Cambridge Study Says Hackers Could Breach Agricultural Hardware

Close up of a drone spraying a substance over a field

A new study from Cambridge has highlighted the cyber risks associated with the growing use of artificial intelligence in agriculture. Researchers have warned that hackers could disrupt the global food supply chain by exploiting vulnerabilities in certain AI-based tools.

Cyberwarfare between countries continues to be a concern as well, as Russia’s invasion of Ukraine has already had a negative impact on access to food across the world.

Automated Sprayers, Drones, and Harvesters Vulnerable

AI-based agricultural tools are showing great promise, and are already delivering many benefits to farmers in many parts of the world. These tools are steadily leading to an increase in sustainable food production. However, they are vulnerable to compromise and could be targeted by malicious actors.

A new Cambridge study points out certain underreported risks that are associated with AI-based agricultural tools. This includes the consequences of accidental machine failures and malicious cyberattacks.

The study points out that hackers could potentially target machines in a variety of ways. Cybercriminals can disrupt operations by hacking into automated sprayers, drones, and harvesters. They could also deploy AI tools on their end, or poison datasets to compromise farmers’ machines.

On a large enough scale, these actions can cause major disruptions to a country’s food supply chain. To address these risks, the study recommends that companies take steps to detect and fix vulnerabilities at an early stage. It also recommends that white-hat hackers, aka ethical hackers, work with companies on this issue.

Companies Concur With the Need to Improve Cybersecurity

Many companies that sell AI-based agricultural tools agree with the cybersecurity risks that currently persist. This includes John Deere, a company that manufactures agricultural equipment. In fact, the company has also been following the Cambridge study’s recommendation of working with a number of ethical hackers.

“No company, including John Deere, is immune to vulnerabilities, but we are deeply committed and work tirelessly to safeguard our customers, and the role they play in the global food supply chain,” said James Johnson, John Deere’s CISO.

Chris Chavasse, a co-founder of Muddy Machines, also agrees with the potential risks with autonomous machines in farming.

“There is a real risk that people anywhere in the world could try and take control of these machines,” Chavasse said. “To get them to do whatever those people want, or just prevent them from operating.”

An ethical hacker going by the name Sick Codes has worked with John Deere and CNH Industrial. He discovered and reported vulnerabilities with the companies’ tools, and pointed out that a sophisticated hacker could easily exploit the same discoveries.

“That’s what we’re trying to prevent — stalling something during the most important times, particularly seeding or harvesting. If you can’t move your tractor during that time, or if you can’t pick or take the crop out of the ground, you can imagine what happens. It just stops, the whole thing,” Codes told the BBC.

U.S. and UK Governments Prioritizing Critical Infrastructure Security

The Russia-Ukraine war offers an example of the global food supply being a target in international conflicts. The continued war has led to a closure of ports, and both countries are huge exporters of wheat. U.S. Secretary of State Anthony Blinken has accused Russia of knowingly disrupting the global food market.

“The Russian government seems to think that using food as a weapon will help accomplish what its invasion has not – to break the spirit of the Ukrainian people,” Blinken said.

Improving cybersecurity in the food and agricultural sector is a crucial task, considering the potential consequences of a cyber attack. Luckily, the U.S. and U.K. governments seem to be taking this issue seriously.

Ever since the ransomware attack on JBS, the United States Government has taken a very proactive stance toward critical infrastructure security. This includes the food and agriculture sectors. In fact, several American federal agencies have issued periodic advisories to industries in the space about potential cyberattacks, such as the advisory on BlackMatter ransomware.

UK’s National Cyber Security Centre (NCSC) has also issued guidance to farmers which highlights potential threats and provides useful tips to improve their cyber defenses.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.