Agriculture in the crosshairs of nation-state sponsored hackers (1/5)

If you want to overcome your adversaries you must know both yourself and your enemies, and fully understand your enemies’ intentions. Hunt & Hackett has observed a discerning increase of activity of Advanced Persistent Threat groups (APTs) in the agricultural sector. In this series of blogs, the threat posed by APTs to agriculture industries is analyzed and it is explained what motives lie behind these cyber-attacks. In this first part, the outlines of the global agricultural industry are being discussed and why APTs are a real threat for the leading organizations involved in the sector, from seed breeders to greenhouse technology.

“Know the enemy and know yourself; in a hundred battles you will never be in peril. When you are ignorant of the enemy, but know yourself, your chances of winning or losing are equal. If ignorant both of your enemy and yourself, you are certain in every battle to be in peril.”

- Sun Tzu, the Art of War


The current global food system produces enough food to feed the entire world population. However, production is very unequally distributed, and a large share of the world population does not have access to enough food. China, Russia, USA, India and Brazil together produce over half of the world’s food supply in absolute terms. Yet, these countries have struggled to defeat malnourishment or famine within their own borders, let alone past them. This indicates the difficulty of fair food distribution. The regions of Africa and the Middle East are very dependent on food-imports, meaning that their levels of production are not meeting the growing demand. To make matters worse, in the regions where the output is already low, food production is threatened by climate change (flooding, irregular rain seasons etc.), land degradation, and lack of investments. All over the world, policymakers, farmers and researchers make tremendous efforts to increase the yields, which they have, but unfortunately far from enough to catch up with the surge in demand.


The World Food Program (WFP) has set the (over)ambitious goal of achieving zero hunger in the world by 2030. To overcome the challenges and provide enough food for the projected population of 10 billion people in the 21st century, the agricultural industry will need a drastic transformation. In many countries production is limited by outdated techniques, inefficient use of available land and the depletion of slow- or non-renewable resources. Efficiency, sustainability, and resilience can all be improved through the development of new technologies and innovations. Over the years, the sector has been moving from disconnected, independent and uncoordinated operations to highly interconnected, dependent and coordinated operations that have enhanced efficiency of both quality and quantity of yields. This is an ongoing process is also known as agriculture 4.0, which is part of industry 4.0 (see also Figure 1).

 

History-of-Industries

Figure 1 - The evolution of industrialization.


The inevitable transformation of the agricultural sector must happen throughout the entire food system. All cogs in the wheel, from small farming companies to massive biotech companies, are combining efforts to tackle the challenge of feeding the world while moving towards sustainability. Innovations at the smallest level can lead to substantial changes in the industry. This is also why all innovating businesses, from small farms to big agricultural enterprises, should expect unwanted attention from countries all over the world. Nation-states are aware of the interconnected nature of agriculture and will seize every opportunity to make sure they are up to speed on the latest innovations in their drive for yield growth while transitioning to agriculture 4.0. For some countries, this means complementing licit activities to gain knowhow, Intellectual Property (IP) and technology with carrying out illicit cyber operations, leveraging their APT-groups as part of the mix. Hunt & Hackett has researched the agricultural industry as a whole with all its subdivisions and related industries. This is because agriculture has a lot of overlap with (green) biotech and industrial industries. Also, as already mentioned, the rise of agriculture 4.0 is part of industry 4.0, developing and applying the same Internet of Things (IoT) and big data technologies. If the APTs active in these related industries haven’t shown activity in agriculture already, it is only a matter of time before they will.

 

In order to outsmart your digital adversaries, it is key to understand how they operate. Hunt & Hackett tracks their preferred attacking methods so you can build resilience against them. Hunt & Hackett has observed 111 APTs from many different countries targeting agriculture, (green) biotech and industrials. In their effort, 1574 Tactics, Techniques & Procedures (TTPs) and 1442 Tools have been used. It is vital to understand that these are known observations. Many cyber-attacks are not being reported or made public, rendering the actual numbers of Tools and TTPs much higher.

 
  APTs TTPs Tools
Agriculture, Biotech & Industrials 111 1574 1442
Biotech 57 921 865
Agriculture 19 371 354

Table 1 - The number of APTs, and the TTPs and Tools they used in agricultural and related industries as observed by Hunt & Hackett

 

In this first part of the series, Hunt & Hackett has introduced you to the outlines of the global agricultural industry and its challenges, and why every innovating company in the industry should expect to be in the crosshairs of other nation-states. In the next part, it is analyzed why nation-states resort to cyber-attacks on agriculture so easily and who are the main concerns currently.

Keep me informed

Sign up for the newsletter