Equally, few industries have such a big hole in technological prowess as meals and agriculture, the place some farms could be fully data-driven and others could be partially run on a Home windows 98 desktop laptop. This presents a singular drawback for the tools producers that promote to farmers and the retailers that depend on them: How do you retain methods patched and updated throughout the globe when there’s such a discrepancy in cyber literacy?
The brief reply is to maintain it easy. Farmers can construct resiliency into their networks by utilizing robust passwords, limiting the variety of community connections they’ve, and even simply sharing data on potential unusual conduct with the authorities. The meals and agriculture trade can even get a head begin on defending themselves in opposition to attackers by listening to what’s taking place in different, extra profitable industries like banking and expertise. For agricultural producers like John Deere and Caterpillar that concern their mental property may very well be stolen in a cyberattack, taking hints from how different worldwide corporations defend their IP may be useful, although John Deere’s present technique of safeguarding its IP is controversial. Each time potential, gamers within the provide chain ought to be stress-testing distributors to make sure that they’ve the essential cyber controls in place, in order that these interconnected networks don’t get taken down.
The meals and agriculture ISAC has additionally been round for greater than 20 years to assist companies determine and mitigate threats within the trade whereas selling correct cyber hygiene. If a meals processing plant, a retailer, or a farm can afford it, they need to allocate a correct price range to safety or outsource 24/7 monitoring to make sure no one’s infiltrating their surroundings. Implement a superb vulnerability administration program–even when that business-critical Home windows 98 desktop can’t be patched, the machines related to it ought to be. Staying on prime of vulnerabilities throughout any and all machines that may be patched will go a good distance towards staying secure.
With the worldwide meals disaster worsening day by day, it’s vital that farmers and their companions within the farm-to-table provide chain take meals safety critically. Cybersecurity is a vital ingredient to holding meals on households’ tables, and collectively, from the safety sector to the agricultural trade, we should work to defend the meals provide chain.
Mark Manglicmot is the SVP of Safety Companies at Arctic Wolf.
The opinions expressed in Fortune.com commentary items are solely the views of their authors and don’t essentially mirror the opinions and beliefs of Fortune.
Extra must-read commentary printed by Fortune:
Our new weekly Affect Report e-newsletter will study how ESG information and tendencies are shaping the roles and tasks of at present’s executives—and the way they will greatest navigate these challenges. Subscribe right here.