Agricultural data security: a doubly strategic issue

Precision agriculture, connected tractors, satellite images, drones… Like all sectors of business, agriculture is not exempt from the digitalisation of methods and practices that help reap the benefits of artificial intelligence, the internet of things, and big data. New technologies allow us to monitor such things as crop yields and health, soil humidity, and livestock growth.

According to consulting firm Markets and Markets, the global agricultural analytics market is expected to go from $0.8 billion in 2020 to $1.4 billion in 2025, given an average annual growth rate of 12.2%. The key players in this market are the farmers themselves, as well as cooperatives, wine growers, seed manufacturers, fertilizer manufacturers, food processors and governments.

An attractive trove of data for hackers

Of course, cybercriminals have their eyes on all this. As the sector digitalises, the number of fraud and extortion attempts is increasing. In late 2021, the BlackMatter ransomware hit American food-processing organisations and businesses. The targets from which the hackers demanded a ransom of $5.9 million, in exchange for the decryption key to unlock their information system.

A few months earlier in February 2021, food-processing giant Lactalis was the victim of an attack. « The Lactalis Group has detected an intrusion into part of its IT network. We immediately took measures to contain this attack and notified the relevant authorities. The results of our investigations have established that a malicious third party is looking to get into our servers. Our IT teams are fully mobilised with the support of renowned cybersecurity experts. The investigation that we have conducted with them has not revealed a data breach at this time, » says a press release from the company.

Also in 2021, the companies Jean Floc’h (pork and cured meats processing and packaging) and Dalloyau (catering) were victims of the Conti ransomware, followed by French food processor Avril, which suffered a phishing attack. Between 2020 and 2021, at least 1,700 clients of the Crédit Agricole bank were the victims of a particularly well-designed ransomware. According to Le Parisien, the bank’s customers were encouraged to enter confidential information to avoid having their banking transactions suspended.

Agricultural data: farmers’ independence at risk

But the issue of the agricultural sector’s data is not just one of cybersecurity. Smart systems like sensors and GPS produce a great quantity of data with unprecedented decision-making capabilities. These volumes of data are attractive to agricultural supply giants looking to insert themselves into the entire value chain, from data collection to the sale of combined products and services, as well as to American tech giants, for whom agriculture represents a new fount of opportunity.

This has been worrying to French and European public authorities for many years now. The tone was set as early as 2016 in a report from the French National Research Institute of Science and Technology for Environment and Agriculture (Irstea): « Such a concentration of resources in the hands of just a few players raises concerns for farmers’ independence and food sovereignty. That is why it is urgent to offer an alternative where the agricultural profession maintains control over the data it produces and makes it easier to derive value from it. »

The Data-agri charter raises the question of the property, usage and sharing of data

To secure the data in the contracts that farmers sign with « data collector » service providers, the FNSEA and the French Young Farmers (JA) set up the Data-agri Charter in 2018.

« The amount of data that farms are producing is growing exponentially. The digitalisation of a growing amount of information, the ever-increasing production of machine-generated data and the boom in connected objects used on farms raise questions about who owns, uses and shares data, and the creation of value that is emerging from this new economy, » this charter says.

It lays out 13 principles for farms’ data security and value extraction, which can be grouped into four domains: the clarity of contractual clauses, the transparency of data use, the control over how they are used, and the security of data processes.

The goal of the Data-agri approach is to help famers take up digital technologies, with a label that seeks to identify the companies that collect agricultural data while respecting all the principles within the Data-agri charter. This approach seeks to introduce ethics into the digital world and promotes good-faith contractual practices in the relationships between data collectors and farmers.

Agricultural data is therefore valuable for two reasons: it must not fall into the hands of cybercriminals who will do anything to make as much money as possible, nor must it be exploited by companies without transparency. These two challenges arise as agricultural and food processing companies are increasingly being considered as organisations of vital importance in many countries.