Picture the scene: it’s the near future, and fields of lettuce are being sprayed by automatic smart tractors, controlled remotely from a central computer. Suddenly the tractors veer off course, wildly traversing the field while randomly dumping pesticides, destroying large swathes of crops.
As dystopian as it might sound, experts are beginning to sound the alarm over just such a possibility. With the massive expansion of automatic and remote farming as part of the online “Internet of Things”, the vulnerability for such systems to get hacked or hit by malware only increases. And agriculture is falling behind.
“McKinsey [the consultancy firm] has done some work on the digital agenda, as have Accenture,” says Martin Collison, founder of consultancy Collison & Associates, “and in both cases they found the food chain was behind the curve; we were being slow taking up what digital can offer.”
Collison has an extensive CV in agriculture, with a background in production, having worked on the family farm selling cut flowers for exports, before moving into consultancy work. In 2012-13 he helped develop the UK’s Agri-Tech Strategy. Increasingly he is turning his experience to the issue of cyber security.
“It’s a new field and people are beginning to recognise the challenges,” he says. “People are increasingly relying on computer systems to control their processes. If you have a glasshouse with tomatoes or cucumbers and the system is hacked, it’s possible that the system gets a virus attack and you are at risk of losing a crop that has high value. We are relying more and more on those systems to control every aspect of the supply chain, from production such as in glasshouses, to cold storage.”
Attacks on production might just be the tip of the iceberg however. Collison emphasises the rapidly emerging sphere of “big data” as another hotspot for cyber attacks.
“Every aspect of the food chain, from the way we control the farm production process to the control systems in glasshouses and cold chain automation, a lot of that depends on data being exchanged,” he says. “Everything is being recorded as data.
“If you look at robotics that have to communicate with a central control system too, the amount of data is increasing at an exponential rate at the moment and that will continue for at least ten to 20 years. The challenge that comes with that is who else has access to that data and how it will fit in with traceabilty schemes.”
Recent EU legislation has helped demarcate the owners of this new data dump, but it’s not clear to what extent that will solve the problem long term.
“The EU passed a code of practice on sharing agricultural data, as there were growing concerns from farmers about how data was being shared with the supplier of the machine and they don’t have control of the data,” says Collison.
“The new code means that the data belongs to the farmer and suppliers can access the data but only for the purpose of supporting the farmer. This will raise broader questions about who owns the data, of which cyber security is a part.”