YOUR BEST PRACTICE
enable an attacker to remotely control and exploit on-field sensors and autonomous equipment. Potential agricultural attacks can create an unsafe and unproductive farming environment. For example, exploits that have the ability to destroy an entire field of crops, flood the farmlands and overspray pesticides can cause unsafe consumption as well as economic deterioration. Threats to smart irrigation and sensors can range from physical compromise to falsifying data.
Because various technologies are integrated into one agricultural process, the cybersecurity tasks are increased. For example, an irrigation system has smart sensors/actuators, communication protocols, software, traditional networking devices and human interaction. These complex systems are often outsourced from diverse vendors produced for many kinds of environments and applications, which increases the attack surface, and cybercriminals can exploit vulnerabilities to compromise one or other parts of the agricultural application. Consider that hardware vendors for a highly specialized agricultural machine still utilize outside solutions for subcomponents like network interfaces and open-source software implementations of communication protocols. Such components are commonly utilized by many hardware vendors for both agricultural and non-agricultural applications, making them a potentially profitable target for cybercriminals. A vulnerability in such components can quickly turn a small agricultural operation into an unintentional tertiary target for attackers.
ADDITIONAL SOFTWARE OFFERS ENHANCED SECURITY
Although replacing legacy systems and networks can be costly, it is essential to work with vendors and cybersecurity experts to implement updates and overhauls of outdated systems. Seek the help of internal or external advisors to prioritize risk and develop a realistic approach and plan for enhancing cybersecurity. At a minimum, comply
irrigationtoday.org
with basic standards including restricted physical and technical access, firewalls, logging and encryption.
Additionally, many control systems are simply overexposed to the internet by remote desktop applications (e.g., RDP and TeamViewer). In an attempt to provide process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk.
Advanced remote alarm notification software provides a more secure alternative to remote desktop, allowing remote operators access to only the information they need from the control system and not access to the operating system host. Such notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. This is done by deploying notification solutions alongside the supervisory control and data acquisition system at the network’s control level and using notification modalities that are not
Of course, there are valid use cases for desktop sharing software that do not violate principle of least privilege and go well beyond operator access to process information. For such systems it’s critical that the remote desktop solutions be implemented with sound security. Farming operations should not use unattended access features, and information technology leaders should configure the software such that the application and associated background services are stopped when not in use.
There are several steps that should be taken to improve cybersecurity:
• Update any software to the latest version.
• Deploy multifactor authentication; favor authentication apps and SMS over codes sent to email.
• Use strong passwords changed periodically where multifactor authentication cannot be employed.
• Ensure antivirus systems, spam filters and firewalls are up to date, properly configured and secure.
• Require personnel to go through cybersecurity awareness training.
• Create or review backup and recovery plans.
These attacks illustrate how easy it can be to hack industrial systems due to many organizations failing to implement even the most basic security measures, such as changing default passwords and leaving unprotected systems exposed to the internet.
internet-facing or distributing internet- facing notification processes to higher levels. For example, internal email servers, SMS modems and voice via PBX devices allow communication with the outside world without internet exposure. Likewise, distributing the processes that interface with SCADA/control systems from those that interface with external email servers, VoIP solutions and cloud apps allows for internet-based notifications without compromising security.
While smart irrigation has revolutionized the way agriculture operates, it can make systems more vulnerable to cyberattacks. However, implementing technology protocols, turning to real-time data collection and reports, and remote alarm notification software can help avoid cyberattacks and optimize operations.
WInter 2024 | Irrigation TODAY 29
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40
