Cyber security: Global food supply chain at risk from malicious hackers

source:  |  image:

Modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning.

It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops.

Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software.

A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked.

The UK government and the FBI have warned that the threat of cyber-attacks is growing.

John Deere said protecting customers, their machines and their data was a “top priority”.

Smart technology is increasingly being used to make farms more efficient and productive – for example, until now the labour-intensive harvesting of delicate food crops such as asparagus has been beyond the reach of machines.

The latest generation of agricultural robots use artificial intelligence, minimising human involvement. They may help to plug a labour shortage or increase yield, but fear of the inherent security risk is growing, adding to concern over food-supply chains already threatened by the war in Ukraine and Covid.

Chris Chavasse, the co-founder of Muddy Machines, which is trialling an autonomous asparagus-harvesting robot called Sprout, said: “There is a real risk that people anywhere in the world could try and take control of these machines,” he said. “to get them to do whatever those people want, or just prevent them from operating.”

He said potentially someone could drive Sprout into a hedge or a ditch, or prevent it from working at all, so they are working with security researchers to address any vulnerabilities.

Asparagus farming is unlikely to be a prime target, but Mr Chavasse believes malicious hackers could threaten “mission critical” agricultural infrastructure.

Even the largest companies aren’t safe from cyber gangs. Some use ransomware: malicious code that can encrypt data and lock systems.

Last year, one of the world’s biggest meat processing company, JBS, paid $11m in ransom to resolve a cyber attack. This month, top US agriculture firm, AGCO, was hit by a ransomware attack that affected production.

In April, a group of official governmental cyber security authorities including ones from the UK, US and Australia, warned that Russian state-sponsored hackers could target supply chains as a vital part of Western national infrastructure.

One self-styled ethical hacker, who goes by the name Sick Codes and asked to remain anonymous, told the BBC he had discovered weaknesses in John Deere’s software, which he had reported. He said he found a way to access company information and machine data through websites and apps.

Sick Codes said he had also found vulnerabilities in systems used by CNH Industrial, which manufactures New Holland Agriculture machinery.

He fears it’s just a matter of time before a sophisticated hacker finds critical vulnerabilities and causes major disruption to already vulnerable food supply chains.

“That’s what we’re trying to prevent – stalling something during the most important times, particularly seeding or harvesting. If you can’t move your tractor during that time, or if you can’t pick or take the crop out of the ground, you can imagine what happens. It just stops, the whole thing,” he said.

James Johnson, John Deere’s global chief information security officer, told the BBC that the company had been liaising with a number of ethical hackers on vulnerabilities they have found.

He said those found so far by Sick Codes did “not pose a threat to customers or their machines”.

He added, “No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain.”

A spokesperson for CNH Industrial said it took security very seriously, and added: “We continuously invest in improving our security posture.”

Benjamin Turner, chief operating officer at Agrimetrics, one of four UK government-backed agri-tech centres of agricultural innovation, sad: “Hacking into one tractor, you can upset a farmer and maybe damage their profitability for a season.

“Hacking into a fleet of tractors, suddenly, you’ve got the power to affect the yield in whole areas of the country.”

Meanwhile out in the fields, even everyday farm machinery uses systems that are potentially vulnerable.

Richard Heady, a beef and arable farmer in Buckinghamshire whose tractor can be steered by a GPS positioning system, said: “Everything is so interlinked now, just by bringing down one system it can stop deliveries coming to us or stop tractors moving at all. If we are in a busy harvesting window we can’t just have tractors sitting around.

“We have seen empty shelves because of Covid – we could see the same thing happen if we get a cyber attack.”