With this rise in technology use in the ag industry, the security and privacy of farmers’ data and personal information has become a hot-button issue. Farmers are increasingly being asked to complete customer questionnaires, sign data usage contracts, agree to various software applications’ terms of service, and provide more information to their suppliers and manufacturers.

Hand-in-hand with this rise in disclosure requests, farmers recognize there can be negative consequences in having so much information floating around. This begs the question, “What are you doing with my information?”

Are you prepared to answer this question?

As agronomists and agrologists, collecting more information about a particular grower can provide numerous benefits. In addition to strengthening the farmer-agronomist relationship, the more information and farm data you have on a specific grower, the better-quality advice and crop recommendations you can provide.

However, by possessing a farmer’s personal information you have automatically imposed on yourself legal responsibilities concerning collecting, protecting, storing and using a farmer’s data and personal information.

A high-level overview of these legal obligations is discussed below.

The primary piece of data protection legislation for private businesses in Canada is the Personal Information Protection and Electronic Documents Act (PIPEDA). Although this act does not explicitly address agricultural data, it applies to the collection, use, disclosure and retention of personal information in the context of the agriculture industry.

“Personal information” can mean any factual or subjective information, recorded or not, about an identifiable individual. Examples include a farmer’s name, address, date of birth, phone number, email address, driver’s license number, bank account number, financial institution name and credit card information. This is sensitive information that could be used by cyber criminals to perpetrate identity theft.

LISTEN: The Cyber-Savvy Farmer

Given the highly sensitive nature of this information, PIPEDA requires you to communicate your purpose for the data you are collecting and to obtain consent from the farmer before it is collected. PIPEDA also requires that you take steps to protect all personal information (regardless of how it is stored) against loss, theft, or any unauthorized access, disclosure, copying, use or modification.

If the personal information you collect is intended to be shared with third parties or ag industry partners, you must obtain the farmer’s specific consent to use their information for this purpose. You must also ensure that those third parties and industry partners comply with the same legal terms and conditions you initially presented to the farmer in terms of processing, sharing and retention of data collected.

If the requirements under PIPEDA sound strict, that is because they are. You are being entrusted with sensitive information.

Non-compliance with PIPEDA can result in serious consequences for businesses, including fines of up to $100,000 per violation, in addition to the reputational damage due to the negative publicity associated with said violations.

To help keep you on-side of PIPEDA, we have compiled a few tips and recommendations that can help minimize your potential liability:

Understand your obligations

The first step in protecting customer data is learning about your responsibilities. While reading this article is a start, this is only the tip of the iceberg.

Familiarize yourself with applicable data protection laws and regulations in your industry. PIPEDA is not great bedside reading material, but there are numerous articles summarizing a business’s data protection responsibilities on the web.

Consider having clients sign a data license agreement

Farmers must know why you’re collecting their information, what you will do with it, and how you will protect it. Providing a brief legal agreement for your clients to review and sign can be a valuable tool to ensure they understand your data protection processes.

A “data license agreement” is a legal contract that can play an important role in informing your clients about your business’s data processing practices and informs clients of the collection, use, safeguarding and sharing of their information.

It is critical that such legal documents be written in simple language that is easy to understand.

Keep your software up-to-date and password-protected

Technology such as mobile devices and laptops are in regular use in the ag industry to store farmers’ data. At the same time, security risks are heightened. To avoid breaches such as ransomware, which locks owners out of their data, you should install protection software, maintain strong passwords and do frequent data backups.

Constant software update notifications may seem annoying, but updates are a cybersecurity best practice. These updates typically involve security patches and other modifications that make it harder for hackers to break into your system. Cybercriminals are often searching for businesses that don’t have their software up to date — avoid becoming an attractive target by keeping your software updated.

Further, if you have a WiFi network for your workplace, make sure it is secure, password-protected, encrypted and hidden. To hide your WiFi network, set up your wireless access point or router so it does not broadcast the network name.

Properly dispose of information you no longer need

Once you determine that you no longer need to store some personal information — for example, when a business relationship ends — it is important to ensure that such personal information is properly deleted. Further, when disposing of old computers and portable storage devices, use software to securely erase data. Such software is inexpensive and can provide better results by overwriting the entire hard drive so that the files are no longer recoverable.

As is typical with legal guidance, the above practices may seem like overkill, and in some cases it is. However, just like insurance, having the above precautions in place can provide peace of mind to both you and your growers, and can help reduce your business’s potential legal liability if there is ever a privacy breach.

As the agriculture industry continues to adopt new technologies, and as data security becomes a major theme in all industries, the protection of personal information and farm data will continue to become increasingly important.

The post What are you doing with my information? appeared first on Grainews.

Losing field data maps and other files, not to mention business and employee records, could become a big problem.

In today’s global environment there are more threats to data than ever. One of them is ransomware. That’s when a hacker gains access to a company’s system and encrypts all its files, then demands a ransom before the owner can regain access.

A 2021 survey of 463 Canadian companies conducted by Telus showed 83 per cent reported an attempted ransomware attack. Most of the surveyed companies reported not just one, but multiple attacks. That was three years ago, and things haven’t improved.

The report concluded this is also a problem for small companies. Seventy-one per cent of the companies surveyed working in the agricultural sector reported being attacked, making that group one of the most frequently targeted.

LISTEN: The Cyber-Savvy Farmer

One of the top ways criminals gain access is through fake emails containing dangerous attachments, according to the survey.

“Be very, very careful with email,” agrees cybersecurity expert Brennan Schmidt, a principle of AlEUS Consulting Group. “That’s a popular place this tends to happen — through email.”

Criminals often do research into an organization before targeting it, says the report. That can include learning about who works there and how much money the company could afford to pay as a ransom to have their files restored. So, emails could sound legitimate and even include employee names or familiar information to convince someone to open a file that creates a path into an organization’s data files.

While having backups is an important aspect to protecting files against ransomware attacks, just where and how those files are stored is important.

“In a lot of cases backups are so, so important, especially off-line backups,” says Schmidt. “They’re going to be helpful for getting things restored.

“The thing is these cyber tricksters are very eager to go after backups. If folks have elected to go with a backup on the network. In some cases, they (criminals) will scour the network and make sure to hit the backups too.”

Schmidt says cloud services like Microsoft 365 are a consideration for farm organizations to use for backing up data, because they offer enhanced protection from cyberattacks.

“It’s a lot more difficult to delete or alter. For a farming operation you’d likely want to think about going with something that’s a bit more commercial grade (than iCloud. Especially if you have multiple employees, you don’t want to be using that consumer grade service for that larger scale. There are a whole host of them.”

But even those cloud services aren’t immune from cyberattacks. The number of attacks against them has been on the rise, according to the Telus report.

Because farms often use digital files from other services, like agronomy firms, it’s possible for an attack to come through a vulnerability in their systems.

“When you go with a specific supplier or vendor, you’re really beholden to how well the vendor has designed its systems to be safe,” says Schmidt.

Paying a ransom to a cybercriminal doesn’t guarantee you’ll get your files back. Only 42 per cent of those in the Telus survey who reported being attacked claimed they got all their data back after paying a ransom. Seven per cent didn’t get anything. Over 60 per cent were victimized again.

There are other non-criminal ways to lose data as well, such as a fire in a farm office where a computer and backups are kept, or just a simple computer failure.

Schmidt says there is value in having everyone in the farm organization sit down and discuss how to deal with a loss of data.

“A handful of folks that are part of the same operation get together at the same table to facilitate an exercise where you ask a series of questions, if this was to happen, what do you have in place to respond to that? A lot of times when you do those activities, you find there are a lot of gaps that can be shored up.

“For producers, I think tabletops are a great way to say I have all of this technology here and if it went down, here’s how we would go about doing a backup operation.”

Working to avoid being a victim is the first step to protecting data. Training employees to be suspicious of emails and attachments, as well as using multi-factor authentication for online access are good starting points.

Schmidt adds that keeping some systems separate can be helpful.

“Try to get away from plugging things into networks for them to work. For example, if you have a camera you use to watch cattle or something. It might be better to get that on a separate network

“It really comes down to simple things folks don’t generally tend to do.”

The post How to prepare for and deal with a loss of farm data appeared first on Grainews.

Last Thursday, Federated Co-operatives Ltd. posted on X that it was “experiencing a cybersecurity incident” that was affecting some internal and customer-facing systems at cardlock and retail Co-op locations. It had shut down some systems as a precaution and had brought in experts, the company added.

Gas bars were relatively unaffected.

Some Co-op grocery inventories were affected by the incident.

“We are prioritizing key grocery items and consumer goods for delivery to local Co-ops,” Federated Co-op said on X yesterday.

There is no evidence customer data has been compromised, the company said.

The post Federated Co-op cardlocks “fully operational” company says appeared first on Grainews.

Brian Osterndorff, chair of the board of the Canadian Equipment Dealers Association, and president and CEO of Robert’s Farm Equipment, a seven-store group in Ontario, said on June 26 that they had just been informed that they could use the system again.

Tech firm CDK’s software was taken offline last week after a cyberattack by the BlackSuit ransomware group. CDK is being asked to pay tens of millions of dollars by the hackers. Reuters reported yesterday that the company expected dealers to be offline until at least June 30, but some dealers had functionality returned on June 26.

CDK provides business management software to dealers of all makes of farm equipment, so major dealers of John Deere, CNH and are working without digital systems across the country. CDK is also the leading provider of management software to automobile dealers and thousands of those dealerships are offline.

CDK says it has 15,000 North American dealers on its system.

Wawanesa, Man. farmer Jeff Elder said he was able to get what he needed on a recent parts run to the Rocky Mountain Equipment dealership in Brandon, however staff were relying on memory to find parts or looking them up on their phones.

“They had resorted to writing down orders on paper,” said Elder via text. “He couldn’t invoice me and said I would receive an invoice by email whenever they could get that done.”

Rocky Mountain Equipment declined to comment.

“Everything is being done manually,” said John Schmeiser, President of the North American Equipment Dealers Association (NAEDA) Canada. “You can just imagine the amount of time that our dealerships are spending on manual processes.”

Parts are tracked and managed through digital inventory systems.

“We have to actually know where the part is, in, in a bin, to go out and find it and fulfill that customer’s order without using our computer system to tell us where it is or how many that we have on order.”

Invoicing also has to be manual, said Schmeiser.

Osterndorff said that looking up parts, connecting parts to work orders and completing sales couldn’t be accomplished using their digital system and staff had to do the work manually.

Farmers are spraying and preparing combines for harvest so dealers continue to work as best they can.

“We can’t shut down the business, we have to take care of the customer,” Schmeiser said. “Dealers are really managing through this as best as they possibly can.”

Osterndorff says they have a team of people coming to dig out from the past week’s paperwork and get that information into the digital system.

He says they’ve learned that dealerships can continue to function, “but I think it’s just increased awareness right now of the vulnerability that we all are all have, and the effect that it has in our business.”

Schmeiser said the situation will be a wake-up call for the industry and will place even more emphasis on cyber security.

“I think as an industry as a whole, this whole situation is going to be looked at, at every sector, from the manufacturer point of view and the equipment dealer,” he said.

“We’re asking our customers or farm customers to be a little bit patient with our dealers, as we work through this problem. This is this is an issue that is not only frustrating for our equipment dealers, but can be frustrating for our customers as well.”

—Updated June 27 – adds John Schmeiser’s title, organization.

The post Some farm dealerships back online after cyber attack appeared first on Grainews.

“It’s unbelievable the amount of cases that have come through our organization in the last year and a half,” says Jonathan Neutens, head of agriculture at ATB Financial. “I don’t know what the percentage would be, but it’s large.”

He discussed the issue as one of the speakers at the recent CrossRoads Crop Conference in Calgary.

“Fraud prevention is something I think is starting to be considered as it relates to the future of finance, for sure.”

Neutens said during an interview that he wasn’t sure of all the reasons behind the increase in fraud, which involves “all of the banking world” as well as victims besides the agriculture industry. He said criminals are devising new ways to ensnare people as financial institutions implement tougher safeguards.

LISTEN: The Cyber-Savvy Farmer

He pointed to measures such as two-factor authentication that requires two separate, distinct forms of identification to prevent thieves from gaining access to online banking accounts. He said criminals have gone beyond phishing emails and smishing text messages, which impersonate legitimate sources to trick people into revealing sensitive data such as passwords or credit card numbers.

“We’ve had that occur where someone does a Google search for ATB, clicks on the top link, and the top link happens to be a fraudulent website that looks exactly like ATB’s. And you put in your information, you log in and they’ve got you, and then all they have to do is log into your account and change contact information so they get the two-factor authentication versus you, and then they can start firing up electronic payments.”

People should always double check the source of emails and texts, said Neutens.

“Sometimes the email address or the website address, it might only have one letter that’s different.”

A good practice is to directly type the correct URL for your financial institution into the address bar on your browser to conduct online banking, he said. It’s also wise to make 100 per cent sure you haven’t received a phishing email or a smishing text, even if you must first make a phone call to your financial institution or other legitimate source, he added.

Phishing emails can look exactly like those of someone familiar, such as a supplier, which could be due to the supplier’s email account being hacked, said Neutens.

“And if their email is hacked, (criminals) watch for the conversation style or what have you, and eventually they send you an email and they say, ‘oh, by the way, you need to change payment to this account, and click on this to make the payment’,” he said.

“If you click on something like that, and that takes you into your online banking or whatever it is and you do your two-factor authentication, then they’re watching it, and they’ve got it.”

ATB is working to improve its ability to detect fraudulent transactions more quickly by increasing the number of staff devoted to the problem, said Neutens. But if someone gets login information and changes a two-factor authentication, “there’s really nothing we can do about that because they’ve got it from you in some way, shape or form.

“We can’t stop that because that’s outside of our systems and outside of our control, and then they come in and they log in like it’s you. How is the banking system going to know the difference?”

Reality cheque

However, Neutens said the largest source of fraud involves cheques, and is a growing problem. One of the more interesting scams targets people who send cheques through the mail, he said.

“They’ve written a cheque to someone like John Deere, or whatever, like to a supplier, and that cheque gets stolen … a new cheque is done up basically using that bank account information with the same dollar amount, but to a different payee, so when the cheque clears, the customer sees the cheque clear and thinks it’s cleared until the supplier calls him and says, ‘Hey, when are you going to pay me?’”

Such crimes have cost some producers tens of thousands of dollars, said Neutens.

“It’s pretty often that farmers can cut a cheque to someone for $40,000, $50,000 or $60,000, and so yeah, we’ve had that.”

Modernizing the funding and payment system by moving away from cheques would be the easiest part of the solution to implement, and producers should stop using cheques if possible, Neutens said in an interview.

“They’re just too risky these days, so if you move away from cheques, do that and get into your online and EFTs (electronic fund transfers) and all that kind of stuff with two-factor authentication, and then just make freaking sure you understand what smishing is, you understand what phishing is, you understand how the fraudsters work,” he said.

“And we have those resources. You can reach out to us at ATB and we’ll give you the resources to help you understand and get trained up on what that is so that you can hopefully not get caught in one of these situations.”

Hacks and hustles

Phishing: One of the most common types of cyber fraud. Hackers use fake emails or text messages that trick users into sharing personal information such as bank details.

Smishing: Deceptive text messages that lure victims into sharing personal or financial information, clicking on malicious links or downloading harmful software or applications.

Malware: Malicious software such as a virus that can destroy, damage or exploit computers or computer systems.

Worms: A malicious software that replicates itself and spreads from computer to computer. Unlike viruses, worms do not need to be attached to a computer program to do damage. They work silently and infect the device without the user’s knowledge.

Ransomware: Cyber criminals use it to lock a device or steal information. They then demand a ransom to restore access or return the information. Payment is usually demanded as a cryptocurrency such as Bitcoin.

Spyware: Malicious software that infiltrates a device and monitors activity. Criminals can then steal logins, passwords and credit card information.

Trojan horse viruses: Code or software that looks legitimate but can take control of a computer.

Distributed denial of service attacks: Occurs when hackers attempt to make a website or computer unavailable by flooding it with internet traffic.

The post Fraudsters bringing bigger phish to farms appeared first on Grainews.

Instead of cash, the attackers demanded the hog business owners publicly admit to what they alleged to be livestock mistreatment.

The occurrence was unique and alarming, says Ali Dehghantanha, Canada research chair in cybersecurity and threat intelligence at the University of Guelph’s Cyber Science Lab.

The lab offers a for-fee support service for those managing cyberattacks and cybersecurity.

NEW AUDIO SERIES: Cyber-Savvy Farmer

While the number of cybersecurity incidents across Ontario’s agriculture industry has been rapidly increasing overall, he says the cashless ransomware attack against the family hog business — an incident he and his colleagues helped the family resolve — highlights what could become a wider trend in the tactics used by special interest actors.

Why it matters: Ransomware and other criminal cyber activities usually come with demands for payment. Malicious actors focused on disrupting food production rather than money pose another, potentially harder-to-solve threat.

According to Dehghantanha, the attack perpetrators claimed to have a variety of incriminating evidence showing animal abuse on the farm. This included camera footage taken from what the perpetrators claimed was a now-compromised farm surveillance system. The attacker’s prerequisite for releasing their hold on the farm’s network was a public statement, from the business owners, admitting to animal abuse.

In Dehghantanha’s view, this would have been financially devastating for the business.

In reality, no such footage existed. Indeed, claims of comprised cameras were false. Barring the demand for self-incrimination, the attack proved to be a standard, easily manageable ransomware attack.

“This was the first time working in this specific industry we have seen ransomware not asking for money. That would make our job much more difficult as we are dealing with adversaries whose motivation is not money,” Dehghantanha says, adding the transfer of cash is often the riskiest part for those committing ransomware attacks, because the movement of funds can be tracked.

“Prior to this we were not concerned with these small family food businesses…There was not a playbook for these kinds of situations.”

More accessible ransomware

Dehghantanha says his lab has been engaged with 20 cybersecurity issues reported from southern Ontario in the first half of 2023 alone — up from a mere handful in the entirety of 2019. Awareness of cyber risk has likely played a role in higher reporting, but it’s also getting easier for bad actors to acquire harmful attack tools like ransomware.

Simultaneously, the agriculture and food sector are underprepared for such threats. Dehghantanha considers agriculture and food to lag other sectors, notably energy and health, by approximately five years. Remedying the problem would begin by establishing a committee or another body of industry representatives, technology experts, and others to design cybersecurity standards “rooted in the reality of the industry.”

“We must identify steps for farmers and businesses that can be gradually achieved to get to the same level. This has happened in energy and health sector so there’s no reason it can’t happen in agriculture sector,” says Dehghantanha.

“We need to identify a body responsible for receiving these standard reports from farmers trying to evaluate them and give feedback and work with them…If a farmer knows they are level two, level three, or whatever level they are, it would make it much easier for them to understand and improve.”

Awareness and practice

Stakeholders in the agriculture sector, such as Ontario Pork, say they are raising awareness about the ever-growing need for better cybersecurity.

In an email statement received July 12, Ken Ovington, general manager for Ontario Pork, says the commodity group “routinely meets with cybersecurity experts and researchers to gather knowledge that can be used to create awareness and provide informational tools that are valuable to pork producers and the provincial pork industry.

“These types of cyberattacks are undeniably on the rise. As technology usage increases, so does the methods and sophistication of cyber criminals so it’s crucial that producers, agricultural organizations and government continue to prioritize cybersecurity measures, stay vigilant, and collaborate to prevent future cyberattacks,” says Ovington.

Strategies used to prevent issues within the organization itself were listed as well, including cybersecurity training for employees. No comment on specific incidents, such as the ransomware attack on the family hog operation, was provided.

Dehghantanha himself encourages greater proactivity. While establishing standards would help the agriculture sector improve overall security – and, potentially, bring spinoff benefits like lower insurance rates for higher cybersecurity scores – he stresses individuals and organizations need to pay attention to the threat posed by cyber criminals focused on industry disruption over money.

“We don’t need to wait for a standard to work on awareness. If you have livestock, you could be on a target list.”

— Matt McIntosh is a southwestern Ontario freelance writer. This article previously appeared at Farmtario.com.

The post Activists target Ontario hog farm with ransomware appeared first on Grainews.

The company on Thursday released that estimate as part of its fourth-quarter financial report, in which it booked a Q4 net loss of $41.49 million on $1.186 billion in sales and a full-year net loss of $311.89 million on $4.739 billion in sales.

During its fourth quarter, on Nov. 6, 2022, Mississauga-based Maple Leaf confirmed it was hit with a “system outage stemming from a cybersecurity incident.”

In Thursday’s report, the company reiterated it “took immediate action and engaged cybersecurity and recovery experts” upon learning of the attack, and “executed its business continuity plans” as it restored affected systems.

Maple Leaf said it was able to maintain operations throughout the event and work with customers and suppliers to “minimize service disruptions,” but nevertheless, its “normal business activities were interrupted.”

With that came the expenses of “system restoration costs, lost sales, overtime, spoiled inventory” and professional fees paid to its experts, the company said.

The company on Thursday estimated fourth-quarter “direct and indirect economic impact” of “at least” $23 million relating to the incident.

Maple Leaf also said it expects to recover some of those costs through related insurance payouts later in 2023. CEO Michael McCain said those amounts can’t yet be booked into the company’s financial results but the company is “very confident” it will be able to recoup some of those costs.

Asked Thursday about the nature of the cybersecurity attack, a company spokesperson said via email the attackers in this case “did try to extort a ransom from us and we refused to pay.”

Maple Leaf in November reported “operational and service disruptions that vary by business unit, plant and site.”

The company’s operations in Canada include hog slaughter plants at Brandon, Man. and Lethbridge, Alta.; five fresh poultry plants in Ontario and one at Edmonton; hatcheries in Ontario and Alberta; five feed mills in Manitoba; and pork and poultry further-processing sites in five provinces. The company recently opened a major new poultry plant at London, Ont.

As for its livestock production, “our farms have adjusted their practices due to the system outage, and we feel confident in our ability to care for our animals and meet their needs,” Maple Leaf said at the time.

On a call with market analysts Thursday, McCain said the $23 million estimate reflects a combination of “incremental” costs incurred as a result of the company’s “entire team” shifting its focus to deal with the incident.

Within less than 48 hours of the attack being discovered, he said, staff were able to shift operations to “fully manual… essentially paper-and-pencil” while company information systems were cleaned and rebooted.

While the company didn’t use the word in its report, the nature of the attack points to ransomware — a form of malware that either encrypts a targeted computer system’s files, rendering them unusable, or removes a system’s sensitive data.

A ransom, usually payable in cryptocurrency, is then demanded of the system’s owner, in exchange for a decryption key or the missing data.

Maple Leaf’s outage isn’t the first ransomware attack in Canada’s meat packing sector. Canadian operations of Brazilian meat packer JBS briefly halted in the summer of 2021 when that company’s U.S. arm was hit by what was later confirmed to be a ransomware attack.

However, where Maple Leaf says it refused to pay, the CEO of JBS USA later confirmed the company did pay a cryptocurrency ransom equivalent to about US$11 million.

Andre Nogueira was quoted by Reuters at the time as saying “we felt this decision had to be made to prevent any potential risk for our customers.” — Glacier FarmMedia Network

The post Cyberattack a $23 million hit on Maple Leaf ledger appeared first on Grainews.

The plan detailed in a 26-page document said Canada will tighten foreign investment rules to protect intellectual property and prevent Chinese state-owned enterprises from snapping up critical mineral supplies.

Canada is seeking to deepen ties with a fast-growing Indo-Pacific region of 40 countries accounting for almost $50 trillion in economic activity — countries including Japan, Indonesia, the Philippines, Thailand, Vietnam, Cambodia, Bangladesh and Singapore among others.

But the strategy’s focus is on China, which is mentioned more than 50 times, at a moment when bilateral ties are frosty.

Four cabinet ministers at a news conference in Vancouver took turns detailing the new plan, saying the strategy was crucial for Canada’s national security and climate as well as its economic goals.

“We will engage in diplomacy because we think diplomacy is a strength, at the same time we’ll be firm and that’s why we have now a very transparent plan to engage with China,” Foreign Minister Melanie Joly said.

Prime Minister Justin Trudeau’s Liberal government wants to diversify trade and economic ties that are overwhelmingly reliant on the United States. Official data for September show bilateral trade with China accounted for under seven per cent of the total, compared to 68 per cent for the United States.

Canada’s outreach to Asian allies also comes as Washington has shown signs of becoming increasingly leery of free trade in recent years.

The document underscored Canada’s dilemma in forging ties with China, which offers significant opportunities for Canadian exporters, even as Beijing looks to shape the international order into a more “permissive environment for interests and values that increasingly depart from ours,” it added.

Challenge China

Yet, the document said co-operation with the world’s second-biggest economy was necessary to address some of the “world’s existential pressures,” including climate change, global health and nuclear proliferation.

“China is an increasingly disruptive global power,” said the strategy. “Our approach … is shaped by a realistic and clear-eyed assessment of today’s China. In areas of profound disagreement, we will challenge China.”

Tensions with China soared in late 2018 after Canadian police detained a Huawei Technologies executive and Beijing subsequently arrested two Canadians on spying charges. All three were released last year, but relations remain sour.

Canada earlier this month ordered three Chinese companies to divest their investments in Canadian critical minerals, citing national security.

The document, in a section mentioning China, said Ottawa would review and update legislation enabling it to act “decisively when investments from state-owned enterprises and other foreign entities threaten our national security, including our critical minerals supply chains.”

“Because the region is both large and diverse, one size definitely does not fit all,” Canadian Chamber of Commerce president Perrin Beatty said in a statement, adding that Canada’s priorities will need to be very nuanced both between and within countries.

The document said Canada would boost its naval presence in the region and “increase our military engagement and intelligence capacity as a means of mitigating coercive behavior and threats to regional security.”

That would include annual deployment of three frigates to the region, from two currently, as well as participation of Canadian aviators and soldiers in regional military exercises, Defense Minister Anita Anand said at a separate news conference.

Canada belongs to the Group of Seven major industrialized nations (G7), which wants significant measures in response to North Korean missile launches.

The document said Ottawa was engaging in the region with partners such as the U.S. and the European Union.

Canada needed to keep talking to nations it had fundamental disagreements with, it said, but did not name them.

Sunday’s announcement follows a related funding package laid out Nov. 18 to boost trade ties within the Indo-Pacific region, including $31.8 million over five years for a regional agriculture and agri-food office, to be set up at an as-yet-unnamed location.

— Reporting for Reuters by David Ljunggren and Ismail Shakil.

The post Canada to boost defence, cyber security in Indo-Pacific policy appeared first on Grainews.

The company said in a release Monday that it “took immediate action and engaged cybersecurity and recovery experts” when it learned of the problem, and its in-house and third-party experts are investigating.

A company representative said separately via email Monday that the incident has caused “operational and service disruptions that vary by business unit, plant and site” but didn’t specify which facilities were or are affected or how.

Mississauga-based Maple Leaf’s operations in Canada include hog slaughter plants at Brandon, Man. and Lethbridge, Alta.; five fresh poultry plants in Ontario and one at Edmonton; hatcheries in Ontario and Alberta; five feed mills in Manitoba; and pork and poultry further-processing sites in five provinces. The company in late September also announced it had completed construction work on a major new poultry plant at London, Ont.

“Our farms have adjusted their practices due to the system outage, and we feel confident in our ability to care for our animals and meet their needs,” Maple Leaf said via email.

Asked Monday about the nature of the incident — a ransomware attack or computer virus, for example — Maple Leaf wouldn’t specify, but said via email it’s “deploying our business continuity plan and implementing workarounds to mitigate the impact on our operations and business.”

Meanwhile, it said it “expect(s) some disruption in our operations and service levels” as it works on “restoring business continuity.”

In its release, it said it “will continue to work with all its customers and suppliers to minimize these disruptions.”

Maple Leaf’s systems outage isn’t the first cybersecurity breach to affect Canada’s meat packing sector. Canadian operations of Brazilian meat packer JBS briefly halted last summer when that company’s U.S. arm was hit by what was later confirmed to be a ransomware attack.

Elsewhere in Canada, major grocery firm Empire Co., whose retail chains include Sobeys, Safeway, IGA and FreshCo among others, also announced Monday its operations have been affected by an unspecified “IT systems issue.”

Empire said in a release its grocery stores remain open as usual and aren’t yet seeing “significant disruptions,” except that some in-store services are “functioning intermittently or with a delay” and some in-store pharmacies are “experiencing technical difficulties in fulfilling prescriptions.” — Glacier FarmMedia Network

The post Cybersecurity ‘incident’ hits Maple Leaf systems appeared first on Grainews.

In case you’re not exactly sure what a ransomware attack is, the U.S. government’s Cybersecurity and Infrastructure Assurance Agency says they are an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand to be paid a ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom isn’t paid.

AGCO certainly isn’t the first major corporation to suffer such an attack as there have been hundreds of reported occurrences. Recent corporate victims include pipelines, car manufacturer Kia and even the National Basketball Association.

Cyberattacks could become your problem too

As today’s producers increasingly use telematics systems offered by equipment brands, any cyberattack on a manufacturer’s system may present a risk to all those who rely on it for their own data collection and access needs. Attacks on equipment brands’ systems could pose a problem for farmers.

All of this has required major ag manufacturers to beef up their cybersecurity efforts. A good example is the Cyber Security Defense Center (CSDC) by John Deere, established six years ago, to protect Deere systems from external threats and cyberattacks. Since then, CSDC staff have had to quickly adapt to changing tactics by cybercriminals.

“We needed to move from secure to resilient,” said Jason Beneke, group engineering manager at the CSDC, in a news release. “To be able to do that, we started with building a team of talented, intelligent engineers and analysts who understood the landscape of threats and could work with partners and industry peers to share intel and best practices. It was also foundational that we use industry-leading technologies to monitor and remediate threats.”

Today, Deere’s CSDC relies on its global team to put security measures in place to protect systems and data. The team guards “the perimeter” of Deere’s systems, looking for clues of malicious activity. The company says aside from dealing with any perceived threats to Deere’s systems, the team also monitors ongoing threats in other industries and uses that information in turn to help protect Deere and, by extension, its data customers as well.

Having to deal with cumbersome computer sign-in protocols and access limitations may be an annoyance for some but having those systems in place is critical for overall system security. By being diligent, everyone who has stored cropping or machine operation telematics data becomes the safer for it.

Anyone with a cellphone has almost certainly been a target of phishing, a tactic that attempts to trick legitimate users into revealing their passwords. And that is one of the key concerns for staff at Deere’s CSDC.

“Identity is really the cornerstone of a digital experience, and our team’s mission is to protect credentials and access,” said Heather Schladt, group engineering manager for identity and access management at Deere, in a news release.

“Credential theft is popular in phishing attempts and social engineering. The combination of using technology, such as multi-factor authentication, for example, and educating our users about these risks, helps us keep our systems and data secure,” she added.

“The team takes a lot of pride in making sure that people who use John Deere systems have the right access, but not more access than they need. It’s a delicate balance between security and usability.”

The post Cybercriminals target equipment manufacturers appeared first on Grainews.