The United States arrests two foreign nationals months after largest cyberattack on American infrastructure.…

The U.S. Department of Justice announced this week it arrested two men, one a 22-year-old Ukrainian national, the other a 28-year-old Russian national, for their role in the cyberattacks in June that disrupted businesses and government entities in the United States. The DOJ says it also seized more than $6 million in ransom traced back to the hackers.

The arrests come on the heels of two new cyberattacks on agriculture. In September, the cyberhackers hit farm cooperatives in the Midwest, Iowa-based NEW Cooperative and Crystal Valley in Minnesota. Both entities were attacked by what experts believe is the same group that launched the ransomware attack against JBS SA, the nation’s largest meat processor, in June. This comes less than six months after President Biden said he told Russian President Vladimir Putin 16 categories of business, industry, and critical infrastructure in the United States are  “off-limits” to Russian hackers.

Food & Ag in the Crosshairs

At the summit with Putin, President Biden did not reveal what the 16 categories were, but experts believe they are likely the same ones designated as “critical” by the Department of Homeland Security, as shown below.

That’s why alarm bells went off when, after Biden’s warning, the hacker group, known as “BlackMatter”, hit NEW Cooperative for $5.9 million and Crystal Valley for an undisclosed amount? American news outlets report the Russian group posted that they didn’t think NEW Cooperative had enough volume to be a critical company.

New Cooperative disagreed about their volume, telling Modern Farmer the company “provides software to 40 percent of American grain production, as well as feed scheduling for millions of livestock animals.”

The arrests could signal to cyberhackers that future attacks won’t be tolerated.A hit on any part of the food and agricultural sector can not only harm our ability to feed ourselves but to our economy as a whole. The American food and agricultural system accounts for approximately 20% of our nation’s economy. The Cybersecurity and Infrastructure Agency (CISA) reports food and ag consist of over 2 million farms, almost 1 million restaurants, and more than 200,000 “registered food manufacturing, processing, and storage facilities.”

Many people first heard of cyberattacks, ransomware, and anonymous Russian hackers hitting America’s critical infrastructure when the hackers’ work generated major headlines this past June. But this type of technology terrorism has been around for a while. The Center for Strategic and International Studies (CSIS) has been keeping a detailed timeline of cyberattacks. CSIS says crimes of this nature have been happening since 2006. They only track cyber hacks that hit world governments, defense, high-tech companies, or other economic crimes that cause loss of more than 1 million dollars. That certainly includes the recent attacks on the co-ops as well as the attack this June on JBS SA, the world’s largest seller of meat.

Targeting the Big Players

The Wall Street Journal reports JBS SA paid the hackers $11 million dollars in bitcoin to stop the attack and prevent further damage not only to their company, but to their clients as well. “It was very painful to pay the criminals, but we did the right thing for our customers,” JBS CEO Andre Nogueira told the Journal. In a statement the company released to the press, Nogueira added, “we felt this decision had to be made to prevent any potential risk for our customers.”

Security experts estimate that JBS SA was one of 800-1,500 businesses to be hit by cyberattacks this summer. The hackers also targeted the Keystone pipeline and other government infrastructures. CNBC reports in 2020 that these attacks cost companies $350 million in cryptocurrency, a more than 300% jump from the year prior.

Breakdown of a Cyberattack

Here’s how the cyberattacks work: hackers, mostly from Russia, break into a company’s technological infrastructure using sophisticated software and take their data hostage. The hackers then threaten to cause disruptions, release private information, or delete it unless a ransom is paid (hence the name “ransomware”). These attacks are different from physical attacks on infrastructure in that it is the threat of damage, not the damage itself, that gets companies and governments to react.

Few Americans had ever heard of JBS SA, NEW Cooperative, or Crystal Valley before this year or likely understood how high-tech and sophisticated farming has become. In America, there can be a nostalgic view of farming. Farming has come a long way from the horse and plow. Farmers have tractors working off of GPS, sophisticated technology that enables them to manage their crop inputs, and access to markets to assess the futures market at harvest time. That means our ability to keep grocery store shelves filled with affordable food could be more impacted by technological disruptions than extreme weather events.

Bringing in the Experts

Cybersecurity experts, such as Susan Duncan (right), predict this is just the beginning of ransomware attacks on our nation’s critical infrastructure, with food and agriculture being a high-value target for hackers.

Susan Duncan is the Associate Director for the Virginia Agricultural Experiment Station and Director of the Center for Advanced Innovation in Agriculture at Virginia Tech. Her work is focused on technology and innovations developed and used in agriculture, food, and nutrition.

D2D interviewed Duncan to understand how the food supply chain is recovering from this summer’s ransomware attacks, how vulnerable agricultural technology is, and what’s being done to limit disruptions from hackers.

D2D: Did the ransomware attack carried out in June against JBS surprise you?

Susan: I wouldn’t say [the ransomware attacks] surprised me in the sense that all of us are vulnerable. Also, it wasn’t the first one that happened. Over the past several years, other agriculture and food companies have had ransomware attacks. They just didn’t receive as much publicity, and the general public was less aware of them.

D2D: Now that the average consumer is more aware of the threat, how should we understand the role technology plays in the food we find in the grocery store?

Susan: You are asking about the connection of technology with our food supply, grocery stores, and the restaurants where we typically find our food. Of course, we all recognize that apples come from orchards, bread from wheat, and the meat cuts in the refrigerated unit at the supermarket came from an animal, but what you might not recognize is that we have the technology behind all of that. Those products likely had some form of technology used on the farm, such as drones, robots, sensors, computers on tractors, computer-controlled irrigation systems, and guided technology for managing animal feeding.

These technologies on the farm level generate data, which can be analyzed and translated into information to alert farmers or help them make decisions about how to manage their farm, protect the environment, and protect their crops and animals from extreme weather events like frost or drought. [It can also tell farmers] when to harvest and sell their crops or animals, so the quality and productivity is the highest. They are using technology to watch for weeds and pests growing in their field crops.

D2D: How vulnerable are these technologies? How secure are the systems?

Susan: Great question. We think incorporating agricultural technologies is safe and needed, but some changes are happening that introduce risks that we haven’t previously thought about or focused on. The connectivity of technology, the increased opportunistic and malicious players that seek access to data and computer-controlled equipment, the lack of awareness for protecting the equipment, computers, and software [all] increase vulnerabilities.

The agriculture and food system is huge, complex, and very diverse. As we saw, major companies, like the meat producer and processor JBS, have vulnerabilities. If you operate a small farm with one computer used to manage your business, store your drone data, analyze your crop data, you may not have sufficient financial resources, personal capacity, and experience to secure your computer. But at the same time, you most likely will not be a target. Cyber thieves are looking for targets with a lot of assets. Farmers should continue to use data and technology – the benefits still far outweigh the risks.

D2D: What questions should the farmer be asking upfront when they purchase technology then?

Susan: If [a farmer] purchased an inexpensive drone, what do you know about the security of the data? If there is backdoor access for control where the data from the drone may be used by a company in other way? How could a cyberattack affect your capacity to manage your business operation? Can you trust the drone data? Is the data corrupted or modified, and how might that influence your decisions for the appropriate management of your crops or animals?

These are all hypothetical questions. We don’t see this happening in the marketplace right now. However, I ask these questions so farmers know to read the fine print on all their technology and make sure they know how their data is being used. Overall, we want farmers to continue to use technology and we believe the benefits outweigh the risk by a significant amount.

Farmers using their technology resources and how to use them is just a smart protection measure. I compare it to wearing a seatbelt while driving. Overall, our risk of a car accident is very low, but we still wear a seatbelt. Well, that’s what we advise farmers to do. Read the fine print, understand how your data is collected, used, and secured. It’s precautionary and wise.

As agriculture is increasingly influenced by computers and becomes more reliant on digital data, we want to address the gaps in awareness and skills that are created. These are the most significant sources of vulnerability.

D2D: There is a need then for more education and awareness for farmers?

Susan: Awareness is important. Knowing the technology vendor and what the small print of the contract says is essential. The data you generate from the tractor, drone, sensor, or other technology may actually be owned by the company, and you don’t own your own farm data. Older systems probably need software upgrades to improve security. You know we all went through that experience with our computers. Haven’t we all experienced the situation when our old computer or smartphone couldn’t use the new software or apps? Old software, with its outdated security and coding systems, may not work on our new computer. It’s best to check on the security and get updated software and security systems on computers.

D2D: What else do farmers and processors need to think about as they deliver their products to market?

Susan: We have to think about how the organization or farm transfers information and knowledge to other entities within the food supply chain. There’s that gap between what you did in your company or what your farm might need versus what the upstream or downstream companies might be introducing.

Are you prepared to accept the risks imposed by the company that you work with if they are not attentive to the security of their technologies and computers? The security of our technology is really dependent on the age of the system. It’s also dependent on the amount of expertise within the company, how much they focus on security, and whether or not they’re willing then to take steps so that they have at least that fundamental baseline security process in place. Because most of the agricultural network comprises small and medium-sized farms and companies, they don’t necessarily have all those resources.

D2D: As farmers become more aware and ask the right questions about their technology, what is being done in the agricultural industry to prevent and protect from cyberattacks?

Susan: Several years ago, a colleague who had worked for years in national security talked with us about cyber biosecurity, which is a developing domain at the intersection of cybersecurity, biosecurity, and cyber-physical systems with applications in the life sciences such as agriculture. That introductory conversation has led to a pretty intensive and expansive engagement for us and at a significant time for our country. This is relevant to securing our production agriculture, biotechnology, and food supply chain and making certain that U.S. consumers and people worldwide do not suffer from a lack of food due to malicious cyber-attacks. Academia, the private sector, and government agencies at the state and federal levels are all working together to ensure our farmers and food can remain safe. It is a continuing effort and not one that has a specific beginning and endpoint. There is also not one solution but a myriad of options from better data management to security to preventing the attacks altogether.

D2D: How safe then is our food supply system?

Susan: Our agricultural food system is extremely safe. It’s not just safer from food borne illnesses, but we are building the technology and public/private infrastructure to address these cyberattacks. Sure, these attacks are scary. But the agricultural community has been through worse, and we’ve always come up with solutions. While bad actors will always be in the world, American farmers are responsive and adaptive, and we are tackling this problem head-on. Farmers and consumers should know there is large community of private and government entities working together to address the vulnerabilities in our food system.