SACRAMENTON, Calif. – California state Sen. Melissa Hurtado (D-14th) introduced SB-892, intended to combat cyber threats on the state’s food, agriculture and water sectors. The legislation recognizes the growing threat to the food system from cyberattacks.

In a press release, the Hurtado said, “Now more than ever we need to invest in California’s critical infrastructure sectors from cyberterrorism on our water and food supply. SB-892 will help protect us from the dangerous attacks. There is funding in the federal Infrastructure Bill to help California secure our vital networks. We cannot wait any longer. The impacts of these cyber security risks greatly impact our human security.”

Recently, there have been several high-profile cyberattacks on the food and agriculture sectors, once thought of as holding little interest to cybercriminals.

In May 2021, JBS, the world’s largest meatpacking company, was the victim of a ransomware attack by a criminal group based in Russia. The attack affected meat processing plants in Colorado, Iowa, Minnesota, Pennsylvania, Nebraska and Texas. Wholesale meat prices soared as did consumer prices. The company paid $11 million in ransom to get its systems back online.

In September, Bloomberg reported that Iowa’s New Cooperative Inc. was also hit by a ransomware attack. The group behind the attack demanded $5.9 million in ransom. The company engaged law enforcement for assistance but resorted to using paper transactions to keep operating.

Also in September, AgWeb reported the saga of a U.S. farm that was cyber attacked the previous January. It suffered a $9 million loss from temporarily shutting down its operations.

Increasing cybercrime against the food and agriculture companies stems from their reliance on modern technology. What brought efficiencies to everything from crop management to marketing has opened the door to cyber risk. The problem is, the ag sector has embraced modern technology faster than it has modernized cybersecurity to go with it. “The agricultural industry has a significant reliance on technology and is overall behind on the cyber preparation curve,” said Deen Kaplan, a leading cybersecurity practitioner in a recent article for the Ohio Soybean Council.

In addition, unlike other industries, there is no centralized process and few federal and state regulations in the ag sector for responding to cyberattacks. At best, there are only voluntary guidelines for how to prepare and respond. States are taking notice, however, including those in the Midwest. A study conducted by Sens. Rob Portman, of Ohio, and Gary Peters, of Michigan, delivered to the Senate Homeland Security and Governmental Affairs Committee, identified cyber vulnerabilities to critical infrastructure, including those in the agriculture and food sectors.

Back in California, SB-892 offers actionable legislation. There, the objective is a multi-year plan to “assist the food and agriculture sector in their efforts to improve cybersecurity.” Grants and other funding will help agricultural companies improve their cybersecurity preparedness, while several California agencies are charged with developing guidelines for reporting. Agricultural firms will have to report instances of verified cyber threats or cyberattacks within 60 days.

Proposals like 892 are critical because of the interdependence of the nation’s food supply chain. A disruption at one end can reverberate throughout the entire industry and can hit consumers with shortages and price hikes weeks or months down the road. According to the Iowa State University extension, the farming sector is getting targeted by cybercriminals because of its critical function.

Many operators of small family farms and ag companies sometimes fail to take precautions mistakenly believing cybercrime isn’t a threat to them. Yet, cybercriminals can use ransomware for financial gain, malware to access sensitive data, or viruses to simply wreak havoc. So, what can proactive owners do to protect themselves? Here are some steps:

- Get Cybersecurity Training - Learn how to be properly vigilant and identify the signs of phishing attacks and malware. Get everyone trained; one employee’s bad actions can open the door to an attack.

- Install Anti-Virus/Anti-Malware Software - Ensure that you have good anti-malware software installed on all devices and keep it up-to-date.

- Backup Your Data - One of the easiest ways to mitigate a cyberattack is being able to retrieve a recent backup. Backups should be stored separately from main systems to keep attackers from accessing them.

- Use the Cloud - Rather than storing critical data on personal computers that might be vulnerable to attacks, move it offsite to cloud storage that is better protected.

- Segment Your Network - Divide your information technology into separate and isolated systems. That way, if one is attacked, it won’t spread through the entire operation.

Jodie DeVries, senior vice president of risk management company Marsh USA, told Michigan Farm News, “Understand it’s not a matter of if but when the attacks might happen…[those] in the food and ag space are particularly vulnerable because they lack some controls that, perhaps, are being exploited – things like multi-factor authentication. The bad actors have realized their vulnerabilities, so they’re going after those things.

Cory Buchs, director of Connected Farm at Trimble, echoed similar sentiments in an interview for AgFax: “I think trends today tell us we will see more attempts at hacking. That should only increase a company’s determination to stay ahead of those threats. It’s kind of a race of sophistication on both sides. These are high stakes, and we have to stay ahead of the threat on a constant basis.”