BRIGHTON, Colo. — Cyberattacks are becoming more common and more disruptive to our daily life, and many experts worry the nation’s food supply is the next big target.
“In the past, I don't think we gave a lot of thought to cybersecurity,” said Robert Sakata, a farmer in Brighton, Colorado.
Sakata’s family has farmed for decades.
“So, my dad started the farm, and he and his family actually were farming in San Francisco when World War Two broke out, so they were moved to an internment camp, ended up in a camp in Utah,” said Sakata. “When he was released from that camp, Colorado was one of the few places that were actually not discouraging Japanese-Americans from coming in.”
Once the war ended, the Sakata family rebuilt their life and started a new farm 30 minutes outside of Denver.
Their farm, along with the thousands of other farms across the country, is now facing a new threat that didn’t exist just a few years ago.
“When you talked about security, it was somebody maybe coming out here, and believe it or not, that's what they've actually done—come out here and steal the wheels off of this sprinkler, steal the copper wire that's along there,” said Sakata.
But now, it’s also cybercriminals Sakata worries about. Any machine, like a tractor or a sprinkler system that’s connected to the internet could be hacked and remotely controlled.
These threats could mean interruptions to daily life for millions of Americans.
“If a CPA firm gets breached, a bunch of social security numbers get stolen, you're dealing with identity theft. That's one thing, right? But when people don't have food, you're talking about riots in the streets,” said Joseph Brunsman, founder of the Brunsman Advisory Group. Brunsman is a provider for cybersecurity insurance.
Brunsman said these attacks, if large enough, could leave families hungry.
“A lot of people living on fixed incomes or people that are, you know, lower on the socio-economic scale, when food prices go up, you know, 10, 20, 30%, that means they have to make that decision: Am I going to pay for food? Am I going to pay for heating this month? So, it's really a serious, serious idea for a lot of people.”
Hackers can also stop farming equipment or food production equipment from working and demand a ransom be paid. Ransomware attacks have become more common, and food production has seen multiple large attacks in recent months.
Meatpacking company JBS was hacked in June and plants were shut down across the country after a ransomware attack.
JBS paid hackers $11M to get operations back online.
“This was a very difficult decision to make for our company, and for me personally,” said Andre Nogueira, the CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”
“You hear about ransomware where you would totally lock up and we couldn't have control. That would be a real, real issue that then we couldn't water the crop at all,” said Sakata.
“Because everyone needs to eat, an attack, a successful attack within the food and agriculture industry can quickly cascade into a national security concern,” said Scott Algeier, the executive director of the Information Technology Sharing and Analysis Center, known as IT-SAC. “We're seeing a lot of the same attacks on other industries already, but some of the potential consequences could be a little more impactful.”
In addition to ransomware, there’s concern about groups hacking and stealing intellectual property – like seed formulas.
“There's a lot of intellectual property that the fruit and agriculture industry has that that is of interest to other organizations, other countries,” said Algeier.
“We could lose our entire year of income by somebody taking over something and creating a problem by not letting the sprinkler run or not having that shipment go through,” said Sakata. “So, it's a big risk not only just for my family, but then for whoever is depending on those food sources.”
These threats are why Sakata goes old school on some things. He doesn’t connect his storage refrigerator to Wi-Fi to keep his crops safe.
“The only way somebody can hack it is really to break in at the door and change the settings,” said Sakata. “Even then, I have a password!”
What he can protect digitally, he does, and he said he and other farmers now often discuss how to defend themselves from cybercriminals.
“Whether it's going now to multiple-step verification, you need maybe another key fob that identifies yourself, that is all going to be critical as we move forward,” said Sakata.
Brunsman said cybersecurity insurance can also help, but there are several other inexpensive options for smaller farmers as well.
“Even really basic, very affordable controls, such as multi-factor authentication, having multiple backups, having offline backups, email security, security awareness training, that kind of stuff. It's not super expensive. It's really quite affordable. In many cases, it's like the cost of a cup of coffee per person per month. That can really go a long way,” said Brunsman.
Those who study these attacks say they’re happening every single day on a small scale. It’s only a matter of time before the next large-scale attack occurs.
“The threats are coming up and several different sides, we're seeing, we've already seen threats against both producers and production facilities,” said Doug Jacobson, a professor of electrical and computer engineering at Iowa State University. “We had a co-op here in Iowa that was attacked. So, we see it from the large organization side of things. But anybody on the internet, even a farmer can be attacked.”
“It's kind of scary,” said Sakata. “I think if you dwelled on it too long, it would keep you up at night.
He just hopes other farms will take the steps he’s taking to protect what we all can’t live without: our food supply.
“We need to really ensure that we're doing everything we can to protect that. It would be really scary if we ever got to the day where people would go to the grocery store and there wasn't, wasn't any food,” said Sakata.
Algier echoed the need for collaboration to stop cybercriminals.
“Cyberattacks are happening everywhere all the time. So, it is something that every enterprise, no matter your size, and no matter industry, something you need to pay attention to,” said Algeier. "The cybersecurity threat is so big that nobody can do it, nobody can defend it against on their own.”