As Iowa farmers increasingly use internet-linked systems and equipment to increase the efficiency of their grain and livestock operations, it’s critical that they also fortify their protection against cyberattacks, computer security experts say.
For farmers, the danger of a cyberattack is very real, said Jeremy Hoffmann, chair of Des Moines Area Community College’s cybersecurity program.
He and Doug Jacobson, director of the Iowa State University Center for Cybersecurity Innovation and Outreach, say there are many ways cyber criminals have the potential to damage farms.
By using the internet to gain access to a farm’s computer network, hackers could encrypt essential data and then demand a ransom to release it, the experts said. The cyber criminals, they said, could also infect a farm’s computer network with malware, providing them access to financial data, passwords or bank accounts.
Worst of all, the hackers could lock down a farm’s computer networks until ransom is paid, making it difficult to perform time-sensitive activities, such as running GPS-guided equipment, feeding livestock, milking or marketing crops, the security experts said.
“Farms, like all businesses, need to incorporate cybersecurity into their overall risk management plans,” Hoffmann said. “It doesn’t matter how big or small your farm or business is, if you are on a network, you can be vulnerable.”
The recent high-profile ransomware attacks on agriculture-related business, including Fort Dodge-based NEW Co-op and meat processor JBS Foods, show that agriculture and food processing are potential targets for cyberattacks, Jacobson said.
As they increasingly integrate their systems with suppliers and add internet-connected equipment, farmers also increase the potential for a cyberattack, Jacobson said. Hackers know that farmers and the food industry can’t afford to be without their computers for long, and they use that pressure to their advantage, he said.
For most farms, it makes sense to work with a reputable cybersecurity firm to install security programs to help protect computer networks, Hoffmann said. “Having a previous relationship with one of these firms can give you a big advantage in preventing or recovering from a cyberattack,” he said.
There are many security firms operating in Iowa, including ProCircular, Pratum and Tenax Solutions, which have recently hired techs from DMACC and Iowa State to work with clients, Hoffmann said. Some of the security firms are nationwide, and others are more regionally focused, but they can work anywhere there is internet service, he said.
“One of the nice things about working with cybersecurity firms is that they don’t have to be in your township to be effective,” Hoffmann said. “They are able to do a lot of work remotely to protect your systems.”
In their attacks on individuals, hackers often try to gain access to systems through email. These email contacts, called phishing, are designed to get the receiver to respond by clicking on a link or taking other action, which opens the system to an intruder.
Both Jacobson and Hoffmann said phishing attempts are becoming more and more sophisticated as hackers gather additional information on targets. In cybersecurity lingo, these are called spearphishing.
“They may know you’re a farmer and they may pretend the email is from your co-op or another supplier, so they craft a believable story they hope you will buy,” Jacobson said. “They also want to create a crisis or some other event that causes you to quickly take action.”
Jacobson said it’s important for farmers to be aware of phishing techniques and that everyone in the operation with access to computer systems knows the danger of responding to a phishing email.
In many cases, older family members, who may not be as familiar with email and computers, may be more vulnerable to the hackers’ ploys, he said.
Step to cyber safety
Along with working with a cybersecurity firm, Jacobson and Hoffmann outlined several steps farmers can take to protect against a cyberattack:
• Use strong computer passwords, vary them from program to program and keep them secret. “Just like you shouldn’t write your PIN on your ATM card, your password shouldn’t be written a sticky note on the screen or in a document on your computer,” Jacobson said.
• Use multifactor authentication programs, which are designed to prove to the computer that the login is legitimate. The program typically sends a text to your smartphone or an email with a one-time code the user types in to access the program.
“Multifactor authentication is a good tool to help protect you against hackers,” Hoffmann said. “It can be a pain if you leave your phone in the car or something, but it does help.”
• Back up data using a cloud-based service or an external hard drive. These products are relatively inexpensive considering the value of computer data that would be devasting to lose, Jacobson said. “It’s like buying insurance for your farm or home. It’s something you need, but you hope you never have to use it,” he said.