Headline
Ukraine and the fragility of agriculture security
By Joe Marshall. The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels.
To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets.
Where there is weakness, there is opportunity Ransomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries — they are shrewd and calculating, and understand their victims’ weaknesses and industries. However, there is a larger picture we have to consider. Due to the war in Ukraine, the world’s global agriculture food supply chain is under serious threat. The world is already facing several stresses on the global economy and supply chain, including rising costs of food, inflation and the ongoing COVID-19 pandemic. Food insecurity, starvation and additional global unrest are all but assured as the war in Ukraine rages on. This chaos, in turn, can add more fuel to the fire that is cyber attacks on agriculture. To truly grasp the enormity of this, let’s look at Ukraine, a massive global supplier of agriculture and the implications for global agriculture security.
Just how important is Ukraine in global agriculture Ukraine is often referred to as the “Breadbasket of Europe,” and it is a well-earned moniker. As of 2021, Ukraine accounted for the sixth most-exported wheat in the world. That is 10% of the market share, producing 20 million tons of wheat and was valued at $5.1 billion, with Egypt, Indonesia, Turkey, Pakistan and Bangladesh as the primary destinations. Ukraine is unique in that a large portion of the country’s land has incredibly fertile soil, with over half the country having well-suited arable land dedicated to crops like wheat, maize and sunflower. Some may assume that swathes of rich land are all that is necessary to be an agriculture giant, but in truth, one needs a well-laid and maintained infrastructure to move crops, seeds and fertilizer, and robust deep water oceanic ports that can import and export products quickly. Ukraine has all of that. Or, it did.
Understanding the mess of Ukrainian wartime agriculture It is something of an understatement to say that Ukrainian agriculture exports are in dire straights. Currently, due to the invasion, Ukraine has limited access to seaports to export its extensive backlog of wheat and other agricultural products. Pre-war, 70% of agriculture was exported via seaports, averaging 25 million metric tons a year. This has been reduced to a trickle — only 2 million tons were exported in June alone, a far cry from the 4 million that’s typical of that time of year. Poor countries that cannot shoulder the steep increase in prices will suffer the most. Forty percent of Ukraine’s wheat exports go directly to the U.N. World Food Program, which helps feed these poorer countries. Additionally complicating matters is the act of planting and harvesting in Ukraine. Some farm fields are now filled with mines — unexploded ordinances — and farm labor is difficult to find. These factors can create delays that can be catastrophic to the sustainability of a farm’s ability to provide food to the world. For example, every day delayed during a planting season could affect the total bushel-per-acre yield, without taking into consideration weather, market conditions, and of course, armed conflict. There is also a lack of grain storage capacity for current harvests, as grain is trapped in silos and there are very poor logistics to export out of the country via methods other than bulk oceanic freight. Without the ability to effectively ship last year’s harvest, and this year’s current harvest being reaped, planting for the 2023’s harvest is in serious jeopardy. All of these complications means Ukraine will effectively have a vastly and painfully reduced presence in the agriculture market for years to come. Ukraine and Russia recently signed a U.N.-brokered deal, in which an agreement to allow grain shipping exports to resume via the Odessa seaport. This is a much-needed means to deliver trapped grain products in Ukraine, but the agreement is on very precarious footing. Russia is still actively bombing and targeting the Odessa metropolis, and has demonstrated time and again that it is willing to abandon agreements when it suits them. This agreement also runs somewhat counter to the Russian tactic of weaponizing the food supply chain to its advantage. By artificially creating scarcity, Russia can leverage concessions from a global community that relies deeply on Ukrainian grain exports to feed the world. A lack of scarcity could inhibit one of the few cards they can play to compel global compliance to its demands. Historically, Russia is not shy about using famine and scarcity as a weapon.
No easy answers
War is chaos. Relying on the questionable availability of a seaport is not ideal. Ukraine is looking for additional ways to export their trapped agricultural products without the reliance on the pseudo availability of its Odessa seaport, which as of this writing, are very laboriously exporting via rail to other Eastern European countries, or via the Danube river to other countries’ seaports. The Bessarabia region, in the Odessa Oblast, has two prominent river ports: Izmail and Reni. These ports, however, are quite old and were not built to ingest and export agriculture at peacetime volumes. Even utilizing seaports reached via river barge, like Constanta in Romania, only offers a small percentage of peacetime oceanic volume.
Even the Ukrainian rail system is problematic for shipping agricultural products. Ukraine has older Soviet railroad tracks that are incompatible with countries like Poland and cannot just roll trains to the rest of Europe without considerable effort. To put it all succinctly: There are only bad answers to the terrible questions of how to export agriculture in the middle of a Russian invasion.
So what are the security threat models to agriculture?
Industry-specific instability is seen as enticing, as victims are seen to be more compliant to pay an extortion fee in exchange for the return of their data and network. The more unstable and exposed the industry, the more compelling it is to an attacker. Nation states may also see agricultural instability as an opportunistic way to project power and advance national interests.
Critical infrastructure, like agriculture, is part of a complex and interwoven network of critical services that let society function. Cyber attacks on that infrastructure will always carry value to a nation-state’s advanced persistent threat actor. The ability to disrupt or deny critical services is a potent weapon to enforce one nation’s will over another. Even indirect attacks can affect agriculture. Cyber-attacks launched against energy or water industries can create a ripple effect that impedes the ability of agriculture to produce at optimum. Ukraine has a long history of suffering these kinds of cyber-attacks, including the costly NotPetya attack, that was attributed to Russian APTs.
There are also mutual interests that criminal ransomware cartels and the Russian government share. Ransomware cartels are not shy about their relationships with Russia. Many ransomware gangs also operate within that country’s borders with relative impunity. These groups, who often act as proxy state-sponsored actors, have financial interests that align with the Russian government. Russia is kinetically targeting agriculture with the express intent of creating additional food chain supply insecurity. Ransomware cartels also want to extort victims and additional food and supply chain disruptions continue to favor Russian interests.
Much like the Colonial Pipeline ransomware attack, there are also unintended consequences of a cyber-attack that have a way of trickling down into how businesses can operate in an industrial environment. As defenders, we must consider our integrations into industrial operations. Agriculture industries are rapid adopters of industrial automation. The imperative to produce rapidly and deliver to market is driving companies to remove the human element where possible. For example, a fully automated grain elevator removes the need for humans to assist in the unloading of grain, extending the serviceable hours an elevator can stay open for farmers. Automated milking systems make it possible to increase milk cows more frequently, and automated feed pushers keep herds fed so milk production stays consistent. As you think about cyber defense, ask yourself what does an attack on your converged farms and facilities looks like? Would the loss of IT assets trickle into industrial operational technology that lets your business operate? Could you still ship perishable milk? Could a grain elevator still operate?
What does this mean for cyber defenders?
The invasion of Ukraine is awful. And it is easy to be lost in the suffering and sacrifice of the Ukrainian people. Now is the time, more than ever, to understand what is at stake and what we can do to keep the world fed. Whether we’re protecting a direct agriculture business, or something agricultural-adjacent, now is the time to reflect on business resiliency. As defenders, we cannot control war, the weather, or the agriculture market. Instead, the security community should consider this an opportunity to improve their situational awareness. By just maintaining awareness of outside events, we can draw a better picture of the current security risks. It can be easy to dismiss global events as having no additional effects on an organization’s cybersecurity posture — we’re under constant attack as it is. Instead, consider not the “what,” but the “why” of adversary motivations, and how that can affect potential targets. Understanding that could make all the difference in keeping businesses safe and productive.
Executive call to action For executive leadership, now is an opportune time to evaluate your accepted business risks. That means taking the time to understand how interconnected your agriculture operations are to your corporate offices. Could you function as a business should a ransomware attack affect you? What investments have you made to build resiliency into your operations? These are incredibly difficult questions to answer. Use the catalyst of global events to invest in technology and more importantly, people, to help you find those answers. Be proactive, and train for climatic events like a cyber-attack. Utilize third-party services to give unbiased evaluations of your resiliency and recovery. Perhaps most importantly – resist complacency. Cybersecurity threats evolve and shift as do global events. Maintaining strong situational awareness could be the critical deciding factor between a crippling costly cyber-attack and a resilient enterprise able to weather any storm. The fate of the world’s agricultural supply chain could rely on it.
By Joe Marshall.
The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility.
For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way.
Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels.
To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets.
Where there is weakness, there is opportunity
Ransomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.”
This is far from unusual for these adversaries — they are shrewd and calculating, and understand their victims’ weaknesses and industries. However, there is a larger picture we have to consider. Due to the war in Ukraine, the world’s global agriculture food supply chain is under serious threat. The world is already facing several stresses on the global economy and supply chain, including rising costs of food, inflation and the ongoing COVID-19 pandemic. Food insecurity, starvation and additional global unrest are all but assured as the war in Ukraine rages on. This chaos, in turn, can add more fuel to the fire that is cyber attacks on agriculture. To truly grasp the enormity of this, let’s look at Ukraine, a massive global supplier of agriculture and the implications for global agriculture security.
Just how important is Ukraine in global agriculture
Ukraine is often referred to as the “Breadbasket of Europe,” and it is a well-earned moniker.
As of 2021, Ukraine accounted for the sixth most-exported wheat in the world. That is 10% of the market share, producing 20 million tons of wheat and was valued at $5.1 billion, with Egypt, Indonesia, Turkey, Pakistan and Bangladesh as the primary destinations. Ukraine is unique in that a large portion of the country’s land has incredibly fertile soil, with over half the country having well-suited arable land dedicated to crops like wheat, maize and sunflower. Some may assume that swathes of rich land are all that is necessary to be an agriculture giant, but in truth, one needs a well-laid and maintained infrastructure to move crops, seeds and fertilizer, and robust deep water oceanic ports that can import and export products quickly. Ukraine has all of that. Or, it did.
Understanding the mess of Ukrainian wartime agriculture
It is something of an understatement to say that Ukrainian agriculture exports are in dire straights. Currently, due to the invasion, Ukraine has limited access to seaports to export its extensive backlog of wheat and other agricultural products. Pre-war, 70% of agriculture was exported via seaports, averaging 25 million metric tons a year. This has been reduced to a trickle — only 2 million tons were exported in June alone, a far cry from the 4 million that’s typical of that time of year. Poor countries that cannot shoulder the steep increase in prices will suffer the most. Forty percent of Ukraine’s wheat exports go directly to the U.N. World Food Program, which helps feed these poorer countries.
Additionally complicating matters is the act of planting and harvesting in Ukraine. Some farm fields are now filled with mines — unexploded ordinances — and farm labor is difficult to find. These factors can create delays that can be catastrophic to the sustainability of a farm’s ability to provide food to the world. For example, every day delayed during a planting season could affect the total bushel-per-acre yield, without taking into consideration weather, market conditions, and of course, armed conflict.
There is also a lack of grain storage capacity for current harvests, as grain is trapped in silos and there are very poor logistics to export out of the country via methods other than bulk oceanic freight. Without the ability to effectively ship last year’s harvest, and this year’s current harvest being reaped, planting for the 2023’s harvest is in serious jeopardy. All of these complications means Ukraine will effectively have a vastly and painfully reduced presence in the agriculture market for years to come.
Ukraine and Russia recently signed a U.N.-brokered deal, in which an agreement to allow grain shipping exports to resume via the Odessa seaport. This is a much-needed means to deliver trapped grain products in Ukraine, but the agreement is on very precarious footing. Russia is still actively bombing and targeting the Odessa metropolis, and has demonstrated time and again that it is willing to abandon agreements when it suits them. This agreement also runs somewhat counter to the Russian tactic of weaponizing the food supply chain to its advantage. By artificially creating scarcity, Russia can leverage concessions from a global community that relies deeply on Ukrainian grain exports to feed the world. A lack of scarcity could inhibit one of the few cards they can play to compel global compliance to its demands. Historically, Russia is not shy about using famine and scarcity as a weapon.
**No easy answers **
War is chaos. Relying on the questionable availability of a seaport is not ideal. Ukraine is looking for additional ways to export their trapped agricultural products without the reliance on the pseudo availability of its Odessa seaport, which as of this writing, are very laboriously exporting via rail to other Eastern European countries, or via the Danube river to other countries’ seaports. The Bessarabia region, in the Odessa Oblast, has two prominent river ports: Izmail and Reni. These ports, however, are quite old and were not built to ingest and export agriculture at peacetime volumes. Even utilizing seaports reached via river barge, like Constanta in Romania, only offers a small percentage of peacetime oceanic volume.
Even the Ukrainian rail system is problematic for shipping agricultural products. Ukraine has older Soviet railroad tracks that are incompatible with countries like Poland and cannot just roll trains to the rest of Europe without considerable effort. To put it all succinctly: There are only bad answers to the terrible questions of how to export agriculture in the middle of a Russian invasion.
**So what are the security threat models to agriculture? **
Industry-specific instability is seen as enticing, as victims are seen to be more compliant to pay an extortion fee in exchange for the return of their data and network. The more unstable and exposed the industry, the more compelling it is to an attacker. Nation states may also see agricultural instability as an opportunistic way to project power and advance national interests.
Critical infrastructure, like agriculture, is part of a complex and interwoven network of critical services that let society function. Cyber attacks on that infrastructure will always carry value to a nation-state’s advanced persistent threat actor. The ability to disrupt or deny critical services is a potent weapon to enforce one nation’s will over another. Even indirect attacks can affect agriculture. Cyber-attacks launched against energy or water industries can create a ripple effect that impedes the ability of agriculture to produce at optimum. Ukraine has a long history of suffering these kinds of cyber-attacks, including the costly NotPetya attack, that was attributed to Russian APTs.
There are also mutual interests that criminal ransomware cartels and the Russian government share. Ransomware cartels are not shy about their relationships with Russia. Many ransomware gangs also operate within that country’s borders with relative impunity. These groups, who often act as proxy state-sponsored actors, have financial interests that align with the Russian government. Russia is kinetically targeting agriculture with the express intent of creating additional food chain supply insecurity. Ransomware cartels also want to extort victims and additional food and supply chain disruptions continue to favor Russian interests.
Much like the Colonial Pipeline ransomware attack, there are also unintended consequences of a cyber-attack that have a way of trickling down into how businesses can operate in an industrial environment. As defenders, we must consider our integrations into industrial operations. Agriculture industries are rapid adopters of industrial automation. The imperative to produce rapidly and deliver to market is driving companies to remove the human element where possible. For example, a fully automated grain elevator removes the need for humans to assist in the unloading of grain, extending the serviceable hours an elevator can stay open for farmers. Automated milking systems make it possible to increase milk cows more frequently, and automated feed pushers keep herds fed so milk production stays consistent. As you think about cyber defense, ask yourself what does an attack on your converged farms and facilities looks like? Would the loss of IT assets trickle into industrial operational technology that lets your business operate? Could you still ship perishable milk? Could a grain elevator still operate?
**What does this mean for cyber defenders? **
The invasion of Ukraine is awful. And it is easy to be lost in the suffering and sacrifice of the Ukrainian people. Now is the time, more than ever, to understand what is at stake and what we can do to keep the world fed. Whether we’re protecting a direct agriculture business, or something agricultural-adjacent, now is the time to reflect on business resiliency. As defenders, we cannot control war, the weather, or the agriculture market. Instead, the security community should consider this an opportunity to improve their situational awareness. By just maintaining awareness of outside events, we can draw a better picture of the current security risks. It can be easy to dismiss global events as having no additional effects on an organization’s cybersecurity posture — we’re under constant attack as it is. Instead, consider not the “what,” but the “why” of adversary motivations, and how that can affect potential targets. Understanding that could make all the difference in keeping businesses safe and productive.
**Executive call to action **
For executive leadership, now is an opportune time to evaluate your accepted business risks. That means taking the time to understand how interconnected your agriculture operations are to your corporate offices. Could you function as a business should a ransomware attack affect you? What investments have you made to build resiliency into your operations? These are incredibly difficult questions to answer. Use the catalyst of global events to invest in technology and more importantly, people, to help you find those answers. Be proactive, and train for climatic events like a cyber-attack. Utilize third-party services to give unbiased evaluations of your resiliency and recovery. Perhaps most importantly – resist complacency. Cybersecurity threats evolve and shift as do global events. Maintaining strong situational awareness could be the critical deciding factor between a crippling costly cyber-attack and a resilient enterprise able to weather any storm. The fate of the world’s agricultural supply chain could rely on it.