Algeier says that IT-ISAC has organized exercises focused on the food and agriculture sector and that “members can contact us 24/7 if necessary.”
But the industry needs its own ISAC that can “analyze the threat and provide a true operational assessment,” says Brian Harrell, former deputy director for infrastructure security at the US Cybersecurity and Infrastructure Security Agency (CISA).
Pfluger says, “Many people I’ve talked to think there needs to be a dedicated ISAC.”
Businesses also need more support from the federal government.
The US Department of Agriculture, industry sector risk management agency, is “significantly less effective” than other SRMAs, Montgomery says. The USDA doesn’t even have dedicated funds for its security support, which includes biannual industry-wide meetings, weekly threat bulletins, and occasional public meetings.
“As cybersecurity threats and vulnerabilities continue to grow, USDA is unable to carry out these SRMA responsibilities, which could have a significant impact on the security of US agriculture.” the department said in its budget proposal for fiscal year 2024who for the first time requested $225,000 for this work.
Compared, the Department of Energy requested $245 million for your Office of Cybersecurity, Energy Security and Emergency Response.
The USDA has shown “very little interest” in cybersecurity, says Sachs, who has tried to galvanize officials into action.
Allan Rodriguez, a spokesman for the USDA, says the agency and the FDA work closely with CISA, the FBI, and the private sector. Eric Goldstein, CISA’s deputy executive director for cybersecurity, says his agency is working with the USDA and other partners “to improve cybersecurity across the industry and build resilience to cyber disruptions.”
washington takes note
Fortunately, there is a growing sense of urgency within the US government to protect the nation’s tractors, fertilizer, milk, and chickens from hackers.
pfluger Bill, the Law to Support the Cybersecurity of the Food and Agricultural Industry, would create new federal resources for business, require better government-industry coordination, and launch a Government Accountability Office review of the state of the sector, including whether an ISAC is necessary. Pfluger says he is “very optimistic” about the prospects for his bill, which has been cosponsored by two Republicans and a Democrat.
The White House is also taking action. Last November, President Joe Biden signed a memorandum on “the security and resiliency of America’s food and agriculture” which ordered a set of threat reports, risk reviews and vulnerability assessments that address physical and cyber challenges. The agencies completed an initial review due in January and are finalizing a midterm review due in March, according to DHS spokeswoman Ruth Clemens.
Meanwhile, experts say the government could make better use of its existing programs to help.
He USDA Cooperative Extension Service partners with land-grant colleges and community organizations to provide agricultural training and guidance to US farmers Sachs encourages USDA to leverage the trusted relationships farmers have with their local extension agents to promote the best cybersecurity practices.
Sachs and her colleagues are even considering helping a coalition of land-grant universities launch an ISAC that would facilitate information sharing and prepare students to enter the food and agriculture workforce with key cyber skills.
Whether or not the industry forms an ISAC, there is widespread agreement that more must be done to counter the growing array of threats that threaten these companies and the hundreds of millions of people who depend on them for their basic livelihoods. .
“A vulnerability and attack,” says Pfluger, “can lead to catastrophe for everyone downstream.”