Wednesday, September 22, 2021

Iowa co-op shows how hackers can hit food and agriculture; ag economists say farm groups need to help farmers with it

"Russian hackers leveled a ransomware attack on an Iowa farming co-op and demanded $5.9 million to unlock the computer networks used to keep food-supply chains and feeding schedules on track for millions of chickens, hogs and cattle," Jacob Bogage and Laura Reiley report for The Washington Post. "Fort Dodge-based New Cooperative, a member-owned alliance of farmers that sells corn and soy products, contained the breach and developed a workaround to continue accepting grain shipments and distributing feed."

The hackers said they would publish proprietary data, including the source code for its soil-mapping tech and research and development documents, if the cryptocurrency ransom is not paid by Sept. 25, Bogage and Reiley report. The hackers identify themselves as BlackMatter, but cybersecurity experts say the group appears to be mostly the same people as DarkSide, the Russian group that disbanded after infiltrating the Colonial Pipeline in May, disrupting fuel service to much of the East Coast for nearly a week.

The hack lends weight to the Federal Bureau of Investigation's Sept. 3 warning that food and agriculture interests are increasingly attractive targets for hackers. "Huge amounts of money move with the transfer of agricultural commodities — many, many millions of dollars are transferred back and forth," Iowa State University agricultural economist Bobby J. Martens told the Post. "The bad guys are going to see those transfers. There’s a tremendous amount of money that exchanges hands."

The Department of Homeland Security has identified the food-and-agriculture sector as critical infrastructure that qualifies for additional protective resources, but hasn't given specific attention to cybersecurity, so food and processing companies have to beef up cybersecurity on their own dime, and could pass on the costs to consumers, Bogage and Reiley report.

The FBI warning recommends ways companies can protect their computer systems but has little advice for how farmers can protect themselves. University of Tennessee agricultural economists Harwood D. Schaffer and Daryll E. Ray urge farmers to "develop contingency plans in case they have to hold their grain or animals for a week or two while the purchasing company gets their systems back up and running." They also recommend that, "General farm organizations and commodity groups need to come together and develop a strategy to deal with the secondary impacts (farm level) of ransomware attacks on agricultural processors, suppliers, and equipment manufacturers. To do less is to leave farmers like sitting ducks on a crisp fall morning."

No comments: