Smart farm machines are weakness in food supply chains

Driverless machinery like smart tractors can lower human involvement and raise yields - but they are prime targets for cybercriminals

Image:
Driverless machinery like smart tractors can lower human involvement and raise yields - but they are prime targets for cybercriminals

Hackers could exploit flaws in modern 'smart' farm machinery to prevent them from operating, say experts.

Artificial intelligence is on the verge of driving an agricultural revolution, helping to fight the challenge of sustainabily feeding the world's rising population.

The latest generations of agricultural robots employ AI, enabling them to perform a wide variety of tasks. The use of such 'smart' equipment lowers human involvement, helping to alleviate labour shortages as well as increasing yield.

However, the fear of security risks associated with smart equipment is also rising, adding to concerns over already-strained food supply chains.

A recent University of Cambridge report warned autonomous drones, crop sprayers and robotic harvesters could be hacked to cause disruption to commercial farms.

And in April, the FBI issued an alert advising farming and agriculture businesses to be prepared for an uptick in ransomware attacks at critical times, like spring planting and harvest.

Ransomware groups consider agriculture and farming as a profitable target where victims may be more inclined to pay a ransom for a decryption key because of the time-sensitive nature of the industry.

Last year, a massive cyberattack on meat giant JBS increased pressure on a food-supply chain that was already struggling with high transportation costs, labour shortages and production constraints.

JBS reportedly paid $11 million to hackers after the cyberattack forced the company to close several plants in the USA and Australia, impacting beef markets.

Similarly, the FBI detected six ransomware attacks on grain cooperatives during the autumn 2021 harvest; and earlier this month, a ransomware attack on US agribusiness AGCO disrupted production at the company.

Last year, a group of security researchers headed by a hacker known as Sick Codes performed a 'good faith' review of John Deere and Case New Holland (CNH) Industrial systems, identifying several vulnerabilities.

John Deere and Case New Holland are major American technology firms that make high-tech agricultural equipment.

The researchers explained that operating system flaws could allow an attacker to remotely download or upload data to agricultural equipment such as tractors.

Sick Codes told the BBC that he detected flaws in John Deere's software and used websites and apps to access company information and machine data.

He believes it is just a matter of time before a proficient hacker discovers critical flaws and disrupts vulnerable food supply chains.

"That's what we're trying to prevent - stalling something during the most important times, particularly seeding or harvesting. If you can't move your tractor during that time, or if you can't pick or take the crop out of the ground, you can imagine what happens. It just stops, the whole thing," he said.

James Johnson, John Deere's global chief information security officer, told the BBC the company was working with several ethical hackers to identify vulnerabilities.

The bugs found by Sick Codes do not constitute a threat to consumers or their equipment, he said.

"No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain."

"Everything is so interlinked now, just by bringing down one system it can stop deliveries coming to us or stop tractors moving at all," said Richard Heady, a beef and arable farmer in Buckinghamshire whose tractor can be steered by a GPS location system.

"If we are in a busy harvesting window we can't just have tractors sitting around.

"We have seen empty shelves because of Covid - we could see the same thing happen if we get a cyberattack."