Food Security as a Geopolitical Weapon

 

"They've just become so common. Every week, I would say, we are getting contacted by farmers or food companies. It's one of the soft bellies of our critical infrastructure."

"I think we are all waiting for disaster."

Ali Dahghantanha, Cyber Science Lab, University of Guelph, Ontario

"These are all systems that we explicitly depend on every single day, and they have become extremely vulnerable to manipulation of all sorts."

"They're vulnerable because we haven't thought carefully about the security of how we set these systems up."

"I mean, it's truly terrifying, to be honest."

Even Fraser, director, Arrell Food Institute, University of Guelph

"The interruption of the global food supply is not collateral damage from the war in Ukraine."

"It is a planned hybrid weapon to further massively destabilize the global economy and political order."

Yulia Klymenko, Ukrainian MP, first deputy chair, Transport and Infrastructure Committee, Ukraine

"There is a lot of innovation happening in agriculture in Canada."

"So we are at risk from foreign-backed espionage."

Mohamad Yaghi, Agriculture and Climate policy lead, Royal Bank of Canada

Hackers could be waiting to cause disruption, or simply just monitoring and collecting data on foreign agricultural methods. Photo by Chung Sun-Jun/Getty Images

 

Last year Ali Dehghantanha's squad of engineers and computer scientists responded to dozens of reports from southwestern Ontario of hacks within farming and food production operations. Sometimes the incidents represent a bad link in an email with hackers demanding money to unlock a system or to return the farmer's data. In other instances hackers break into a farm system and threaten to kill livestock; chickens, cattle. 

In a third of the cases, investigators found evidence of state-sponsored hackers originating in
Russia, China, North Korea and Iran who have quietly gained access to control systems inside a farming operation. The University of Guelph is located close to Toronto in one of the province's most vital farming hubs. A group of specialists work out of the Cyber Science Lab, visiting banks, defence contractors, hospitals and farms. The lab received fifty calls from the food industry last year.

The realization dawned that the domestic food production system may be one of the most obvious cracks in Canada's national defences. Criminals or state-sponsored hackers breaking into systems to disrupt critical infrastructure like transportation or health care or food production only recently become plausible owing in part to Russia's invasion of Ukraine.

 

 Canada's Communications Security Establishment (CSE) the country's signals intelligence agency, warned that Russian-backed hackers are "exploring options for potential counterattacks" on critical infrastructure in Canada and other NATO allies supporting Ukraine.

 

A computer monitor is seen inside a GPS-equipped John Deere tractor. As farm use of technology and smart devices grows, experts say more needs to be done to protect against cyberattacks that could threaten food security. (Seth Perlman/The Associated Press)

 

Farms have become complex technical operations using networks of remote monitors measuring soil moisture, or robotic milkers capable of detecting an infection in a single teat, or environmental control systems maintaining the precise indoor temperature and air filtration requirements of a poultry barn. All of which in theory could be commandeered and held for ransom by a hacker. The U.S. Department of Homeland Security identified several "hypothetical threat scenarios" in its 2018 report where hackers could compromise agricultural operations. 

 

One scenario had a terrorist lift data on the health of a large livestock herd. "They modify the data to look like the herds have foot and mouth disease, and dump the data on the internet". In such an instance it could take weeks for lab tests to confirm the outbreak was in fact false -- in the interim causing trade issues and shaking public trust in the food supply. Another scenario had hackers manipulate moisture sensors in a farmer's soil, triggering watering systems to flood the fields and destroy crops.

 

In its invasion of Ukraine an effective part of the Russian playbook has been attacking agricultural infrastructure. EU trade counsellor Maud Labat warned that Moscow strategized how to wield food as a "geopolitical weapon". Its attacks on transportation and grain storage infrastructure, its months-long blockade of ports on the Black Sea choked off access to one of the world's most important bread baskets, driving up global grain prices last spring. Food shortage concerns intensified in developing nations depending on the region for imports. 

 

National Cyber Threat Assessment's latest report stated state-sponsored hackers are not likely to disrupt or destroy critical infrastructure unless Canada enters into direct hostilioties, leaving  hackers more likely to break into Canadian systems to collect information or "pre-position" in the event of a future conflict. Released last fall, the CSE report stated adversaries could use cyberattacks as a form of "power projection and intimidation".

 

 

"In the absence of a significant escalation in international hostilities, we assess it is unlikely that state-sponsored actors will intentionally seek to disrupt Canadian critical infrastructure and cause major damage or loss of life", advised CSE spokesperson Kyla Borden. "This is organized crime. These folks have HR departments. They have employees of the month awards. This is big business", explained John Hewie, a national security officer at Microsoft Inc., referring to sophisticated networks focusing on "big-game hunting" -- attacks where a hacker takes control of a system or data from a major business and asks for a steep ransom.

 

In fact, the Canadian food industry alone experienced a series of high-profile incidents late last year, a "cybersecurity incident" at Maple Leaf Foods Inc., one of Canada's largest meat packers. Empire Co.Ltd., Canada's second-largest grocery chain experienced a "cybersecurity intrusion" that snarled operations, expected to cost the company $25 million. According to Janos Botschner, lead investigator of the Cyber Security Capacity in Canadian Agriculture, approximately four to 11 percent of Canada's farms have had a cyberattack attempt on their operations. "This is very much an estimate, but it's probably also an under-report", he clarified. 

A farmer in a chicken barn in Ontario. Photo by Peter J. Thompson/National Post files