2022-10-18
By: Leigh Bernacchi, CITRIS Program Director
Agricultural innovation depends on detailed information. Data are collected at every step of the production process, with sensors on combines and tractors, irrigation, drainage ditches, water wells, not to mention remote sensing and aerial maps of fields. Food and fiber processing is similarly tracked to be able to pinpoint challenges in the system. All this data can feel like a real intrusion into agricultural producers’ operations and lives. Precision agriculture provides opportunities for better management, but also poses risks to our food system due to cybersecurity attacks.
“Toward a Disaster Resilient California: Cultivating Data Security Practices in Precision Agriculture,” a California Council on Science & Technology (CCST) expert briefing on precision agricultural and best practices in data security addressed these issues. Facilitated by UC Irvine Vice Chancellor for Research Pramod Khargonekar, the panel covered several components along the data supply chain and the risks.
University of California, Merced professor Lisa Yeo, a cybersecurity and infrastructure expert in the School of Engineering’s Management of Complex Systems department, provided expert commentary and recommendations on private and secure data focused on the producers and users of the data and information.
Prof. Yeo started by defining agriculture and our food supply as critical infrastructure and that it “needs to be protected in the same way as other infrastructure.”
“We have this habit as engineers of solving problems but not thinking of the whole systems. Inasmuch as we’re creating agriculture internet of things devices, from sensors to connected tractors, we have to think about the best practices of designing with security in mind, and very much do that in places where we have critical infrastructure,” Yeo said. As a member of the NSF Engineering Research Center IoT4Ag and CITRIS-affiliated faculty, she continued, “In the IoT space, we have seen a lot of small devices that have poor design—default passwords, no passwords, difficulty changing them—that have been used in attacks elsewhere.”
Regarding ransomware, “I think when you look at it, it’s going to depend on the timing and where in the chain it happens.” Yeo drew an analogy between attacks on gas stations versus oil pipelines, “It’s not necessarily on the small farm where ransomware is going to have an immediate impact on our food supply because there’s still a farmer there who can still do the work… But if you start scaling up within the supply chain and in the production process, then we start to see challenges.”
“A typical user wants to use the tool to solve the problem they have. They don’t want to become experts in how all the pieces come together and work.” The goal then for designers and researchers changes to “how to make it easy for them to do their jobs in a safe and secure way. And that’s a very complex activity.”
Yeo concluded “We have to think about the best practices of designing with security in mind.”
CCST hosted the panel on the premise that to feed a growing population affordably and in a way that minimizes greenhouse gas production, the farming industry will need to rely on innovative technologies such as precision agriculture. The panel explored broadly explore the benefits of precision agriculture and the susceptibility of its data to theft or corruption, and the potential impacts of losing those data.
If you missed the briefing, you can watch the video and download the CCST one pager. See the video description for chaptered questions and more resources.
