Threats from the cloud – equipment and cyber attacks

Perhaps it’s just selection bias or a result of clever social media algorithms, but it seems like thefts of farm equipment are happening with higher-than-usual frequency.

Indeed, a quick search reveals regularly occurring incidents of farm equipment theft in Canada (I can’t speak to other political jurisdictions) in recent months and years. This seems to be in addition to the usual rash of thefts targeting power tools, truck, parts like catalytic converters – perennially popular among thieves due to their dollar value – and other easily-plucked items. Unless perpetrators are apprehended quickly, rightful owners can pretty safely assume they will never see such items again.

Large or new farm equipment might be harder to make disappear, of course – and not just due to size.

Remote disabling – can it work both ways?

As reported by CNN in early May, for example, John Deere was able to identify the location and completely disable a large number of machines stolen from Ukraine by Russian invaders. Granted, this happened in a warzone, and a significant portion of the machines will certainly not be seen by the rightful owner again anyway.

The right kind of tech could assist farmers and police when equipment thefts do occur

But the fact remains – the right kind of tech could assist farmers and police when equipment thefts do occur. At the very least, a person can take satisfaction in the knowledge that the disabled machines are a source of frustration. And in more peaceful settings, perhaps it’s not a stretch to say the original owner may see it returned.

Flip things around, though, and the situation might be very, very different.

Let’s once again consider the Russians, whose cyber criminal capabilities have long been a source of anxiety to the western world. What if they were the ones able to disable the machinery fleet?

What would happen if a well-timed attack disabled or outright damaged every tech-laden John Deere or Case-IH combine and tractor?

Imagine the situation – it’s the middle of harvest, with much of Europe and North America a hive of activity. What would happen if a well-timed attack disabled or outright damaged every tech-laden John Deere or Case-IH combine and tractor? Even if such an attack targeted a specific model, specific operating system, or even a specific region at a critical time in the season, what supply chain and financial problems would result?

(Also, please forgive me if my terms don’t make sense – I’m not a programmer).

Perhaps worse, what if someone is able to hijack a system by implementing minute changes otherwise unknown to the operator? What if, for example, an autonomous system continues to tell the nearby operator all is well, despite planting seeds at the wrong depth? Or that all systems are normal when the engine is about to hemorrhage critical parts?

Are these scenarios likely? Probably not – but they are possible. The potential for even more severe instances in AI-driven machines is significant should issues not be caught in time. Remember, too, that cyber attacks do not have to catastrophically harm a given system for you as an operator or business to develop migraines and grey hair.

Maybe this is another argument for the right-to-repair, come to think of it. If Russians hijack my hypothetical X9, it sure would be nice to keep rolling analogue.

Advertising cyber-secure machines

Were I a betting man, I’d hazard to guess companies such as major equipment manufacturers do devote significant resources to securing their digital platforms. Despite the clear importance of cyber security, however, it does not appear as a selling point in machinery marketing. The same might be said of the automotive industry. How often, after all, do you see new vehicles marketed with top-notch antivirus built in?

This thought was most recently introduced to me via a conversation with David Masson, a long-time digital security professional and director of enterprise security for the globe-spanning AI and cyber security company Darktrace.

“It will basically vandalize a field, and do it all at the same time,” says Masson, referring to a hypothetical AI-driven machine which was subject to a cyber attack.

“I haven’t seen VPN, firewall, and antivirus being used in these products. No one is asking when the last time the [car or tractor] was virus checked.”

Even if someone doesn’t drive an X9 combine, how many modern homo sapiens do not carry – and heavily rely on – the Apple or Android computer in their pocket? How many companies have access to important information about you? How many avenues to larger networks could a hacker access if they discreetly gained access to your home devices or software login credentials?

Threats can go both ways

Threats can go both ways, after all. As Masson reiterates, tech developers must ensure cyber security is top-of-mind from the start, not an end-product add-on. Individuals, too, need to remember they can easily, if not unknowingly, be part of a threat actor’s greater plan.

The fact is, at least in part, we’re all reliant on one another for our own digital security. That means each of us needs to take at least basic steps to better our collective protection.

Change your passcodes once in a while. It’s good for everyone.