#WorldFoodDay: Cyber threats to digital and smart farming pose potential risks to food security in the Middle East

When it comes to the digitization of agriculture, countries across the META (Middle East, Turkey, Africa) region are at varying stages of technology adoption and transformation. But even though smart technology is increasingly used to make agriculture more efficient, there are risks when it comes to minimising human involvement and ignoring the potential of cyberattacks. 

Just last year, an Australian researcher presenting at the DEF CON 29 conference demonstrated how to gain control over modern farming equipment that features everything from GPS systems and automated navigation to software that manages spraying fertiliser. The vulnerabilities represent fundamental insecurities in the devices that could be exploited by malicious actors or potentially chained with other vulnerabilities.

Industrial control systems (ICS) are actively used in food and agriculture industry. In the first half of 2022 in the Middle East, computers in the industrial control systems (ICS) environment were attacked using multiple means. Malicious objects were blocked on every third (36%) ICS computer in the region that was protected by Kaspersky solutions, according to the ICS threat landscape report by Kaspersky ICS CERT.

“What does a typical attack on a field look like? Let’s suppose we can change a couple of variables in the software for spraying fertiliser on the soil and increase the dose multiple times over. We could easily make the field unfit for agriculture for years, or even decades, to come,” says Vladimir Dashchenko, Kaspersky ICS CER Expert at Kaspersky. “Smart farm machinery is vulnerable to hackers, leaving supply chains across the region and the rest of the world exposed to significant risk. It is feared hackers could exploit flaws in agricultural software or hardware used to plant and harvest crops. It should also be noted that “smart” technologies used in the agricultural sector can be attacked not only by hackers, but also by unethical competitors. Since derailing smart technology operation in the agricultural sector does not require much skill, this can be used by competitors to lower the quality or even destroy the agricultural product.” 

Despite the risk, digital innovation is essential to improve farming efficiencies at a time when many countries are not only battling difficult climatic conditions, but also global economic uncertainty. Ensuring the farming environment and agricultural supply chain is managed optimally at all times becomes a business imperative if the world’s food supply is not to be disrupted. For instance, farmers can use drones to decrease the cost of monitoring crop growth, improve data capture, and identify areas  presenting potential challenges such as low yield areas, and more effectively monitor pests or disease outbreaks in crop and livestock.

“One of the main reasons so little attention is paid to the fragility of the agriculture industry and the food supply chain is because it ordinarily runs smoothly. However, events during and following the global pandemic of the last three years have highlighted the resultant impact if supply chains get disrupted. With prevailing challenges like food shortages and hunger, not to mention the impacts of extreme weather events experienced in different regions, the regional agriculture sector can not afford to risk compromise when it comes to the equipment and software being used to maintain operations,” adds Dashchenko.

Agriculture cybersecurity should encompass the technologies, processes, and staff security awareness trainings that protect infrastructure and devices from cyberthreats. 

Specifically, Industrial Cybersecurity Solutions (ICS) are essential to safeguard agricultural organisations and farmers from the threat of compromise. Depending on how digitally advanced, players in the agriculture industry could be using thousands of connected operational technology devices, providing easy attack vectors. As the name suggests, ICS solutions are designed to comprehensively secure the industrial elements of a business, while providing safe, effective asset data collection, monitoring and management.

Endpoint anti-malware software is another important component to consider. Malware is intended to cause damage, steal data, encrypt files, or gain unlawful access into digital systems. Because of the critical nature of the food and agriculture industries, malware is the cyber threat faced most often by these organisations. Malware describes numerous malicious software variants, such as trojans, worms, and ransomware. 

Anti-malware software applies signature detection, behavioural analysis and, in some cases, artificial intelligence (AI) to remediate an attack by disabling malware. It is crucial to have anti-malware software installed on every digital endpoint of a network. In today’s world of BYOD (bring your own device) workplaces, ensuring that updated anti-malware is properly installed across all devices with access to the network can be challenging.

“Over and above adequate cybersecurity solutions, ongoing cybersecurity awareness training is a critical step in enhancing the digital agriculture environment. Using both on-site and online interactive training modules and even cyber safety games for employees and workers build a familiarity with some of the tactics employed by cybercriminals to exploit network weak points,” says Vladimir Dashchenko. 

Kaspersky’s Automated Security Awareness Platform (KASAP) supports organisations in addressing this need and to train staff on the evolving threat landscape in a memorable way. KASAP was created by leading cybersecurity experts and offers businesses an easy-to-manage and inevitably reusable online tool to upskills employees on how to better protect themselves and the business.

“Agriculture is a critical component of regional economies. Those organisations operating in the sector must take all necessary steps to ensure their systems and processes are as effectively protected as possible,” concludes Dashchenko.