DHS Releases Report Addressing Security Threats in Ag Tech
The Department of Homeland Security (DHS) recently released a report entitled “Threats to Precision Agriculture” regarding Ag Tech. The report addresses the security threats related to the adoption and impact of new digital technologies in crop and livestock production, highlights the potential vulnerabilities arising from using precision agriculture, identifies potential threat scenarios, and possible best practices for producers and related agri-businesses.
The report outlined the threat in the adoption of advanced precision agriculture technology and farm information management systems in crop and livestock is introducing new vulnerabilities into an industry which had previously been highly mechanical in nature. Common threat vectors such as improper use of removable media, spear phishing, and malicious cyber attacks, can easily target precision agriculture and can lead to data theft, stealing resources, reputation loss, destruction of equipment, or gaining an improper financial advantage over a competitor through theft of intellectual property or proprietary data. Generally accepted mitigation techniques in other industries were found to be largely sufficient for creating a successful defense-in-depth strategy. These can include:
- Inventory and Control of Hardware and Software Assets;
- Continuous Vulnerability Management;
- Controlled Use of Administrative Privileges;
- Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers;
- Maintenance, Monitoring, and Analysis of Audit Logs;
- Email and Web Browser Protections and Malware Defenses;
- Limitation and Control of Network Ports, Protocols, and Services;
- Data Recovery and Data Protection Capabilities;
- Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches;
- Boundary Defense;
- Account Monitoring and Controlled Access Based on the Need to Know;
- Wireless Access Control;
- Implementing a Security Awareness and Training Program;
- Application Software Security;
- Incident Response and Management, and;
- Penetration Tests and Red Team Exercises.
For more information, see the DHS report, Threats to Precision Agriculture.
ABOUT KENNYHERTZ PERRY’S PRIVACY, CYBERSECURITY, AND BREACH MANAGEMENT PRACTICE GROUP
Kennyhertz Perry assists clients with data security needs, blending traditional legal experience in the corporate and litigation arenas with technical acumen.
We assist clients in prevention, developing robust information security programs, including administering internal compliance and risk assessments, which include the development and implementation of corporate policies and procedures required for compliance with state and federal privacy and security laws, and information security best practices; information security policies; records retention and management policies.
In addition to prevention, Kennyhertz Perry can prepare security incidence response procedures, identify, assess, contain, and mitigate privacy and security breaches, and work with law enforcement to assist in the investigation of the incident. Businesses that are the victims of cyber attacks also must determine when and how to cooperate with government agencies during the investigation of an attack, and how best to do so.
The lawyers in our privacy and cybersecurity practice, as well as members of our Government Enforcement practice group have deep experience, from both government and private practice, in this area, and help companies navigate the often complicated interactions with government agencies, and can provide both counseling and representation where the threat of prosecution may arise.
Kennyhertz Perry also assists with IT resiliency understanding and engaging at the top management and board level. Traditionally, IT has been misunderstood, and management would not understand the role and responsibility of IT departments. Kennyhertz Perry bridges this gap at all level. At the Board level, directors not only need to be sophisticated with business issues, they also need to be versed in today’s cyber and IT. Translating an understanding of the importance of a proactive IT security policy, and feeling like the company is “on board” with IT security efforts. Many companies have very robust policies and procedures for their business processes, which sophisticated Board members can understand. IT is different. It’s a different language for a business person, and unfortunately, most Board members will ignore or defer on issues they don’t understand. So when an IT department presents a robust plan for proactive IT security, it may go ignored or disregarded. This can lead to a reactive plan only that focuses on the “when” as opposed to prevention. IT is a different language. We serve as Board IT/cybersecurity liaison to be the “go-between” and translate the IT language into business and vice versa.
To learn more about Kennyhertz Perry, LLC, please visit kennyhertzperry.com. The choice of a lawyer is an important decision and should not be based solely upon advertisements.