Auburn University professor says Russian hacking could impact US agriculture and much more
Russian hacking into the nation’s infrastructure could harm much more than computers and routers—it could have a potential impact on U.S. agriculture, food systems and municipal water supplies, says an Auburn University professor.
“The Russian government and military are quietly probing our nation’s computer systems that control our critical infrastructures,” said Bob Norton, chair of the Auburn University Food System Institute’s Food and Water Defense Working Group. He is a long-time consultant to the U.S. military and federal and state law enforcement agencies and editor of Bob Norton’s Food Defense Blog.
He says hackers are possibly using the hard-to-detect, cyber-probing activities as the door to larger corporate and government computer systems to steal proprietary information, gain access to financial data, steal credentials or identities and gain access to email systems. The systems can show no apparent damage even though hackers have accessed them.
“Their goals are to learn how our systems work, find out which larger networks are connected to them and to locate their weaknesses and defenses,” he said.
In the most sophisticated operations, however, Norton says the probing could remain hidden and be activated later if hostilities with the U.S. were to ever break out.
“These clandestine probing efforts could be weaponized to shut down computer systems and even destroy the power grid, the food supply chain, water plants and wastewater plants,” Norton said. “Equipment associated with farm operations, processing plants, irrigation and other operations could become targets.”
The Department of Homeland Security, Federal Bureau of Investigation and the United Kingdom’s National Cyber Security Centre in April released a joint technical alert about malicious cyber activity carried out by the Russian Government, including threats to residential routers. An additional technical alert was issued about home and office routers in late May.
The Food and Agriculture Sector is one of the 16 critical infrastructures identified by the Department of Homeland Security. “The most likely scenario would be for malware to destroy industrial control systems, which would cause food production to come to a screeching halt for a period of time,” Norton said.
The hackers are criminals sanctioned by the Russian government or are members of the Russian government and military, he says.
“The criminals’ first purpose is theft of credentials, identity and proprietary information, but they are also carefully watched by their government,” he said. “If the criminals find information of interest to the government, they make deals for the government to acquire it. The government largely controls the amount of activities by the criminals, allowing them to do more mischief during turbulent times and making them cut back if necessary.”
The U.S. agriculture industry and municipal water systems, he says, should prepare for an increased number of sophisticated cyber-attacks and probing efforts emanating from “persistent threat” nation states—China, Iran, Russia and North Korea—and criminal organizations.
“Our food and agricultural industries, as well as municipal water systems, should not rely solely on their own IT [information technology] staff, but should work closely with cybersecurity industry leaders to ensure their systems have not already been penetrated and to protect against future attacks,” Norton said.
He adds consumers can help prevent cyber-attacks against their home computers and smartphones by a variety of good security practices such as:
- Choosing strong passwords and changing them regularly;
- Rebooting home routers by turning them off for 30 seconds and then turning them back on;
- Installing and keeping up-to-date antivirus software;
- Avoiding consumer transactions or registrations on public Wi-Fi;
- Practicing safe browsing;
- Keeping all software up-to-date;
- Installing a firewall;
- Not installing freeware;
- Encrypting data files; and
- Maintaining email security.