Tractors vs. threat actors: How to hack a farm | WeLiveSecurity

Forget
pests
for
a
minute.
Modern
farms
also
face
another

and
more
insidious

breed
of
threat.

While
I
was
in
the
UK
police
force
and

Tractors vs. threat actors: How to hack a farm | WeLiveSecurity

Forget
pests
for
a
minute.
Modern
farms
also
face
another

and
more
insidious

breed
of
threat.

While
I
was
in
the
UK
police
force
and

part
of
the
National
Cyber
Crime
Unit

in
2018,
I
was
asked
to
give
a
talk
on
cybersecurity
at
a
National
Farmers’
Union
(NFU)
meeting
in
southern
England.
Right
after
I
started
my
talk,
one
farmer
immediately
raised
his
hand
and
told
me
that
his
cows
had
recently
“been
hacked”.
Baffled
and
amused,
I
was
instantly
hooked
and
wanted
to
know
more
about
his
story.

He
went
on
to
tell
me
that
his
farm
was
relatively
high
tech
and
that
his
cows
were
hooked
up
to
an
online
milking
machine.
Once,
when
he
had

clicked
on
a
malicious
email
attachment
,
his
computer
network
went
down
and
he
realized
that
without
the
network
he
had
no
way
of
knowing
which
cow
had
been
milked
or
which
cow
needed
milking
next,
causing
major
panic
and
stress

and
quite
possibly
not
just
for
him.

Making
things
worse,
it
wasn’t
just
his
cows
that
had
been
attacked,
according
to
the
farmer.
All
the
farm’s
online
accounts
had
also
been
compromised
and,
therefore,
his
tractors
had
been
taken
offline,
leaving
him
with
no
information
on
which
of
his
fields
had
been
cropped
or
still
needed
cropping,
as
the
tractor
usually
plans
out
the
routes
via
his
online
accounts.



Tractor
being
used
in
a
Dorset
field

Caught
in
the
crosshairs

Indeed,
farming
is
nowhere
near
like
it
used
to
be.
The
increased
use
of
email,
online
monitoring
tools,
remote
controls,
and
payment
systems

as
well
as
automated
smart
farming
equipment
such
as
internet-connected
tractors

means
that
the
digital
threat
level
is
rapidly
increasing
for
farmers
and
rural
communities.

Few
of
us
give
this
much
thought,
but
some
farms
are
very
high
tech
and
I
personally
am
immensely
impressed
by
the
technology
used
in
agriculture.
However,
this
equally
attracts
threats
far
worse
than
slugs
and
crows.
Put
simply,
farmers
all
over
world
are
now
experiencing
the
same
cyberthreat
level
as
other
industries.

A

University
of
Cambridge
report

recently
said
that
smart
farming
technology
such
as
automatic
crop
sprayers
and
robotic
harvesters
could
be
hacked
and
the
probability
with
which
this
could
happen
is
increasing.
The
UK’s
National
Cyber
Security
Centre
(NCSC)
works
with
the
NFU
to
support
the
agriculture
and
farming
sector,
but
there
is
still
so
much
more
for
farmers
to
take
on
and
learn.

Speaking
with
local
farmers
in
my
home
rural
county
of
Dorset,
UK,
I
have
realized
they
really
are
in
need
of
more
awareness
of
how
best
to
protect
themselves
and
their
businesses.
I
recently
met
with
one
farmer,
let’s
call
him
Tom,
in
the
middle
of
the
Dorset
countryside
at
the
end
of
a
busy
harvest
season.
He
showed
me
the
tools
and
equipment
used,
which
were
all
data-hungry,
heavily
tech-focused,
and
all
internet-connected.

Tom’s
tractors
can
be
mapped,
monitored,
and
controlled

as
well
as
switched
off

remotely.
They
all
have
4G
connectivity
and
they
will
not
work
without
the
latest
updates
being
applied
(excellent
move
by
John
Deere).
It
immediately
struck
me
that
if
his
systems
were
hit
with
ransomware
or
a
DDoS
attack,
the
effects
would
be
financially
crippling,
especially
if
it
were
to
happen
at
harvesting
time.



Map
showing
where
the
tractors
are
located

Cash
cows
for
cybercriminals?

I
looked
around
Tom’s
office
network
and
found
a
few
critical
flaws
that
didn’t
take
long
to
fix

think
no
local
security
software,
every
online
account
using
the
same
passwords,
no
local
backups,
etc.
But
it
soon
became
apparent
that
there
is
clearly
very
little
cybersecurity
training
offered
when
you
set
up
online
farming
accounts
or
smart
farming
equipment,
nor
is
such
training
on
the
radar
of
these
farmers.
Their
job
it
is
to
supply
the
world
with
produce,
rather
than
prioritize
keeping
cyberattacks
at
bay.

Tom’s
collection
is
made
up
of
three
tractors
covering
his
8,000
acres
of
land,
each
of
which
has
an
online
account
attached
that
he
enters
and
controls
via
a
username
and
password.
This
access
grants
him
the
ability
to
see
where
the
tractors
are
located,
check
updates,
and
perform
other
admin
abilities.

He
is
using
Windows
10
for
the
two
local
machines
and
a
VPN
to
work
remotely
via
another
office
a
few
miles
away,
but
the
majority
of
the
data
gathered
from
his
various
devices
is
stored
in
online
accounts.
Farming
is
now
more
digital
than
ever
and
probably
produces
more
megabytes
than
kilograms.
Tom
noted
that
there
is
every
detail
imaginable
that
can
be
analyzed,
from
which
fields
have
been
fertilized
to
which
fields
have
the
most
weeds
per
50
cm2
area
in
order
to
know
how
much
pesticide
and
where
to
spray
it,
to
reduce
consumption
compared
to
a
blanket
spray.



This
map
shows
where
the
most
fuel
is
used
in
the
field

Tom
is
constantly
checking
his
email
and
it
became
obvious
to
him
that
the
threat
was
quite
visible
and
that
cybercriminals
attack
using
email
as
their
first
port
of
call
in
most
circumstances.
With
no
security
software
in
place,
this
became
an
instant
worry.

He
also
told
me
that
some
local
dairy
farmers
connect
their
cows
to
their
network,
meaning
they
can
monitor
the
flow
of
milk
produced
per
cow

but
this
also
comes
with
the
risk
of
being
held
to
ransom
should
these
networks
become
compromised.
I
had
never
thought
that
a
cow
could
be
‘held
to
ransom’,
but
this
is
the
Wild
West
of
the
internet
where
anything
unseemly
goes.



Example
of
yield
data
that
is
invaluable
to
a
farm

Digital
security
for
farmers

The
farming
industry
is
vital
to
the
world’s
food
industry
and
therefore
requires
the
utmost
protection
from
cyberattacks.
It
is
seemingly
potentially
very
easy
to
hack
a
farm,
and
consequently
more
awareness
is
vital
in
the
industry.
From
basics
such
as
implementing
password
managers
and
using
multi-factor
authentication,
to
using
cutting-edge
security
technology
to
withstand
an
attack
on
big
farming
service
companies
such
as
John
Deere,
it
is
clear
that
more
needs
to
be
done
to
support
farms
around
the
world.

There
is
a
distinct
possibility
of
being
able
to
compromise
these
online
accounts
and
it
comes
with
the
risk
of
being
able
to
remotely
access
large
machines,
control
them,
hold
them
to
ransom,
and
hold
the
usual
(high
quantity
of)
farm
data
to
ransom
too.
Each
year
more
smart
and
machine
learning
technology
is
developed,
offering
more
protection
to
those
who
need
a
balance
of
convenience
and
security,
but
it
is
taking
time
to
funnel
down
to
all
industries
and
those
who
need
it.
In
the
meantime,
awareness
and
education
on
the
quick
wins
is
key
to
warding
off
the
inevitable
attacks.

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.