I case you’ve been living under a rock for the last year, let’s review: attacks on critical infrastructure are a thing. In just the past four months, the United States has contended with a major escalation of cyber risk in critical infrastructure with two, major attacks that disrupted critical sectors. First the Colonial Pipeline and then meat processor JBS were hobbled – temporarily – by criminal ransomware. In both cases, the companies quickly paid out ransoms to the attackers rather than face the prospect of rebuilding IT environments from scratch.
Cyber Risk Alert: Critical Infrastructure Attacks Are Here
The repercussions of those attacks were easy to see. Accounts of long gas lines and high gas prices in the Eastern United states appeared within days of the Colonial Pipeline attack – the product more of panic buying than disrupted supplies. In the case of JBS, the attack caused disruptions up and down the beef supply chain, including the closure of slaughter houses.
But what if there was no ransom to be paid and those attacks had lasted longer? What if the target was not just a single meat processor (albeit a big one), but farms throughout the country that grow wheat, soybeans, corn and other staples of the global food supply chain?
The consequences of any attack on the U.S. agriculture sector could be much more dire than expensive hamburger or a supermarket shopping bag filled with petrol. A coordinated cyber attack on U.S. agriculture could, in short order, lead to foot shortages and hunger in the U.S. and abroad. And history has shown us that when food gets scarce, things get ugly – fast.
Cyber Attacks On The Food Chain?
But how likely is such an attack? And how vulnerable are U.S. farms to disruptive attacks like those on Colonial or JBS? The answer is: ‘more vulnerable than you might think,’ according to our guest today, Rob Wood. Rob is the Vice President of the Hardware Embedded Systems Practice at the firm NCC Group. In that role, he helps organizations of all kinds improve the security of their embedded devices and equipment. And he warns that the agriculture sector, like other critical infrastructure sectors, is increasingly reliant on vulnerable software and hardware. The consequences of that dependence, and the lax security, are only dimly understood. I wrote over at Forbes about how big agricultural equipment makers like John Deere are scrambling to address cyber risk in their new, connected equipment.
In this conversation, Rob and I dig deep on the cyber risk to agriculture, and on the bigger question of how best to manage the increased risk that accompanies digital transformation in critical sectors. You can listen to the podcast above, or download the MP3 using the button below!
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.