What is Your Backup Plan?
The planting season is one of the most important times of the year for crop farmers. Having a well-thought-out backup plan is always a good idea, especially when the days and hours are critical to getting the crop established in a timely fashion. Given the amount of data that is generated in this process (variety tracking, planting population, variable seeding rates along with starter fertilizer and in-furrow rates, not to mention guidance patterns), having a secure system in place to collect and store the data is increasingly essential for future operations.
Much of the initial planning for planting operations occurs in the winter months. Data from the fall harvest is collected, analyzed, and management decisions are made. Plans are created for the coming year, and prescriptions are loaded into the monitors so when the weather and ground conditions are fit, the planting can happen. Time is of the essence. Having all the technology work as it should is the goal, especially when some of the physical factors in the planting operation are not as controllable.
Besides weather and ground conditions not in a farmer's control, cyber-attacks are also outside of a farmer’s control. Cybersecurity, however, is a controllable management function. Given the geopolitical climate we find ourselves in with the Russia-Ukraine situation and the food/agricultural implications it has brought to light on the world stage, the agriculture industry is now garnering attention as a critical infrastructure that many in the industry have known all along.
There are multiple ways that data is transferred between a farm equipment monitor and the farm computer or crop advisor and consultant. Much data transfer is now done via the internet or a wireless connection. Some data transfer is still done with a USB thumb drive. Regardless of the method, there are a number of points along the way in which a computer virus can be introduced. Therefore, making sure that data is saved and backed up in multiple locations is critical.
Agricultural is designated as one of the country’s sixteen critical infrastructure industries. While it has been designated as such by Homeland Security, it typically has not received cybersecurity attention from the government.
A letter from Iowa Republican Senators Chuck Grassley and Joni Ernst to the Department of Homeland Security addressed concerns over the rise in ransomware attacks, particularly damaging to the agricultural industry. According to the Cybersecurity and Infrastructure Security Agency (CISA), a cybersecurity advisory was issued regarding BlackMatter. Instead of encrypting backup systems, BlackMatter users wipe or reformat backup data stores and appliances. BlackMatter is a ransomware-as-a-service (Raas) tool, which means the developers are able to profit from cybercriminals who use it. In June, the world’s largest meat processing company, JBS, was attacked by REvil, shutting down nine meatpacking plants in the United States. And in recent weeks, two Iowa grain operations were targeted.
The Federal Bureau of Investigation (FBI) said ransomware attacks against six-grain cooperatives during the fall 2021 harvest and two attacks in early 2022 could impact the planting season by disrupting the supply of seeds and fertilizer. “Cyber actors may perceive cooperatives as lucrative targets willing to pay due to the time-sensitive role they play in agricultural production,” the FBI stated. A variety of ransomware variants were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte, and some targeted entities had to halt production while others lost administrative functions completely.
In February 2022, a company providing feed milling and other agricultural services reported two instances when a hacker gained access to some of its systems and attempted to initiate a ransomware attack. Those attempts were detected and stopped before encryption occurred, the FBI said. In March, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, that company provides seed, fertilizer, and logistics services.
The advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks, says Eric Goldstein, executive assistant director for cybersecurity, CISA. “Farmers can help us in this long-term endeavor by visiting Stopransomware.gov to learn how to reduce their risk of becoming a victim of ransomware.”
Being aware of the cyber threat is the first step. The next step is talking to your input providers and crop consultants, or anyone you share data with. The third step is to have a data backup plan and follow it.
To mitigate threats and protect against ransomware attacks, the FBI recommends the following:
Regularly back up data, air gap, and password-protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary.
Implement network segmentation.
Install updates/patch operating systems, software, and firmware as soon as they are released.
Use multi-factor authentication where possible.
Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong passphrases where possible.
Disable unused remote access/RDP ports and monitor remote access/RDP logs.
Require administrator credentials to install the software.
Audit user accounts with administrative or elevated privileges and configures access controls with the least privilege in mind.
Install and regularly update anti-virus and anti-malware software on all hosts.
Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).
Consider adding an email banner to messages coming from outside your organization.
Disable hyperlinks in received emails.
Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams)
Additional resources related to the prevention and mitigation of ransomware can be found at www.stopransomware.gov.