Universities partner with industry and government to bolster cyber security.
Editor’s note: This story stems from an episode of Seed Speaks. To view that episode, click here.
In 2017, a major cyber-espionage incident underscored vulnerabilities within the U.S. seed industry. A Chinese company was accused of hacking into the networks of leading U.S. agricultural biotechnology firms like Monsanto, DuPont Pioneer and Syngenta. The hackers used phishing emails to infiltrate these companies’ networks, stealing valuable intellectual property related to genetically modified (GM) crops.
This stolen data, which included proprietary information on genetically engineered seeds and trade secrets, posed significant economic risks and threatened to disrupt the market by potentially introducing counterfeit products. This incident highlighted the urgent need for robust cybersecurity measures in the seed industry and catalyzed enhanced cyber defenses and industry collaboration.
“Cybersecurity is something that could be fundamentally against the manufacturers of equipment, against the seed industry, against the livestock industry,” said Jim Reecy, Iowa State University College of Agriculture and Life Sciences associate vice president for research. “All of the same techniques are being used by the bad actors, so what we learn in one aspect of agriculture can readily be applied across (the entire value chain).”
Cyberattacks targeting the food and agriculture industry, including the seed sector, are on the rise in the United States. To address these evolving threats, the National Food and Agriculture Information Sharing and Analysis Center (ISAC) has partnered with Iowa State University, the University of Nebraska, Purdue University, and Virginia Tech. This collaboration aims to pair university research experts with real-world industry threats, designing solutions to protect the sector.
“We research threats proactively to better defend the food and agriculture sector,” says Jonathan Braley, director of the Food and Agriculture ISAC. “Our partnerships with these trusted universities and trade associations aim to distribute better information and analysis throughout the industry.”
Braley emphasized that the partnership is crucial for monitoring threats and providing insights on emerging technologies for agriculture and the seed industry.
Cybersecurity Urgency
Director of the University Consortium on Health, Food, and Agricultural Resilience at Purdue Josh Detre says that while cybersecurity in the food and agriculture sector might not receive the same attention as in the financial or healthcare sectors, it is a critical area of focus.
“Cybersecurity in agriculture often gets overlooked,” he says. “This partnership allows us to collaborate with other great universities and address the industry’s real problems.”
A recent study indicates that in the last decade, there have been at least 30 major cyberattacks on U.S. agriculture, each averaging $200 million in damages.
“The average time for a cyberattack to be realized in the biological sector, including agriculture, is 21 days. This delay can be detrimental, making it difficult to assess and mitigate the impacts,” says Feras Bartaseh, associate professor in the Virginia Tech Department of Biological Systems Engineering.
Bridging Academia and Industry
The partnership aims to influence research and development in the seed sector, focusing on high-security issues like genetic modification and crop resilience.
“University researchers can come alongside industry to address these challenges in real-time, enhancing communication and developing practical solutions,” Detre emphasizes.
University of Nebraska assistant vice president and director of federal relations Matt Hammons highlights the importance of aligning industry, academia, and producers.
“This partnership helps tighten communication between researchers and industry, ensuring real-life relevance for research,” he says. “It also provides opportunities to share challenges and collaborate on solutions.”
Hammons mentions Nebraska’s initiatives like the On-Farm Research Network, which has connected producers with university researchers for decades.
“Producers are closely aligned with the University of Nebraska, and this partnership amplifies that connection, allowing for more robust problem-solving and innovation,” he adds.
Proactive Threat Monitoring and Reporting
Braley highlights the need for a comprehensive approach to cybersecurity.
“Managing risks to the food and agriculture sector requires partnership across industry, academia, and government,” he says. “Our university partners cultivate not only research that is relevant to our members but also open more opportunities to share threat intelligence from the Food and Ag-ISAC to small and medium-sized organizations. This University Partner Program is an essential step to help defend and protect the sector.”
Braley said the ISAC provides weekly threat intelligence reports to its partners, helping them stay ahead of potential attacks.
“We are tracking vulnerabilities across IT and industrial control systems, monitoring ransomware trends, and building collaborative opportunities,” he says. “Our reports provide valuable insights for industry members.”
The ISAC’s reports include detailed analyses of critical vulnerabilities, ransomware attacks, and operational technology risks.
“This collaboration also allows us to share our findings with government agencies and trade associations,” he adds.
Braley also emphasizes the importance of addressing the biological component of cybersecurity in agriculture.
“Cyberbiosecurity is unique to agriculture, impacting seeds, crops and genetics,” he explains. “A threat to one aspect can spread quickly, affecting the entire supply chain.”
Supporting Smaller Companies and Individual Growers
The partnership also aims to benefit smaller seed companies and individual growers. Braley mentioned that while not all companies have the resources to join the ISAC, the organization is developing guides and reports to support the entire sector.
“We understand that smaller companies may not have dedicated cyber teams,” he says. “Our goal is to share lessons learned and provide advice to improve their defenses.”
Detre highlights the critical role of Cooperative Extension activities in reaching smaller farms.
“Many small farms lack the capacity to manage cybersecurity,” he says. “Integrating cybersecurity into extension activities and finding novel solutions is essential.”
Food and Ag Security is National Security
Looking ahead, the ISAC plans to expand the partnership to include more universities and agricultural companies.
“We launched this partnership with an initial set of partners we’ve worked with before, but we’re open to expanding as we identify more interested universities and organizations,” Braley says.
The broader implications of cybersecurity in agriculture extend beyond immediate threats. Cybersecurity is paramount for the seed industry due to the high value of intellectual property (IP) involved. Seed companies invest significantly in research and development to create new, resilient seed varieties. Protecting IP from cyber theft is critical to maintaining a competitive edge and ensuring financial returns.
The integrity of data used in precision agriculture is essential. Cyberattacks can corrupt or alter crucial data, leading to inaccurate planting, breeding, and crop management decisions, which can result in substantial financial losses and operational disruptions. Ensuring supply chain security is also vital, as cyber incidents can interrupt the distribution of seeds, affecting availability and quality for farmers and ultimately impacting the food supply.
Agriculture is a cornerstone of national and global economies, and cyberattacks on agricultural systems can disrupt food production and distribution, leading to shortages and economic instability. Protecting sensitive data, such as financial information, customer details, and proprietary farming practices, is also essential to prevent breaches that could compromise privacy and operational security. The increasing reliance on mobile devices in modern farming introduces additional vulnerabilities. These devices, used for monitoring and managing crops, livestock and equipment, can be targets for hackers.
Maintaining trust and reputation is another crucial aspect of cybersecurity in agriculture. Farmers and agricultural businesses need to uphold strong relationships with consumers, suppliers, and partners. Cyber incidents can severely damage this trust, resulting in long-term reputational harm and financial loss. Additionally, ensuring food safety and quality is paramount; cyberattacks that compromise agricultural systems can lead to contamination or alteration of food products, posing significant risks to public health. Investing in robust cybersecurity measures is essential for protecting the seed industry and the agricultural sector as a whole, ensuring the stability, safety, and sustainability of food production systems.
“Food security is national security,” Detre says. “Agriculture is connected to public health, water security, animal health and more. We need to protect it from evolving threats.”
“Our main goal is to ensure a safe food supply for years to come. This collaboration between industry, academia, and government is a step in the right direction,” Braley says.
“We need to be creative in communication and strategic in addressing these issues,” Hammons adds. “The synergies from this partnership are promising.”
To learn more about the group’s progress, visit https://www.foodandag-isac.org/.