In May 2022, Agco announced it had become the victim of a ransomware cyberattack, which disrupted production at assembly plants. In May of this year, Germany-based implement manufacturer Lemken announced it too had been attacked by hackers.
Equipment manufacturers across the board are working to protect their digital systems against malicious intrusion. At the same time, those defences have to leave enough room that thousands of producers can access the platforms they need.
The degree of access those individual users should get is an ongoing conversation.
It’s “making sure that people who use John Deere systems have the right access, but not more access than they need,” said Heather Schladt, Deere’s engineering manager for identity and access management, in one of the brand’s digital information posts.
“It’s a delicate balance between security and usability. We’re focused on ease of use and efficiency of systems and processes through automation and intelligence.”
Another aspect of that balancing act lands squarely in the right to repair debate. Again, the question is, how much access is enough?
Brands have so far refused to grant owners the right to delve deeply into a machine’s central processing unit (CPU), insisting that’s off limits. Right to repair advocates, on the other hand, insist owners should be entitled to do anything they want with a machine they bought and paid for, and that includes making modifications.
Many producers have become frustrated with breakdowns that required only a simple fix, but they couldn’t access enough of the on-board computer to make any corrections or diagnose the problem. Some brands, such as John Deere, have promised to permit more access to some systems to help prevent those types of problems.
Industry is also eyeing the risk inherent when granting unfettered access to complex software that controls a modern machine. It’s a growing concern as machines evolve toward realistic autonomous operation.
“Farmers, producers are used to being able to do what they need to (to keep going),” said cybersecurity expert Brennan Schmidt, a principle of ALEUS Consulting Group. “If they need to use baler twine and duct tape, they will. But now, there’s a lot of technology that’s not in their domain. They want to get hands-on with the tech.
“As a complexity to that, if you’re doing the equivalent of duct tape and baler twine in software, now there’s something you accidentally did and changed and all of a sudden the machine isn’t working. We can now see how manufacturers are not so eager to support that.”
With unrestricted access to all the software in a machine’s CPU and anyone, regardless of knowledge level, able to modify it, could that cause general loss of confidence in the integrity of onboard digital systems? Would that affect the used equipment market in a significant way? Could hackers gain access to a brand’s online system?
Schmidt says he believes manufacturers will eventually have to accept that the pressure to permit more user access to machine digital systems isn’t going to go away. Being proactive may be the key to a solution.
“The next question becomes, how do we strike the right balance?” he said. “We pave the way to say to folks, ‘here’s what you can make modifications to; here’s how you do it and how to do it safely.’
“I think this is a great opportunity for industry to get plugged into manufacturers and start asking those questions, and flip the question from, ‘how do we prevent tinkering, potentially impacting a million dollar-plus machine?’ to ‘what can you as a manufacturer do so I (a producer) can do my business and start linking things up safely?’”
Schmidt believes the brand that eventually grants the best controlled access to digital machine systems may gain significant marketing advantage. That would accommodate the growing demand for more control over machine operations by a new generation of producers who are becoming increasingly tech savvy.