The Security Ledger Podcast

The Security Ledger Podcast

Episode 218: Denial of Sustenance Attacks -The Cyber Risk To Agriculture

June 24, 2021

I case you’ve been living under a rock for the last year, let’s review: attacks on critical infrastructure are a thing. In just the past four months, the United States has contended with a major escalation of cyber risk in critical infrastructure with two, major attacks that disrupted critical sectors. First the Colonial Pipeline and then meat processor JBS were hobbled – temporarily – by criminal ransomware. In both cases, the companies quickly paid out ransoms to the attackers rather than face the prospect of rebuilding IT environments from scratch. 

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk

Cyber Risk Alert: Critical Infrastructure Attacks Are Here

The repercussions of those attacks were easy to see. Accounts of long gas lines and high gas prices in the Eastern United states appeared within days of the Colonial Pipeline attack – the product more of panic buying than disrupted supplies. In the case of JBS, the attack caused disruptions up and down the beef supply chain, including the closure of slaughter houses. 

Rob H. Wood is Vice President of Hardware and Embedded Security Services at NCC Group. (Image courtesy of NCC Group.)

But what if there was no ransom to be paid and those attacks had lasted longer? What if the target was not just a single meat processor (albeit a big one), but farms throughout the country that grow wheat, soybeans, corn and other staples of the global food supply chain?

The consequences of any attack on the U.S. agriculture sector could be much more dire than expensive hamburger or a supermarket shopping bag filled with petrol. A coordinated cyber attack on U.S. agriculture could, in short order, lead to foot shortages and hunger in the U.S. and abroad. And history has shown us that when food gets scarce, things get ugly – fast.

Report: Critical Infrastructure Cyber Attacks A Global Crisis

Cyber Attacks On The Food Chain?

But how likely is such an attack? And how vulnerable are U.S. farms to disruptive attacks like those on Colonial or JBS? The answer is: ‘more vulnerable than you might think,’ according to our guest today, Rob Wood. Rob is the Vice President of the Hardware Embedded Systems Practice at the firm NCC Group. In that role, he helps organizations of all kinds improve the security of their embedded devices and equipment. And he warns that the agriculture sector, like other critical infrastructure sectors, is increasingly reliant on vulnerable software and hardware. The consequences of that dependence, and the lax security, are only dimly understood. I