In 2020, August, IBM warned about a security flaw in millions of Internet of Things (IoT) devices including “Smart” Meters and medical implants. But IoT vulnerability is not a new thing. For many years experts have warned about this as well as IoT’s high failure rate.
In December, then-President Trump signed the IoT Cybersecurity Improvement Act of 2020 to create standards and guidelines on the use and management of these devices by federal agencies.
However, experts have also been warning that ALL wireless and/or “Smart” technology is vulnerable to hacking (see 1, 2, 3, 4, 5), inaccuracies and problems (see 1, 2, 3, 4). Nevertheless, sensors that operate and transmit wirelessly are still being used for experiments like monitoring the growth of spinach and considered for crucial tasks like sewage maintenance despite warnings about earthquake sensors being hackable. More recently experts have also warned that “Smart Farms” and IoT connected agriculture are extremely vulnerable. The possibilities for what could go wrong are staggering.
From IEEE Spectrum:
Cybersecurity Report: “Smart Farms” Are Hackable Farms Net- and IoT-connected agriculture could help feed 8.5 billion by 2030—but also may be broadly vulnerable to cybersecurity threats
Some have dubbed this the era of “smart agriculture”—with farms around the world scaling up their use of the Internet, IoT, big data, cloud computing and artificial intelligence to increase yields and sustainability. Yet with so much digital technology, naturally, also comes heightened potential cybersecurity vulnerabilities.
There’s no scaling back smart agriculture either. By the end of this decade we will need the extra food it produces—with world’s population projected to cross 8.5 billion, and more than 840 million people affected by acute hunger. Unless smart agriculture can dramatically increase the global food system’s efficiency, the prospect of reducing global malnutrition and hunger—let alone the ambitious goal of zero hunger by 2030—appears very difficult indeed.
Agriculture 4.0 (as smart ag is also called) aims not just at growing more food but also at increased efficiency, more powerful data analysis, and more intelligent automation and decision-making.
Although smart agriculture has been extensively studied, “the security issues [around] smart agriculture have not,” says Xing Yang from Nanjing Agricultural University in China. Research in the field to date, he adds, has mostly involved applying conventional cybersecurity wisdom to agricultural tech. Agricultural cybersecurity, by contrast, he says, is not given enough attention.
Yang and his colleagues surveyed the different kinds of smart agriculture, as well as the key technologies and applications specific to them. Agricultural IoT applications have unique characteristics that give rise to security issues, which the authors enumerate and suggest counter-measures for. (Their research was published in a recent issue of the journal IEEE/CAA Journal of Automatica Sinica.)
For example, while field agriculture might be subject to threats from damage to the facility, poultry and livestock breeding may face sensor failures, and greenhouse cultivation could face control system intrusions. All of these could result in damage to the IoT architecture, both hardware and software, leading to failure or malfunction in farming operations. Plus, there are threats to data acquisition technologies—malicious attacks, unauthorized access, privacy leaks, and so on—while blockchain technologies can be vulnerable to access control failure and unsafe consensus agreement.
In Yang’s opinion, the most pressing security problems in smart agriculture involve the physical environment, such as plant factory control system intrusion and unmanned aerial vehicle (UAV) false positioning. “The network for rural areas is not as good as that of cities,” he says, “which means that the network signals in some areas are poor, which leads to…false base station signals.”
The researchers also paid extra attention to agricultural equipment as potential security threats, something that recent studies have not done. “Considering that the deployment of IoT devices in farmland is relatively sparse and cannot be effectively supervised, how to ensure the physical security of these devices is a challenge,” Yang says. “In addition, the delay caused by long-distance signal transmission also increases the risk of Sybil attacks [which is] transmitting malicious data through virtual nodes.”
In their experiments with solar insecticidal lamps, for instance, they found that the lamp’s high voltage pulse affects the data transmission from Zigbee-based IoT devices and data acquisition sensors. Thus, Yang says, to minimize unnecessary losses, it’s important to study each device in the context of how it’s actually deployed in the field, including the possible safety risks of specific agricultural equipment.
The study also summarizes existing security and privacy countermeasures suitable for smart agriculture, including authentication and access control protocols, privacy-preserving frameworks, robust intrusion detection systems, and cryptography and key management. Yang is optimistic that the application of existing technologies—such as edge computing, artificial intelligence and blockchain—can be used to mitigate some of the existing problems. He says that AI algorithms can be developed that might detect the presence of malicious users, while existing industrial security standards can be applied to design a targeted security scheme for agricultural IoT.
This represents a significant research challenge, he says, because current datasets used in deep-learning approaches are not based on smart agriculture environments. Therefore, new datasets are required to build network intrusion detectors in a smart agriculture environment. “These [new] technologies can help the development of smart agriculture and solve some of the existing security problems,” Yang says, “but they have loopholes, so they also bring new security issues.”
It sounds like high-tech farms are more trouble than they’re worth even without considering the health and environmental impacts associated with technology like–
- mining for conflict minerals to make the tech,
- broken and/or obsolete tech adding to already dangerously high levels of unrecyclable E-Waste
- biologically and environmentally harmful electromagnetic radiation emissions from device