Transcription of Feed & Grain Chat with Alan Raveling, OT architect for Interstates.
Elise Schafer, editor of Feed & Grain: Hi everyone, welcome to Feed & Grain Chat. I'm your host Elise Schafer, editor of Feed & Grain. This edition of Feed & Grain Chat is brought to you by WATT Global Media and Feedandgrain.com. Feedandgrain.com is your source for the latest news, product and equipment information for the grain handling and feed manufacturing industries.
Today, I'm joined on zoom by Alan Raveling, OT architect for Interstates, a company that offers electrical construction, engineering and control systems solutions. He's here today to discuss how agribusinesses can arm themselves against cybersecurity threats. Hi, Alan. How are you?
Raveling, OT architect for Interstates Doing well, Elise. Thanks for having me.
Schafer: Yes. Thanks for coming on. Alan, earlier this year, the FBI issued a special bulletin to the ag industry, warning that cyber attackers are launching their attacks at times of the year when certain businesses are most vulnerable. So, what does that mean for agribusinesses and how can they be more vigilant during these times?
Raveling: Great question. You know, in agriculture there is really two times a year that there's a lot going on and where you're going to be your most vulnerable. Obviously, during the harvest season is when most of the attention is on agriculture. Grain needs to come out of fields, things need to get milled or refined, and the other part of that season is the amount of customers coming in and out of the buildings. You just have a lot more people and a lot more opportunities for unexpected individuals to show up, which is more normal.
The other season in a year that sees a lot of activity is also the planting time. You have a lot of orders coming in, you have a lot of people making requests for material and supplies. Again, it's another opportunity where people expect some unfamiliarity in correspondence. People might be more receptive to emails with attachments for questions or comments or requests for quotes or proposals.
So, those times of year when you have a lot of strangers, you have a high expectation of things coming into inboxes or phone calls being made — after a while your guard tends to drop because it's so much more occurrent of opening attachments, calling people up, having those conversations with unexpected individuals. But those are times you need to be the most vigilant and asking yourself, ‘would I do this during a slow time of year? Is this the way I normally interact with a purchase request is this type of form something I normally deal with?’
And if you don't give yourself pause, that's when the attacker has an in. That's when things start to go south.
Schafer: Well, most people know to be aware of ransomware. But can you explain exactly how ransomware on one employee's computer can end up impacting the entire company?
Raveling: Certainly. That's a good point. It only takes one person, one laptop, one tablet to really compromise an entire company. And the way that works is when you have a piece of ransomware — it might be as part of an attachment to a file, it might be a website you clicked on — but, essentially what happens is some nefarious software, some evil application ends up running on your device. And that then acts as a point of entry into your network. So, it could be onto your corporate network, or it could be into the controls network where you actually have your equipment running and operating. But in either case, once that software begins to run, part of what it does is it attempts to spread to other devices.
It may attempt to encrypt or lock up sensitive files or documents. Many times these pieces of software explicitly look for Excel documents or Word documents or perhaps they do searches on keywords to identify important folders or materials. And depending on the access that the person has where this malicious software is running, where this ransomware is executing from, you could end up with a lot of material locked up and behind some sort of ransom. The bigger targets, the more impactful targets for ransomware are people with a lot of access in the company.
So, if a social engineer tracks or targets an engineer of the control systems, that has the potential to impact the operations. If they target their phishing campaign towards people in accounting or management, typically, those people have access to a lot of enterprise or confidential or business information that they need and they certainly don't want to disclose to the public. Once the attacker gets in that, the ransomware then is a question of ‘how far did they spread and what did they get a hold of?’
Schafer: In the unfortunate event your agribusiness has been compromised by a cyberattack should the company notify law enforcement, federal agencies and probably the biggest question — should they pay the ransom?
Raveling: Hopefully you have a plan in place before you begin asking those questions, right. I think anytime is a great opportunity to sit down as a company, have your legal individuals involved, to have upper management involved, and those questions need to be part of an incident response policy and a set of incident response procedures.
You should have a course of action already written out and it's a matter of just running through that playbook when these events happen. Now, it's good practice; I would strongly recommend letting the law enforcement know what you experienced. It may be part of a broader attack that they need more data points on. You may also need to contact your insurance companies if you have any sort of cybersecurity insurance in play because they may also provide guidance on what you can or can't do, or what you should or shouldn't be doing during that compromise.
And the question of paying ransom or not paying ransom might be restricted by state guidelines, it may be at the discretion of recommendations from law enforcement, or if you have a cybersecurity insurance policy, they may decide not to pay it out.
Your best bet for any money you would have spent on ransom is to have invested that money in advance on good backup procedures, good continuity plans, and making sure that you can recover from any type of disaster which a ransomware should be considered part of those compromises or downtimes.
Schafer: Great. Are there any resources that you recommend for education on cybersecurity — anything tailored to agribusiness?
Raveling: I haven't seen many materials focused specifically on agricultural businesses, but I am seeing more of the industry, the security industry rather, provide specific materials and training for control systems or process systems.
Just off the cuff, one I have recommended to others and they get a lot of good exposure and experience from is the SANS courses. There is a SANS 410 Course, I believe, that focuses on control system industrial process security, and introduces a lot of good concepts, good recommendations and good practices for securing environments like ag business, where you have a mix of corporate systems and systems running processes or other automation systems, and it helps everyone get on the same page and allows you as an agribusiness person to maybe speak to your IT team or your security team a little more intelligently about your security concerns, and how you can maybe collaborate together to address them.
Schafer: Well, that sounds like a wonderful resource. Thank you, Alan, for sharing your insights today into how agribusinesses can enhance their cybersecurity.
Raveling: Yeah, thank you. It's a great opportunity to talk to you and anything we can do to get the community more secure and better protected is always great.
Schafer: Absolutely. Well, that's all for today's Feed & Grain Chat. Thank you for joining and we hope to see you next time!
The FBI issued a Private Industry Notification that ransomware actors may be more likely to attack agricultural cooperatives at critical planting and harvest seasons, after ransomware attacks against six grain cooperatives were reported in 2021.
Cybersecurity attacks can disrupt the food supply chain and can be costly for victims who don’t have a response plan prepared in advance. Fortunately, these attacks and their damaging consequences can be minimized, according to Alan Raveling, OT architect, Interstates.
“Your best bet for any money you would have spent on ransom is to have invested in advance on good backup procedures, good continuity plans, and making sure that you can recover from any type of disaster, which a ransomware attack should be considered part of,” Raveling said.
In this Feed & Grain Chat, Raveling explains how ransomware attacks occur and shares his advice on what to do next.