The December 2022 issue of IEEE Spectrum is here!

Close bar

Cybersecurity Report: “Smart Farms” Are Hackable Farms

Net- and IoT-connected agriculture could help feed 8.5 billion by 2030—but also may be broadly vulnerable to cybersecurity threats

3 min read
Aerial view of a farmer using a digital tablet monitoring vegetables on large scale vegetable farm
Photo: Martin Harvey/Getty Images

This article is part of our exclusive IEEE Journal Watch series in partnership with IEEE Xplore.

Some have dubbed this the era of “smart agriculture”—with farms around the world scaling up their use of the Internet, IoT, big data, cloud computing and artificial intelligence to increase yields and sustainability. Yet with so much digital technology, naturally, also comes heightened potential cybersecurity vulnerabilities.

There’s no scaling back smart agriculture either. By the end of this decade we will need the extra food it produces—with world’s population projected to cross 8.5 billion, and more than 840 million people affected by acute hunger. Unless smart agriculture can dramatically increase the global food system’s efficiency, the prospect of reducing global malnutrition and hunger—let alone the ambitious goal of zero hunger by 2030—appears very difficult indeed.

Agriculture 4.0 (as smart ag is also called) aims not just at growing more food but also at increased efficiency, more powerful data analysis, and more intelligent automation and decision-making.

Although smart agriculture has been extensively studied, “the security issues [around] smart agriculture have not,” says Xing Yang from Nanjing Agricultural University in China. Research in the field to date, he adds, has mostly involved applying conventional cybersecurity wisdom to agricultural tech. Agricultural cybersecurity, by contrast, he says, is not given enough attention.

Yang and his colleagues surveyed the different kinds of smart agriculture, as well as the key technologies and applications specific to them. Agricultural IoT applications have unique characteristics that give rise to security issues, which the authors enumerate and suggest counter-measures for. (Their research was published in a recent issue of the journal IEEE/CAA Journal of Automatica Sinica.)

For example, while field agriculture might be subject to threats from damage to the facility, poultry and livestock breeding may face sensor failures, and greenhouse cultivation could face control system intrusions. All of these could result in damage to the IoT architecture, both hardware and software, leading to failure or malfunction in farming operations. Plus, there are threats to data acquisition technologies—malicious attacks, unauthorized access, privacy leaks, and so on—while blockchain technologies can be vulnerable to access control failure and unsafe consensus agreement.

In Yang’s opinion, the most pressing security problems in smart agriculture involve the physical environment, such as plant factory control system intrusion and unmanned aerial vehicle (UAV) false positioning. “The network for rural areas is not as good as that of cities,” he says, “which means that the network signals in some areas are poor, which leads to…false base station signals.”

The researchers also paid extra attention to agricultural equipment as potential security threats, something that recent studies have not done. “Considering that the deployment of IoT devices in farmland is relatively sparse and cannot be effectively supervised, how to ensure the physical security of these devices is a challenge,” Yang says. “In addition, the delay caused by long-distance signal transmission also increases the risk of Sybil attacks [which is] transmitting malicious data through virtual nodes.”

In their experiments with solar insecticidal lamps, for instance, they found that the lamp’s high voltage pulse affects the data transmission from Zigbee-based IoT devices and data acquisition sensors. Thus, Yang says, to minimize unnecessary losses, it’s important to study each device in the context of how it’s actually deployed in the field, including the possible safety risks of specific agricultural equipment.

The study also summarizes existing security and privacy countermeasures suitable for smart agriculture, including authentication and access control protocols, privacy-preserving frameworks, robust intrusion detection systems, and cryptography and key management. Yang is optimistic that the application of existing technologies—such as edge computing, artificial intelligence and blockchain—can be used to mitigate some of the existing problems. He says that AI algorithms can be developed that might detect the presence of malicious users, while existing industrial security standards can be applied to design a targeted security scheme for agricultural IoT.

This represents a significant research challenge, he says, because current datasets used in deep-learning approaches are not based on smart agriculture environments. Therefore, new datasets are required to build network intrusion detectors in a smart agriculture environment. “These [new] technologies can help the development of smart agriculture and solve some of the existing security problems,” Yang says, “but they have loopholes, so they also bring new security issues.”

This article appears in the May 2021 print issue as "Hack-Proofing the "Smart-Farm."

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less