in , , , ,

The Importance of Cybersecurity with Chris Sherman

Chris Sherman

Gone are the days of simple farm life, at least to some degree. While the wide open spaces and the ‘know your neighbor’ community feel still permeate through rural America, the technology involved in today’s agriculture operations is far too advanced for the status quo to go on as it previously existed—especially in regards to cybersecurity.

Chris Sherman, principal owner at Tech Support.Farm, is very aware of this problem. That’s why he has made it his and his company’s mission to bring farmers up to speed on cybersecurity—something that, unfortunately, is one of the last things on the minds of producers.

In April of 2022, the FBI came out and listed ag as one of the top 10 industries in the United States being targeted by cybercrime, this is alarming to Sherman and many others because agriculture is a key component of our national security.

While Sherman’s professional background is in business, he has immersed himself in the field of cybersecurity out of his commitment to agriculture. This is a cause that is near and dear to his heart. It’s about raising awareness to the risks posed by technological advancements in agriculture. Every new solution or advancement comes with its own cyber risk.

“I’ve been in and around ag for most of my life,” Sherman said. “My first job was at 11-years-old milking cows at 3 a.m. for the dairy farmer down the road. Around 2010, we were really starting to see technology revolutionize agriculture. I started to recognize that while these innovations were solving big problems, there was no digital security being implemented to protect our agribusinesses. I ended up starting this company and getting into cybersecurity almost by accident.”

For Sherman, there was a learning curve. But, being a child of the ’80s, he was very technically savvy and ready to handle the challenge. “I remember buying my first computer when I was a teenager, promptly broke it, and had to figure out how to fix it,” Sherman said.

Cybersecurity has evolved in recent years. The days of just using antivirus software like McAfee or Norton are long gone. The National Institute of Standards recently came out and released its framework, a five-piece guide that covers the different requirements for a complete cybersecurity stack.

You can find this complete guide at nist.gov/cyberframework/framework

One can imagine cybersecurity like the strategy we use when protecting our homes. Yes, locks on the doors are important, but so are smoke alarms, carbon dioxide monitors, cameras, motion detectors, sump pump alarms, or even your dog. All of these features contribute to our overall safety and security. Cybersecurity strategies are becoming very similar.

“Agriculture needs to start taking technology and cybersecurity seriously,” Sherman said. “Every day I see producers running multi-million dollar operations using residential grade hardware and a basic antivirus. We are lowhanging fruit for cyberattacks.”

Cyberattacks in ag involve a lot of phishing scams, and email spoof campaigns. These attacks are becoming incredibly sophisticated. They may try spoofing your ag lender and sending you Docusign attachments. Unfortunately, people fall for this and return the documents complete with signatures, routing numbers, and bank account information.

Industrial Control System (ICS) attacks are the other less discussed form of cybercrime. ICS attacks are defined as cyberattacks on equipment that is remotely operated, managed, or monitored. This type of attack is used for two primary purposes; holding an operation for ransom, or destruction of property. Ransom attacks are not new, but cybercriminals are becoming creative on how and when they target facilities. Crystal Valley Cooperative in Mankato, MN was attacked in September 2021, halting the company’s operations during peak harvest operations.

Industrial control system attacks can come in many forms, but they are all focused on disrupting business. Whether it is destroying hard drives that store operating software for dryers, robotics, irrigators, or other automated systems, or ransoming servers used to run critical farm operations, an ICS attack can have devastating consequences to any farmer.

According to Accenture, a leading global IT firm, in the United States, 60% of small businesses that fell victim to cyber criminals were closed within six months. Cyberattacks inside agriculture are still relatively new, we have a chance to lock our farms down before it is too late.

FBI Private Industry Notification Recommendations

On April 20, 2022, the FBI released a private industry notice detailing the potential increase in ransomware attacks against agricultural cooperatives during critical seasons. Here are the recommendations the bureau made during that notification.

  • Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
  • Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary.
  • Implement network segmentation.
  • Install updates/patches operating systems, software, and firmware as soon as they are released.
  • Use multi-factor authentication where possible.
  • Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong passphrases where possible.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Require administrator credentials to install software.
  • Audit user accounts with administrative or elevated privileges, and configure access controls with least privilege in mind.
  • Install and regularly update anti-virus and anti-malware software on all hosts. Only use secure networks and avoid using public Wi-Fi networks.
  • Consider installing and using a virtual private network (VPN). Consider adding an email banner to messages coming from outside your organizations.
  • Disable hyperlinks in received emails.
  • Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).

Tech Support.Farm

Tech Support.Farm focuses on the maintenance and optimization of the technological infrastructure crucial to modern agricultural operations. They offer 24/7 cybersecurity services to protect your entire agricultural business, coupled with robust disaster recovery solutions to ensure business resilience. Their services are tailored to meet the unique needs of the agriculture sector, with an emphasis on enhancing productivity, securing assets, and guaranteeing seamless operations in contemporary farming environments.


“As a managed security service provider (MSSP), our mission is two-fold. We work meticulously to prevent cyberattacks, and we are ready to respond when they happen. Tech Support.Farm lives by the saying ‘It’s not if, it’s when.’ To ensure our success we have forged deep relationships with both our security and cyber insurance partners.”

Unlike other MSSPs, Tech Support.Farm sources its security solutions from one company, Kaseya. The industry norm is to have anywhere from 10-15 different security software vendors.

“We utilize Kaseya for all of our security solutions. This type of dedication has strengthened our working relationship and ensures the best service for our customers. Kaseya answers our phone calls within rings not days. We have 24/7 access to security engineers and product specialists. Kaseya has taken a special interest in Tech Support.Farm and our mission. Every six months I meet in person with Kaseya’s leadership team, and we actively work to improve the security offerings and delivery methods. We strongly value this industry partnership.”

“In the event of a cyber breach, we rely on a company called Cysurance. The security solutions we use have been 3rd party tested and are warranted by Cysurance up to $500,000 per incident. Additionally, all clients of Tech Support.Farm are automatically entitled to a $1 million flat rate cyber insurance policy through them. The actions we take ‘right of boom’ or the moments immediately following a cyber breach will determine the level of success we have in recovering financial losses or how quickly we can get a farm back online. We work diligently with the Cysurance team to improve our incident response policies and best risk mitigation practices. Through tabletop exercises and routine security briefings we actively stay prepared for these inevitable events.”


Their services fall under three categories:

Maintenance

Network preventative maintenance, updates, security patches, backups, and hardware monitoring by IT professionals.

Cybersecurity

Protection against cyber threats, continuous monitoring, vulnerability assessments, and around-theclock incident response.

Disaster Recovery

Data backup, full system recovery, emergency planning, and rapid response to ensure business continuity after technology disruptions.


Exclusively Agriculture

“Tech Support.Farm is focused solely on agriculture. We do not serve clients from any other sector. Farms are not 8-5 operations and neither are we. During peak times, harvest, planting, etc., we are on call around the clock. It is our goal to provide the best onsite and remote service to our farmers. Our account reps are also your technicians, and they have backgrounds in ag. Clients will only deal with one person from our company. We are not in the business of churning through employees. These are long-term relationships built on trust.

Tech Support.Farm offers the best security solutions the industry has to offer, our people deliver the best service.”

Tech Support.Farm

techsupport.farm
Facebook | /TechSupport.Farm

What do you think?

Craig Whippo

The Connection Between Soil Practices and Our Food’s Future

Data Managament Graphic

Unlocking New Insights From Your Data