Agri-food producers and agri-tech entrepreneurs are busy trying to move their companies forward, often overlooking the importance of cybersecurity. Sushant Katare, CISSP and Senior Cybersecurity Manager with the Centre for Cybersecurity Innovation at Durham College, warns that this lack of prioritization is risky business for everyone
By Tabitha Caswell for Bioenterprise
Agri-tech and farming businesses in Canada are increasingly adopting digital technologies. This digital transformation brings beneficial improvements like efficiency and productivity. However, it also brings new cybersecurity challenges.
Currently, the Canadian agri-food sector is vulnerable to cyber threats due to the rapid pace of technology adoption and a lack of robust security measures. Talk of cybersecurity threats is commonplace now, but despite growing awareness, many agricultural businesses have yet to implement comprehensive cybersecurity strategies. This leaves critical systems and data at risk, highlighting the urgent need for better protection measures.
Sushant Katare is a Certified Information Systems Security Professional (CISSP), Senior Cybersecurity Manager with the Centre for Cybersecurity Innovation at Durham College (DC), a Knowledge and Development Partner of Bioenterprise.
Sushant is a seasoned consultant and mentor with more than a decade of experience in the world of cybersecurity. As an entrepreneur, he built innovative cybersecurity solutions and grew business operations in multiple industries. He brings his niche expertise to the conversation to shed light on the risks and challenges Canadian ag-tech entrepreneurs, startups, and businesses face. Further, he offers resources and a simplified explanation of solutions to implement.
Importance of Cybersecurity in Agriculture
Cybersecurity refers to the practice of securing hardware, software, and data from unauthorized access by criminals. This includes anything connected to the internet like computer systems, devices, networks, and stored data. In agriculture, cybersecurity is necessary to safeguard technologies used to manage crops, livestock, and supply chains.
Cyberattacks can be targeted or random. In the war between Russia and Ukraine, Sushant describes a targeted attack, saying, “Russia is not only attacking Ukraine on the border front, but it’s become a cyber war, and Ukrainian farmers are a target. If a country attacks another country’s agriculture industry, then the whole food supply chain can be affected. This can be linked to inflation and the country’s wider economy.”
Canadians might feel safe because our country is not at war. We don’t have enemies and many small producers and startups aren’t on the radar of cyber criminals. But it’s not that simple. Sushant explains, “For Canadian agri-tech companies and modern farms, attacks are not targeted. They will likely originate from a database of millions of Internet Protocol (IP) addresses an attacker has automated to look for vulnerabilities. And your IP address might be on that list.”
The Internet of Things (IoT) plays a crucial role here, connecting devices and systems to collect and share data. Examples of IoT devices are sensors to monitor soil conditions and livestock health, drones to collect data and automated irrigation systems.
Sushant says, “The more unmonitored IoT devices you have in your infrastructure, the larger the attack surface you leave exposed to various different types of attacks.”
These interconnected devices and systems create vulnerabilities (weaknesses in systems, networks, and applications) that cybercriminals can exploit. Therefore, robust cybersecurity measures are essential to protect sensitive data and ensure the smooth operation of agricultural activities.
If your agri-business is attacked, there is a high chance that these attacks might cripple your production, wipe out your data, and take your systems offline for an extended period. No farmer or entrepreneur wants that. Considering these undesirable consequences, why is cybersecurity so low on the priority list for many?
Current State of Cybersecurity and Reasons for Slow Adoption
Sushant says that for most agri-business owners lack of awareness is the root cause for placing cybersecurity at the bottom of the list. “But we should care, because this lack of awareness is putting us in a dangerous place. The impact of any small cybersecurity attack grows like a snowball effect. Once one part of a system is attacked, the whole system becomes vulnerable.”
Some businesses might have implemented basic safeguards early on in their development, but have outgrown them, requiring more robust protection solutions. Sushant says that it might seem complicated to introduce new tools into an existing system, but that’s usually not the case.
Additionally, many organizational leaders misunderstand the size of the budget required to put these solutions in place.
“Cybersecurity solutions are more affordable than many people think,” says Sushant, explaining that budgets are often believed to be much higher than necessary. “The budget you have in your mind is usually more than what you need. Implementations are not costly all the time,” he says.
When discussing budgets, Sushant advises working with a professional to prioritize your unique organizational needs and apply your resources where they have the most impact.
Lack of awareness and misperceptions of obstacles hinder the adoption and uptake of good cybersecurity hygiene for Canadian farms and agri-tech businesses. This is precisely what Sushant Katare and his team at Durham College aim to address.
Cybersecurity at Durham College
As the Senior Cybersecurity Manager, Sushant leads the Centre for Cybersecurity Innovation. In collaboration with industry experts, Sushant and his team have developed this first-of-its-kind ecosystem for Durham Region and surrounding areas. Why is this innovative team sprouting roots here?
Located east of Toronto, spanning from the shores of Lake Ontario up to Lake Simcoe, food and agriculture production drives the economy of Durham Region. Recognized as an educational leader in food, farming, and technology, Durham College offers the Horticulture – Food and Farming and Horticulture Technician programs.
With a mandate to support local economic and social development, DC is an ideal partner. The team is committed to providing access to applied research services and education in cybersecurity to current and aspiring cybersecurity professionals as well as public and private-sector organizations.
“After identifying the gaps and determining which services to provide, we’ve made it a priority to keep the solutions cost-effective and affordable,” says Sushant. He adds, “We are focusing on awareness and education by creating various training programs: basic general awareness to educate staff members on making informed decisions and avoiding obvious cyber traps, management-level training to help cultivate a cyber-aware culture, specialized programs for IT professionals to help them identify and proactively address vulnerabilities in the infrastructure, and a highly innovative training program designed to educate IT professionals about operational technology (OT), with an emphasis on IoT.”
The College also offers a graduate certificate program for aspiring cybersecurity professionals. The comprehensive eight-month, full-time program teaches students how to develop, evaluate, and support IT security solutions including the necessary skills to formulate and implement security policies and procedures for protecting vital information assets.
Steps to Improve Cybersecurity in Agriculture
According to Sushant, tackling the lack of cybersecurity in Canadian food and agriculture begins with awareness and education.
“We need to provide easy access to plain language guides that clearly outline the best ways farmers and entrepreneurs can reduce possible exposure to cyber threats,” says Sushant. These guides should cover how to prevent attacks and how to manage them when they occur.
“Generally, when working with a new client, we first identify all the assets for the organization to create a cyber threat map,” he says. This includes all computers, automated systems, network and applications. Drones, feeding systems, remote sensors, and robots, as well as data and data management systems, and financial recording systems – it’s important that nothing is omitted or overlooked.
“Next, we cross-check for vulnerabilities, considering the worst-case scenario, asking questions like, ‘If your web server is attacked tomorrow, will you still be able to run your business? If your infrastructure is encrypted by ransomware, are you ready to be up and running within a few hours?’ We ask these questions while considering the whole infrastructure to expose gaps. Then we suggest which unique solutions are best suited,” Sushant explains.
Solutions included backup controls, firewalls, software, and other tools to protect from data breaches, operational disruptions, ransomware attacks, and theft. Considering solutions, we can circle back to address perceptions of obstacles. Affordability – can I afford this? Options – how will I know what I need? Support – who can I trust for help?
Building a Cybersecure Canadian Agri-Food Sector
Until recently, these questions have been difficult for farmers and producers to answer. Since a welcomed injection of funding from the Government of Canada in 2021, progress toward education and adoption of cybersecurity in agriculture is being realized.
Collaboration between academic institutions, government, and industry should maintain momentum, moving this critical topic in the right direction. Thankfully, trusted sources like the Centre for Cybersecurity Innovation at Durham College are joining forces with key partners to create clear pathways to success in the adoption of cybersecurity in Canadian food and agriculture.
Reflecting on Sushant’s warning, “The impact of any small cybersecurity attack grows like a snowball effect,” the whole agri-food community must be accountable. One small attack could trigger widespread, serious issues for the rest of the country.
If you’re an agri-tech entrepreneur or established business owner, a farmer, or a producer, it’s time to prioritize cybersecurity – for your business and the security of our food system for all Canadians.
Visit the Durham College Centre for Cybersecurity Innovation website to connect with the team or email Sushant directly at Sushant.Katare@durhamcollege.ca to learn more.