Protecting yourself against cyber security threats on the farm

High profile cyberattacks are increasingly making headlines in Canada as criminals target retailers, municipalities, health care providers and critical infrastructure. The agri-food sector is not immune from such attacks and its vulnerability is increasing the more it becomes digitized and increases its reliance on sensors, data collection and online connectivity. 

That’s because unlike most other sectors of the economy, agriculture, especially at the primary production level, is made up of many small, independent businesses where IT resources are limited, and cyber security has up until now not registered high on the priority list. 

It should be, though, noted Dr. Ali Dehghantanha in a presentation at Canadian Dairy XPO earlier this year organized by the University of Guelph’s Research Innovation Office. Dehghantanha is a Canada Research Chair and professor in cyber security at Guelph and frequently gets called in to help farms and businesses who have become targets of cyber crimes. 

“Hackers don’t discriminate, they look for low-hanging fruit and if you have an environment that can be remotely accessed, that means they can find you,” he explained. “If you are vulnerable and it takes them five minutes to hack you, they will. They will place ransomware and demand payment.” 

Ransomware – where hackers lock down a system by encrypting its data and only release it when a ransom has been paid – is a common form of cyber attack, as is a data breach, where criminals steal customer, business or financial information. 

He cited the case of a ransomware attack on a southern Ontario dairy farm that he’d been involved in. The farm became aware of the issue when critical on-farm systems stopped working and their local IT support found ransom notes on several devices on the farm’s network demanding payment. 

They’d been attacked previously and had simply paid the ransom, but this time, the criminals were asking for more money, so Dehghantanha was called in to help. His team was able to decrypt the ransomware and get the farm back online, but the farm declined further post-attack monitoring.