In June, global meatpacking giant JBS USA said it paid $11 million to hackers to stop a ransomware attack that occurred the month prior. That raised some alarms, of course — the last thing the meat industry needs is more disruption, as every livestock producers knows.
But JBS being the target of that kind of attack is not really all that surprising, on the surface. It's a huge company. And huge companies tend to be easy targets. Everyone knows they exist, where they operate, why they operate. Their importance to the food chain, and thus the stability of the U.S., and in the JBS case, Australia, is pretty obvious. They were not the first nor last big company to be targeted by hackers.
It also was not all that surprising because experts had been raising concerns about the vulnerabilities of the ag and food industries for several years. That includes a 2019 report from the University of Minnesota that laid bare the possibilities of attacks on the industries.
“The food industry has some characteristics that make it uniquely vulnerable to cyberattacks on its processing and manufacturing systems,” said Stephen Streng, lead author on the report, when it came out. “Luckily, there's still time for companies to protect themselves.”
It appears there may not be more time. Recently, a relatively small Iowa cooperative was hacked. If the alarms over cybersecurity in agriculture weren't going off before, they certainly should be now.
According to the Washington Post, "Russian hackers leveled a ransomware attack on an Iowa farming co-op and demanded $5.9 million to unlock the computer networks used to keep food supply chains and feeding schedules on track for millions of chickens, hogs and cattle."
The cooperative, New Cooperative, is a member-owned association of Iowa corn and soybean farmers. If you're an Iowa reader, maybe you're a member. If you're somewhere else in the region, there's a good chance you're a member of a cooperative that looks an awful lot like New Cooperative.
According to numerous news reports, the co-op found work-arounds to keep operating, doing what they do for farmers. But the hackers hadn't just shut down parts of the cooperative's computer system; they were threatening to make public the private information of the business and its customers.
The Post reported that the FBI in early September warned that agriculture producers were being targeted by cybercriminals. Now we know how real that warning was.
What needs to be done?
Agriculture — down to the smallest businesses and farms — needs to think about its vulnerabilities. What information is protected by a flimsy password or a faulty old program? Is customer information protected? Is proprietary information protected?
Now, more than ever, agriculture relies on technology. Precision agriculture has made many parts of the industry more efficient, but it also provides an in-road into our food supply chain to people who want to see it fall apart.
The computers and information systems that power our businesses and our farms are necessary. We can't just go back to the old days, yank out all the computers, write things on paper.
Before long, it'll be winter and meetings season will be upon us. I'm expecting and hoping, that ag groups will take these threats seriously and get some cybersecurity experts on their agendas this winter. We've got such experts right here in this region, with the University of Minnesota's Food Protection and Defense Institute, and I'm sure there are many others.
Let's not wait for the next attack. Act now to protect our food chain.
Jenny Schlecht is Agweek's editor. She lives on a farm and ranch in Medina, North Dakota, with her husband and two daughters. She can be reached at firstname.lastname@example.org or 701-595-0425.