iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
Experts are warning that modern, "smart" farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk.
The latest generation of agricultural robots use artificial intelligence, minimising human involvement and can potentially help with bolstering a labour shortage or increase yield. However, malicious hackers may exploit "smart" farm machinery.
According to Chris Chavasse, the co-founder of Muddy Machines, which is trialling an autonomous asparagus-harvesting robot called Sprout, there is a real risk that people anywhere in the world could try and take control of these machines.
In a BBC Rural report, Chavasse explained that malicious actors could get the machines to do whatever those people want, or just prevent them from operating, which has led the team at Muddy Machines to work with security researchers to address any vulnerabilities.
Last year, one of the world's biggest meat processing company, JBS, paid $11 million in ransom to resolve a cyber attack. This month, top US agriculture firm AGCO was hit by a ransomware attack that affected production according to BBC.
In April, a group of official governmental cyber security authorities including ones from the UK, US and Australia warned that Russian state-sponsored hackers could target supply chains as a vital part of Western national infrastructure.
One self-styled ethical hacker, who goes by the name Sick Codes and asked to remain anonymous, told the BBC he had discovered weaknesses in John Deere's software, which he had reported. Sick Codes further explained that he had found a way to access company information and machine data through websites and apps.
According to the BBC report, Sick Codes also found vulnerabilities in systems used by CNH Industrial, which manufactures New Holland Agriculture machinery. Sick Codes fears "it's just a matter of time" before a sophisticated hacker finds critical vulnerabilities and causes major disruption to already vulnerable food supply chains.
"That's what we're trying to prevent – stalling something during the most important times, particularly seeding or harvesting."
"If you can't move your tractor during that time, or if you can't pick or take the crop out of the ground, you can imagine what happens."
"It just stops, the whole thing," Sick Codes said.
James Johnson, John Deere's global chief information security officer, told the BBC that the company had been liaising with a number of ethical hackers on vulnerabilities they have found.
Johnson noted that those found so far by Sick Codes did "not pose a threat to customers or their machines".
"No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain," Johnson said.
Hacking into one tractor, you can upset a farmer and maybe damage their profitability for a season, Benjamin Turner, chief operating officer at Agrimetrics further explained. The company is one of four UK government-backed agri-tech centres of agricultural innovation.
"Hacking into a fleet of tractors, suddenly, you've got the power to affect the yield in whole areas of the country," Turner told BBC.
Meanwhile out in the fields, even everyday farm machinery uses systems that are potentially vulnerable.
Speaking with BBC Rural, Richard Heady, a beef and arable farmer in Buckinghamshire whose tractor can be steered by a GPS positioning system, noted the that a single farm machine down could wreak havoc for operations.
"Everything is so interlinked now, just by bringing down one system it can stop deliveries coming to us or stop tractors moving at all.
"If we are in a busy harvesting window, we can't just have tractors sitting around."
"We have seen empty shelves because of COVID – we could see the same thing happen if we get a cyber attack," Heady concluded.
[Related: Bendigo and Adelaide Bank meet open-banking mandates with AWS cloud migration]
Be the first to hear the latest developments in the cyber industry.
