The Federal Bureau of Investigation (FBI) reports that ransomware gangs have turned their attention to the food supply chain, and are causing food and agriculture issues. Specifically, ransomware attackers have contributed to profit losses and poor services. The FBI formally published a warning concerning the trends on Wednesday. Food and agriculture issues caused by ransomware include:
- Disruptions to farms
- Disruptions to markets
- Disruptions to restaurants
- Disruptions among producers
- Disruptions among processors
Food and agriculture issues: Smart technologies
Prior to the modern era, ransomware gangs lacked a means of disrupting food and agriculture production. Now, internet-based industrial control systems and internet-based automation systems make this possible. Farming and agricultural businesses rely on drones, GPS mapping, soil sensors and autonomous tractors, among other IoT devices.
Ransomware disruptions within this sector can lead to serious financial loss, productivity declines, and remediation fees, states the FBI. In addition, organizations may experience theft of intellectual property, theft of personally identifiable information, and may incur reputational harm.
A big bite out of the budget for one US farm
In January of this year, cyber criminals infiltrated a farm’s internal network via compromised administrative credentials. As a result, the business lost $9 million dollars. The total loss derives from the temporary shut down of operations. Other prior food and agriculture issues caused by ransomware include:
- A US bakery’s inability to access its server, files and applications after the Kaseya incident.
- In May, the now famous JBS Foods cyber security event occurred, which disrupted meat processing across North America and Australia for nearly an entire week.
- In April, in the Netherlands, cheese deliveries were held up for three days following a ransomware attack. Other food products also remained out of stock for some time.
- A November 2020 ransomware attack on a US-based international food enterprise occurred. The group ultimately avoided paying a ransom by restoring systems from backups.
Food and agriculture supply chain
The United States Department of Agriculture (USDA) offers grants to small and medium-sized meat processors, which can assist with security infrastructure development. The USDA also recently requested public comment regarding how agricultural enterprises can create more resilient and secure supply chains.
In contrast with other sectors that have developed intelligence-sharing networks, the food and agriculture sector chose to disband its group more than 10 years ago. However, industry-wide digital preparedness is gaining renewed attention.
Ransomware gangs continue to target critical sectors, of which the food and agriculture sector is one. In June, Politico reported that “virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the US economy.” In other words, food and ag are behind when it comes to cyber security.
At present, significant cyber security gaps plague food and agricultural businesses. In many cases, lack of cyber security awareness and prioritization of productivity and profits over security contribute to security strains. In other cases, agricultural businesses rely on outdated operating systems, or remain unconcerned about cyber security issues.
For more information about food and agriculture issues as they pertain to cyber security, see Cyber Talk’s past coverage here and here. Lastly, sign up for Cyber Talk’s newsletter here.