House Republican sounds the alarm on threats to food and agriculture sector
A top Republican on the House Agriculture Committee warned Thursday about increasing cybersecurity threats to food and agriculture due to growing reliance on technology and a lack of direction by the agency in charge of overseeing the sector.
Rep. Brad Finstad, a Minnesota Republican and farmer, noted that people may not be aware just how high-tech agriculture has become over the years in pursuit of increased efficiency. Like many critical infrastructure sectors, the agriculture industry is growing increasingly digital, including precision agriculture that uses the global positioning system or satellite imagery to get a detailed, wide view of the farm.
As an example, Finstad noted that his farm uses GPS-located soil samples in order to test nutrient values.
“As a country, we have about six days of fresh pork sitting in cold storage,” Finstad said at a Hack the Capitol panel in Washington, D.C. “What if someone started messing with the temperature of those cold storage facilities? It would devastate us. It would take the number one protein in our diets off the map.”
Attacks on the food and agriculture sector don’t always get the same attention as attacks on water or electricity, but a 2021 ransomware attack on JBS, one of the world’s largest meat suppliers, disrupted its operations and highlighted the potential threat to the nation’s food supply.
Finstad, who chairs the House Agriculture Subcommittee on Nutrition, Foreign Agriculture and Horticulture, chided the U.S. Department of Agriculture for lacking direction when it comes to assisting the sector against cybersecurity threats — which is one of the reasons he introduced legislation to address the issue earlier this year alongside Rep. Elissa Slotkin, D-Mich., and Sens. Tom Cotton, R-Ark., and Kirsten Gillibrand, D-N.Y.
That bill would require the secretary of agriculture to conduct a study of cybersecurity threats to the agriculture and food sectors and submit it to Congress. Additionally, the bill would create an annual cross-sector exercise simulating a disruptive cyberattack against the food sector.
“Agriculture hasn’t had a seat at the table when it comes to some of these threat assessments,” Finstad told CyberScoop on the sidelines of the event.
During a panel discussion Thursday, Finstad discussed the plight of the “small to midsize folks like me, you know a soil lab, a precision ag farm. I don’t have the infrastructure, the knowledge, or the money to invest in a cybersecurity program … and so that makes us vulnerable.”
The lack of additional funds for USDA came up on another panel. Mark Montgomery, former executive director of the Cyberspace Solarium Commission and senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, noted that the department is underfunded to conduct its sector risk management responsibilities, with less than $1 million dedicated to the topic.
“Let’s be clear: They don’t — across multiple industries — give a damn about the sector’s cybersecurity. Because if they gave a damn they’d spend a penny. They don’t spend anything,” Montgomery said of the agency.
Neither the Biden administration’s national cybersecurity plan nor its implementation plan notes initiatives to tackle cyber threats to food and agriculture. One item in the updated implementation plan would require the USDA to work with the Environmental Protection Agency to expand a rural water circuit rider program to include cybersecurity technical assistance.
The administration did release a national security memorandum specifically for improving the defenses and resilience of the food and agriculture sector.
“It’s a little bit of the Wild West still and I think it’s the tip of the iceberg,” Finstad said. “I think people are in a strong need for more education and awareness.”