Last April, irrigation systems were disrupted in Israel in a cyberattack that once again demonstrates the threats faced by industrial control systems. As reported in numerous industry and mainstream media outlets, hackers targeted water controllers for irrigation systems at farms in the Jordan Valley, as well as wastewater treatment control systems belonging to the Galil Sewage Corporation. Farms were warned by Israel’s National Cyber Directorate prior to the incident, being instructed to disable remote connections to these systems due to the high risk of cyberattacks. Roughly a dozen farms in the Jordan Valley and other areas failed to do so and had their water controllers hacked. This led to automated irrigation systems being temporarily disabled, forcing farmers to turn to manual irrigation.
The attackers targeted programmable logic controllers. Information about these controllers, like many controllers by other manufacturers, including default passwords and configuration options, is available online, and the devices run various software components that can also be targeted by hackers. The impacted farms likely left their ICS exposed to the internet and may have also used weak or default passwords, allowing hackers to easily gain access and cause disruption.
These attacks illustrate how easy it can be to hack industrial systems due to many organizations failing to implement even the most basic security measures, such as changing default passwords and leaving unprotected systems exposed to the internet.
Today, farmers and agriculturalists can harness the power of technology to optimize water usage, conserve resources and increase productivity.
The future of farming is advanced technology and already there are many examples of technologies controlled by smart devices and computer systems. However, as farms and farm equipment become connected, farmers must consider and plan for the operational risks of interference with networks and Internet of Things devices providing data. With the increasing reliance on technology in agriculture, the risk of cyberattacks on these systems has also risen, which can have serious implications for the agricultural industry.
Because food and agriculture are critical sectors of our economy and livelihood, if they’re compromised the ramifications could be immense. This was the impetus for Pacific Northwest National Laboratory creating the Food and Agriculture Risk Modeling project, which includes a team of data scientists, cybersecurity experts and researchers with agriculture and food backgrounds.
According to Mary Lancaster, who leads the FARM project, cyberattacks not only affect the environment and livestock but can cause harm to humans too. “This is a huge problem space that no one else is addressing, but we’re making progress.”
As a result of introducing IoT and connected infrastructure to farms, the agriculture sector will develop new ways to manage and improve operations. However, incorporating IoT systems to the sector amplifies various cyber risks, as Israel experienced with the irrigation attack. Cyberattacks on smart farming infrastructure, like irrigation systems, enable an attacker to remotely control and exploit on-field sensors and autonomous equipment. Potential agricultural attacks can create an unsafe and unproductive farming environment. For example, exploits that have the ability to destroy an entire field of crops, flood the farmlands and overspray pesticides can cause unsafe consumption as well as economic deterioration. Threats to smart irrigation and sensors can range from physical compromise to falsifying data.
Because various technologies are integrated into one agricultural process, the cybersecurity tasks are increased. For example, an irrigation system has smart sensors/actuators, communication protocols, software, traditional networking devices and human interaction. These complex systems are often outsourced from diverse vendors produced for many kinds of environments and applications, which increases the attack surface, and cybercriminals can exploit vulnerabilities to compromise one or other parts of the agricultural application. Consider that hardware vendors for a highly specialized agricultural machine still utilize outside solutions for subcomponents like network interfaces and open-source software implementations of communication protocols. Such components are commonly utilized by many hardware vendors for both agricultural and non-agricultural applications, making them a potentially profitable target for cybercriminals. A vulnerability in such components can quickly turn a small agricultural operation into an unintentional tertiary target for attackers.
Although replacing legacy systems and networks can be costly, it is essential to work with vendors and cybersecurity experts to implement updates and overhauls of outdated systems. Seek the help of internal or external advisors to prioritize risk and develop a realistic approach and plan for enhancing cybersecurity. At a minimum, comply with basic standards including restricted physical and technical access, firewalls, logging and encryption.
Additionally, many control systems are simply overexposed to the internet by remote desktop applications (e.g., RDP and TeamViewer). In an attempt to provide process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk.
Advanced remote alarm notification software provides a more secure alternative to remote desktop, allowing remote operators access to only the information they need from the control system and not access to the operating system host. Such notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. This is done by deploying notification solutions alongside the supervisory control and data acquisition system at the network’s control level and using notification modalities that are not internet-facing or distributing internet-facing notification processes to higher levels. For example, internal email servers, SMS modems and voice via PBX devices allow communication with the outside world without internet exposure. Likewise, distributing the processes that interface with SCADA/control systems from those that interface with external email servers, VoIP solutions and cloud apps allows for internet-based notifications without compromising security.
Of course, there are valid use cases for desktop sharing software that do not violate principle of least privilege and go well beyond operator access to process information. For such systems it’s critical that the remote desktop solutions be implemented with sound security. Farming operations should not use unattended access features, and information technology leaders should configure the software such that the application and associated background services are stopped when not in use.
There are several steps that should be taken to improve cybersecurity:
While smart irrigation has revolutionized the way agriculture operates, it can make systems more vulnerable to cyberattacks. However, implementing technology protocols, turning to real-time data collection and reports, and remote alarm notification software can help avoid cyberattacks and optimize operations.
8280 Willow Oaks Corporate Drive | Suite 630 | Fairfax, VA 22031
Tel: 703.536.7080 | Fax: 703.536.7019
HOME | ABOUT US | ADVERTISE | SUBSCRIBE | CONTACT | PRIVACY POLICY | IA ANTITRUST STATEMENT
