Cyber Threats to Agriculture and Food Supply Chains
Digitisation in Agriculture
The traditional way of doing agriculture has undergone massive digitization in recent years, whereby several agricultural processes have been linked to the Internet. This globally prevalent transformation, driven by smart technology, encompasses the use of sensors, IoT devices, and data analytics to optimize and automate labour-intensive farming practices. Smart farmers in the country and abroad now leverage real-time data to monitor soil conditions, weather patterns, and crop health, enabling precise resource management and improved yields. The integration of smart technology in agriculture not only enhances productivity but also promotes sustainable practices by reducing waste and conserving resources. As a result, the agricultural sector is becoming more efficient, resilient, and capable of meeting the growing global demand for food.
Digitisation of Food Supply Chains
There has also been an increase in the digitisation of food supply chains across the globe since it enables both suppliers and consumers to keep track of the stage of food processing from farm to table and ensures the authenticity of the food product. The latest generation of agricultural robots is being tested to minimise human intervention. It is thought that AI-run processes can mitigate labour shortage, improve warehousing and storage and make transportation more efficient by running continuous evaluations and adjusting the conditions real-time while increasing yield. The company Muddy Machines is currently trialling an autonomous asparagus-harvesting robot called Sprout that not only addresses labour shortages but also selectively harvests green asparagus, which traditionally requires careful picking. However, Chris Chavasse, co-founder of Muddy Machines, highlights that hackers and malicious actors could potentially hack into the robot's servers and prevent it from operating by driving it into a ditch or a hedge, thereby impending core crop activities like seeding and harvesting. Hacking agricultural pieces of machinery also implies damaging a farmer’s produce and in turn profitability for the season.
Case Study: Muddy Machines and Cybersecurity Risks
A cyber attack on digitised agricultural processes has a cascading impact on online food supply chains. Risks are non-exhaustive and spill over to poor protection of cargo in transit, increased manufacturing of counterfeit products, manipulation of data, poor warehousing facilities and product-specific fraud, amongst others. Additional impacts on suppliers are also seen, whereby suppliers have supplied the food products but fail to receive their payments. These cyber-threats may include malware(primarily ransomware) that accounts for 38% of attacks, Internet of Things (IoT) attacks that comprise 29%, Distributed Denial of Service (DDoS) attacks, SQL Injections, phishing attacks etc.
Prominent Cyber Attacks and Their Impacts
Ransomware attacks are the most popular form of cyber threats to food supply chains and may include malicious contaminations, deliberate damage and destruction of tangible assets (like infrastructure) or intangible assets (like reputation and brand). In 2017, NotPetya malware disrupted the world’s largest logistics giant Maersk and destroyed all end-user devices in more than 60 countries. Interestingly, NotPetya was also linked to the malfunction of freezers connected to control systems. The attack led to these control systems being compromised, resulting in freezer failures and potential spoilage of food, highlighting the vulnerability of industrial control systems to cyber threats.
Further Case Studies
NotPetya also impacted Mondelez, the maker of Oreos but disrupting its email systems, file access and logistics for weeks. Mondelez’s insurance claim was also denied since NotPetya malware was described as a “war-like” action, falling outside the purview of the insurance coverage. In April 2021, over the Easter weekend, Bakker Logistiek, a logistics company based in the Netherlands that offers air-conditioned warehousing and food transportation for Dutch supermarkets, experienced a ransomware attack. This incident disrupted their supply chain for several days, resulting in empty shelves at Albert Heijn supermarkets, particularly for products such as packed and grated cheese. Despite the severity of the attack, the company successfully restored their operations within a week by utilizing backups. JBS, one of the world’s biggest meat processing companies, also had to pay $11 million in ransom via Bitcoin to resolve a cyber attack in the same year, whereby computer networks at JBS were hacked, temporarily shutting down their operations and endangering consumer data. The disruption threatened food supplies and risked higher food prices for consumers. Additional cascading impacts also include low food security and hindrances in processing payments at retail stores.
Credible Threat Agents and Their Targets
Any cyber-attack is usually carried out by credible threat agents that can be classified as either internal or external threat agents. Internal threat agents may include contractors, visitors to business sites, former/current employees, and individuals who work for suppliers. External threat agents may include activists, cyber-criminals, terror cells etc. These threat agents target large organisations owing to their larger ransom-paying capacity, but may also target small companies due to their vulnerability and low experience, especially when such companies are migrating from analogous methods to digitised processes.
The Federal Bureau of Investigation warns that the food and agricultural systems are most vulnerable to cyber-security threats during critical planting and harvesting seasons. It noted an increase in cyber-attacks against six agricultural co-operatives in 2021, with ancillary core functions such as food supply and distribution being impacted. Resultantly, cyber-attacks may lead to a mass shortage of food not only meant for human consumption but also for animals.
Policy Recommendations
To safeguard against digital food supply chains, Food defence emerges as one of the top countermeasures to prevent and mitigate the effects of intentional incidents and threats to the food chain. While earlier, food defence vulnerability assessments focused on product adulteration and food fraud, including vulnerability assessments of agriculture technology now be more relevant.
Food supply organisations must prioritise regular backups of data using air-gapped and password-protected offline copies, and ensure critical data copies are not modifiable or deletable from the main system. For this, blockchain-based food supply chain solutions may be deployed, which are not only resilient to hacking, but also allow suppliers and even consumers to track produce. Companies like Ripe.io, Walmart Global Tech, Nestle and Wholechain deploy blockchain for food supply management since it provides overall process transparency, improves trust issues in the transactions, enables traceable and tamper-resistant records and allows accessibility and visibility of data provenance. Extensive recovery plans with multiple copies of essential data and servers in secure, physically separated locations, such as hard drives, storage devices, cloud or distributed ledgers should be adopted in addition to deploying operations plans for critical functions in case of system outages. For core processes which are not labour-intensive, including manual operation methods may be used to reduce digital dependence. Network segmentation, updates or patches for operating systems, software, and firmware are additional steps which can be taken to secure smart agricultural technologies.
References
- Muddy Machines website, Accessed 26 July 2024. https://www.muddymachines.com/
- “Meat giant JBS pays $11m in ransom to resolve cyber-attack”, BBC, 10 June 2021. https://www.bbc.com/news/business-57423008
- Marshall, Claire & Prior, Malcolm, “Cyber security: Global food supply chain at risk from malicious hackers.”, BBC, 20 May 2022. https://www.bbc.com/news/science-environment-61336659
- “Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons.”, Private Industry Notification, Federal Bureau of Investigation, 20 April https://www.ic3.gov/Media/News/2022/220420-2.pdf.
- Manning, Louise & Kowalska, Aleksandra. (2023). “The threat of ransomware in the food supply chain: a challenge for food defence”, Trends in Organized Crime. https://doi.org/10.1007/s12117-023-09516-y
- “NotPetya: the cyberattack that shook the world”, Economic Times, 5 March 2022. https://economictimes.indiatimes.com/tech/newsletters/ettech-unwrapped/notpetya-the-cyberattack-that-shook-the-world/articleshow/89997076.cms?from=mdr
- Abrams, Lawrence, “Dutch supermarkets run out of cheese after ransomware attack.”, Bleeping Computer, 12 April 2021. https://www.bleepingcomputer.com/news/security/dutch-supermarkets-run-out-of-cheese-after-ransomware-attack/
- Pandey, Shipra; Gunasekaran, Angappa; Kumar Singh, Rajesh & Kaushik, Anjali, “Cyber security risks in globalised supply chains: conceptual framework”, Journal of Global Operations and Strategic Sourcing, January 2020. https://www.researchgate.net/profile/Shipra-Pandey/publication/338668641_Cyber_security_risks_in_globalized_supply_chains_conceptual_framework/links/5e2678ae92851c89c9b5ac66/Cyber-security-risks-in-globalized-supply-chains-conceptual-framework.pdf
- Daley, Sam, “Blockchain for Food: 10 examples to know”, Builin, 22 March 2023 https://builtin.com/blockchain/food-safety-supply-chain
Related Blogs
Executive Summary:
A photo circulating on the web that claims to show the future design of the Bhabha Atomic Research Center, BARC building, has been found to be fake after fact checking has been done. Nevertheless, there is no official notice or confirmation from BARC on its website or social media handles. Through the AI Content Detection tool, we have discovered that the image is a fake as it was generated by an AI. In short, the viral picture is not the authentic architectural plans drawn up for the BARC building.
Claims:
A photo allegedly representing the new outlook of the Bhabha Atomic Research Center (BARC) building is reigning over social media platforms.
Fact Check:
To begin our investigation, we surfed the BARC's official website to check out their tender and NITs notifications to inquire for new constructions or renovations.
It was a pity that there was no corresponding information on what was being claimed.
Then, we hopped on their official social media pages and searched for any latest updates on an innovative building construction, if any. We looked on Facebook, Instagram and X . Again, there was no information about the supposed blueprint. To validate the fact that the viral image could be generated by AI, we gave a search on an AI Content Detection tool by Hive that is called ‘AI Classifier’. The tool's analysis was in congruence with the image being an AI-generated computer-made one with 100% accuracy.
To be sure, we also used another AI-image detection tool called, “isitai?” and it turned out to be 98.74% AI generated.
Conclusion:
To conclude, the statement about the image being the new BARC building is fake and misleading. A detailed investigation, examining BARC's authorities and utilizing AI detection tools, proved that the picture is more probable an AI-generated one than an original architectural design. BARC has not given any information nor announced anything for such a plan. This makes the statement untrustworthy since there is no credible source to support it.
Claim: Many social media users claim to show the new design of the BARC building.
Claimed on: X, Facebook
Fact Check: Misleading
Introduction
Attacks by cybercriminals targeting national critical infrastructure are increasing at an unsettling rate. Such attacks have the potential to do severe damage by upsetting transportation networks, utilities, financial services, and other vital infrastructure. The physical and digital systems that underpin a nation's economy are known as critical infrastructure thus if they were to be disrupted, there would be serious risks to the economy and public health and safety. Establishing proper cybersecurity measures and protecting those digital systems from possible threats or cyberattacks is necessary. Both public and private sector assets are included in these essential infrastructure categories.
Nationwide alert:
Recently one of the biggest hacker organizations has warned of an upcoming cyberattack on the critical infrastructure and websites in India, causing a countrywide alert. A gang of hackers from Indonesia and Pakistan, celebrating 4,000 members, announced a planned “Cyber Party” on 11 December 2023. The event’s claimed goal is to compromise and disrupt India's digital infrastructure. They disclosed this information on their Telegram channel.
This hacker organization holds a record of launching extensive cyberattacks; in the past, it sent out a "red notice" that was intended to target 12,000 websites run by the Indian government. They have previously attacked other nations, such as Israel, Sweden, and the United States. Their reasons are varied and might include anything from assaults on certain groups to religious disagreements.
The gang has also been acclaimed for hacking into a New York City police agency, obtaining health and social media data from Israel, and exposing information from Swedish social media users. These alarming events show how urgently strong and all-encompassing cybersecurity measures are needed, not only in India but throughout the world.
Effect(s) on India
1. Central Agencies Are Alert, Expect Health Sector Attacks: The cyberinfrastructure of the health sector has been a common target of assaults, particularly in the aftermath of the COVID-19 epidemic, which has authorities particularly concerned. Relevant ministries have received notifications from central authorities advising them to take precautions against unwanted access. The security of digital infrastructure is seriously challenged by the constantly changing panorama of cyber-attacks, according to those who are aware of the warning and threat.
2. National security concerns: Because of the interconnectedness of critical national infrastructure, a cyberattack may have an impact on national security. Attacks against defense networks, intelligence organizations health infrastructure, or military systems, for instance, might make it more difficult for the nation to respond to threats from outside.
3. Concerns for Public Safety and Health: Cyberattacks on healthcare systems run the risk of compromising patient data, stopping medical procedures, and even endangering the general public's health. This might have potentially fatal results in urgent circumstances.
4. Data Breach and Privacy Issues: Stealing confidential data is a common component of cybersecurity assaults. A breach of critical infrastructure systems might result in sensitive data, including personal information, being misused and accessed without authorization, raising privacy issues.
Preventive and protective measures
1. The plan for responding to incidents: Make sure a clear incident response strategy is in place, with a focus on healthcare systems, and that it is especially designed to handle cyber-attacks on critical infrastructure.
2. Better Tracking: Observing vital networks, systems, and data flows more closely, especially in the healthcare industry. Using cutting-edge threat detection technologies to spot odd or questionable activity.
3. Critical System Isolation: Cutting off vital healthcare systems from the wider network to reduce the chance of attackers moving laterally.
4. Continual Backups: Make sure that backup copies of important data and systems are kept in a safe, isolated location by regularly backing them up. In the event of a ransomware attack or data breach, this makes recovery easier.
5. Update and patch systems: Make sure that all operating systems and apps utilized in the infrastructure of the healthcare industry are updated with the most recent security updates.
6. Protocols for Communication: In the case of a cyber-incident, establishing explicit communication mechanisms to guarantee that pertinent parties are notified as soon as possible. This covers correspondence with law enforcement, the public, and other members of the healthcare industry as needed.
Conclusion
Urgent preventative actions are essential in response to an impending cyber threat revealed by a large hacker organization that is targeting India's key infrastructure, specifically the healthcare sector. The interconnectedness of this infrastructure puts public safety, privacy, and national security in danger. A crucial defensive approach is formed by the proactive measures mentioned, which include communication protocols, system isolation, improved monitoring, incident response preparation, and frequent backups. The dangers underline the necessity of international collaboration in tackling cybersecurity issues and the requirement for shared responsibility of everyone to safeguard digital networks. To reduce risks and guarantee the resilience of vital national infrastructure in the face of changing cyber threats, authorities must continue to develop and adapt their cybersecurity tactics.
References:
- https://www.cnbctv18.com/technology/exclusive--nationwide-alert-sounded-as-hacker-group-plans-cyber-party-to-attack-indias-critical-digital-infra-18520021.htm
- https://www.the420.in/ndian-authorities-high-alert-hacker-groups-threaten-cyber-assault/
- https://www.cnbctv18.com/technology/exclusive--nationwide-alert-sounded-as-hacker-group-plans-cyber-party-to-attack-indias-critical-digital-infra-18520021.htm#:~:text=By%20News18.com%20Dec%208,%3A58%20AM%20IST%20(Published)&text=A%20nationwide%20alert%20has%20been,Indian%20websites%20and%20critical%20infrastructure
- https://verveindustrial.com/resources/blog/critical-infrastructure-cyber-security/
Introduction
Misinformation in India has emerged as a significant societal challenge, wielding a potent influence on public perception, political discourse, and social dynamics. A potential number of first-time voters across India identified fake news as a real problem in the nation. With the widespread adoption of digital platforms, false narratives, manipulated content, and fake news have found fertile ground to spread unchecked information and news.
In the backdrop of India being the largest market of WhatsApp users, who forward more content on chats than anywhere else, the practice of fact-checking forwarded information continues to remain low. The heavy reliance on print media, television, unreliable news channels and primarily, social media platforms acts as a catalyst since studies reveal that most Indians trust any content forwarded by family and friends. It is noted that out of all risks, misinformation and disinformation ranked the highest in India, coming before infectious diseases, illicit economic activity, inequality and labour shortages. World Economic Forum analysts, in connection with their 2024 Global Risk Report, note that “misinformation and disinformation in electoral processes could seriously destabilise the real and perceived legitimacy of newly elected governments, risking political unrest, violence and terrorism and long-term erosion of democratic processes.”
The Supreme Court of India on Misinformation
The Supreme Court of India, through various judgements, has noted the impact of misinformation on democratic processes within the country, especially during elections and voting. In 1995, while adjudicating a matter pertaining to keeping the broadcasting media under the control of the public, it noted that democracy becomes a farce when the medium of information is monopolized either by partisan central authority or by private individuals or oligarchic organizations.
In 2003, the Court stated that “Right to participate by casting a vote at the time of election would be meaningless unless the voters are well informed about all sides of the issue in respect of which they are called upon to express their views by casting their votes. Disinformation, misinformation, non-information all equally create an uninformed citizenry which would finally make democracy a mobocracy and a farce.” It noted that elections would be a useless procedure if voters remained unaware of the antecedents of the candidates contesting elections. Thus, a necessary aspect of a voter’s duty to cast intelligent and rational votes is being well-informed. Such information forms one facet of the fundamental right under Article 19 (1)(a) pertaining to freedom of speech and expression. Quoting James Madison, it stated that a citizen’s right to know the true facts about their country’s administration is one of the pillars of a democratic State.
On a similar note, the Supreme Court, while discussing the disclosure of information by an election candidate, gave weightage to the High Court of Bombay‘s opinion on the matter, which opined that non-disclosure of information resulted in misinformation and disinformation, thereby influencing voters to take uninformed decisions. It stated that a voter had the elementary right to know the full particulars of a candidate who is to represent him in Parliament/Assemblies.
While misinformation was discussed primarily in relation to elections, the effects of misinformation in other sectors have also been discussed from time to time. In particular, The court highlighted the World Health Organisation’s observation in 2021 while discussing the spread of COVID-19, noting that the pandemic was not only an epidemic but also an “infodemic” due to the overabundance of information on the internet, which was riddled with misinformation and disinformation. While condemning governments’ direct or indirect threats of prosecution to citizens, it noted that various citizens who relied on the internet to provide help in securing medical facilities and oxygen tanks were being targeted by alleging that the information posted by them was false and was posted to create panic, defame the administration or damage national image. It instructed authorities to cease such threats and prevent clampdown on information sharing.
More recently, in Facebook v. Delhi Legislative Assembly [(2022) 3 SCC 529], the apex court, while upholding the summons issued to Facebook by the Delhi Legislative Assembly in the aftermath of the 2020 Delhi Riots, noted that while social media enables equal and open dialogue between citizens and policymakers, it is also a tool in the where extremist views are peddled into mainstream media, thereby spreading misinformation. It noted Facebook’s role in the Mynmar, where misinformation and posts that Facebook employees missed fueled offline violence. Since Facebook is one of the most popular social media applications, the platform itself acts as a power center by hosting various opinions and voices on its forum. This directly impacts the governance of States, and some form of liability must be attached to the platform. The Supreme Court objected to Facebook taking contrary stands in various jurisdictions; while in the US, it projected itself as a publisher, which enabled it to maintain control over the material disseminated from its platform, while in India, “it has chosen to identify itself purely as a social media platform, despite its similar functions and services in the two countries.”
Conclusion
The pervasive issue of misinformation in India is a multifaceted challenge with profound implications for democratic processes, public awareness, and social harmony. The alarming statistics of fake news recognition among first-time voters, coupled with a lack of awareness regarding fact-checking organizations, underscore the urgency of addressing this issue. The Supreme Court of India has consistently recognized the detrimental impact of misinformation, particularly in elections. The judiciary has stressed the pivotal role of an informed citizenry in upholding the essence of democracy. It has emphasized the right to access accurate information as a fundamental aspect of freedom of speech and expression. As India grapples with the challenges of misinformation, the intersection of technology, media literacy and legal frameworks will be crucial in mitigating the adverse effects and fostering a more resilient and informed society.
References
- https://thewire.in/media/survey-finds-false-information-risk-highest-in-india
- https://www.statista.com/topics/5846/fake-news-in-india/#topicOverview
- https://www.weforum.org/publications/global-risks-report-2024/digest/
- https://main.sci.gov.in/supremecourt/2020/20428/20428_2020_37_1501_28386_Judgement_08-Jul-2021.pdf
- Secretary, Ministry of Information & Broadcasting, Govt, of India and Others v. Cricket Association of Bengal and Another [(1995) 2 SCC 161]
- People’s Union for Civil Liberties (PUCL) v. Union of India [(2003) 4 SCC 399]
- Kisan Shankar Kathore v. Arun Dattatray Sawant and Others [(2014) 14 SCC 162]
- Distribution of Essential Supplies & Services During Pandemic, In re [(2021) 18 SCC 201]
- Facebook v. Delhi Legislative Assembly [(2022) 3 SCC 529]
