News of hackers remotely tapping into the electronics onboard a Jeep Cherokee last summer resulted in a tailspin of concern in the farm industry of whether tractors would be susceptible to the same type of cyberattack.
The answer, in a word, is yes, says Michael Wagner, CEO of Edge Case Research, a company he co-founded to help make autonomous vehicles and other complex software-based systems safer and more reliable. His company writes software algorithms for industry that helps keep everything from planes to trains and automobiles safe.
He says any vehicle with onboard electronics and a modem to transmit data can be tampered with, and just because it’s rural, doesn’t mean it can’t be hacked.
“Our vehicles are getting more connected and they’re getting connected because it gives us new features,” Wagner says. “But it also opens up security risks and people don’t know that those risks are there. They’re getting into vehicles without realizing that these risks exists and if nobody thinks about that then manufacturers aren’t going to work on to improve that.”
This threat was underscored in March, when the FBI, along with the Department of Transportation and the National Highway Traffic and Safety Administration, issued a public safety announcement warning consumers and manufacturers about the increasing risk of cyberattacks on motor vehicles.
As stated in the announcement:
“Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.”
A history of protection
Wagner worked for sixteen years developing robotic systems for the Department of Defense and NASA. He now uses that knowledge to test and safeguard vehicles used for other industries including agriculture.
“Over the past 20 years, the robotics industry has looked at how to build these autonomous systems to do useful tasks,” Wagner says. “Now we’re getting to the point where the robots can do them well enough that they become commercially valuable and useful. It’s no longer just early stage research. So now we have to face issues of whether we can trust those systems to be integrated into our everyday lives.”
What Wagner and his group are doing is developing testing and design techniques and verification methods that manufacturers can apply to software-driven systems used in safety-critical environments such as highways, construction sites, and more recently, farm fields.
Wagner says there are many ways his company works with manufacturers: “If they are developing a product that’s using some sort of autonomous algorithm, we can help design it using best practices from the field of reliability of engineering. Once they start to build it, we can also test it for them, and so we’re sort of helping to do the product design.”
Wagner says the advent of self-driving farm vehicles, including Unmanned Aerial Vehicles, makes safeguarding more complicated
“For example, an autonomous tractor must sense the world around it to make sure that if someone walks in front of the vehicle, it stops safely, or if there is some sort of obstacle, that it can detect that,” Wagner explains. “So those kinds of applications are things that we would look at.”
He says testing for these types of scenarios is very difficult, and he says many companies just don’t have that expertise.
“The reason why these problems are problems is because they’re hard,” Wagner says. “It’s not because someone is not doing something or working hard or being diligent. Testing these systems is really complicated and so we think we found some tricks to help make it more effective.”
While Wagner’s group works with manufacturers primarily, he says there also are things farmers can do to reduce the chance of their tractors and other farm vehicles being hacked. Unless you are an information technology expert, this means relying on the manufacturer of the equipment to safeguard what they sell. Wagner says farmers need to ask some tough questions, specifically what safety measures are they employing.
“When we’re talking about quality systems that you can trust, you need to be really looking for a strong safety agreement and not just say, well, this system has been used for a couple of years so I should trust it,” Wagner says. “Why should you trust them? Explain to me what kind of testing have you done? What kind of quality assurance process did you use when you built the system?”
He says the bottom line for farmers is awareness. “There needs to be the acknowledgement that there is a real safety issue here that needs to be addressed by manufacturers,” Wagner says. “Products must be designed with safety in mind. So, as we go and use these systems as consumers, we need to demand that security measures are baked into them from the beginning.”
How manufacturers are safeguarding their software-driven systems
We asked some of the major farm industry players what steps they are taking to ward off cyberattacks on the equipment and software systems they sell. Since data security practices are by nature a sensitive topic, specific strategies could not be addressed. But here are some of the companies that took the time to offer thoughtful responses on how they are helping to ensure their products are secure.
“Our customers’ data is of the utmost importance and we actively work to ensure the highest level of security for our farmers. We continuously evolve our security methods, including adopting the latest technologies and installing several layers of hardware and software security on vehicles, to stay ahead of cyber threats.”
- Leo Bose, Advanced Farming Systems Marketing Manager – Case IH North America.
Climate aligns with the ISO (International Organization for Standardization) 27000 family of standards, which helps organizations keep information assets secure. We take security very seriously and are committed to actively working to continually improve our security program. Additionally, we have been and continue to implement internal processes and policies that ensure our Climate FieldView platform is secure. This is an ongoing process that is continually being assessed and improved as the security landscape changes.
Climate is constantly evaluating our internal security policies, processes and ongoing threats. We have an entire data security team dedicated to this specific area. We’ve conducted our own internal security assessments of Climate FieldView. Additionally, we employ a 3rd party to conduct penetration testing of our systems and work closely with them to identify and quickly resolve any potential issues we may find.
Quality assurance testing is a key component of our overall software development lifecycle. In addition to standard development and production quality assurance, we also run security assessments and engage with 3rd parties to conduct testing.
- Chelsea Shepherd, public relations manager, The Climate Corporation
For agronomic data, we have a two pipe strategy so we are not storing any data, but only facilitating the transfer to/from the machine to the software solution the farmer chooses.
“We adhere to data security standards and best practices to protect our customers’ information. For security reasons, we do not publicly discuss specific security measures beyond that.
- Ben Craker, product manager, data, partnerships and standards, Global ATS, AGCO Corporation