[chicob]

Farmer here. I've been saying for years to my fellow farmers that equipment security shouldn't be dismissed.

I did not focus much on tractors, though, but automatized irrigation systems that allow remote access and configuration. When choosing my own options, and since I never had the information I needed, I always chose the simplest solution, i.e., local manual configuration without remote access.

Around here the public water supply is remotely controlled, but like an Intranet, via optical fiber. I suspect this has to do not only with poor reception in remote locations but also with security. But water meters are accessed via SIM, I think.

Every time I mention any concerns with security, however, these are met with skepticism. The usual inability to foresee third-parties' motivations, in variations of

"Why would anyone want to interfere with my equipment?"

are very common. And I admittedly lack the skills to raise concerns for this issue past saying that ignorance of threats doesn't make them go away. My only hypothetical case is systematic crop failure due to poor irrigation associated with futures markets that depend on yields.

[st_goliath]

> "Why would anyone want to interfere with my equipment?"

Oh yes, this sounds way too familiar. "Why would anyone want to hack my system?" - pretty much most people I talked to about IT security, between circa 2000 and 2010, give or take a few years.

> My only hypothetical case is systematic crop failure due to poor irrigation associated with futures markets that depend on yields.

Besides stock market manipulation, ransomware and warfare, any 12 year old who discovers shodan.io or mass-scan can potentially stumble over some Internet exposed, remote control interface. A random 12 year old will go ahead and destroy stuff simply because that's cool or whatever, without thinking twice about it. Source: Just ask anybody who has ever been talked into doing IT at a school.

As you also said, it's hard to guess what motivations someone might have. And when you connect some device to the Internet, you are actually connecting the Internet to the device. Seems to be an often overlooked issue with IoT or smart-somethings.

[voakbasda]

The average person does not understand that hooking up a device to the internet is like moving into a unlit, unregulated, unpoliced neighborhood. Shady people could come knocking at your door with heavy weapons, and you had better have ample and up-to-date defenses already in place or they are coming in for a visit.

[bierjunge]

> "Why would anyone want to interfere with my equipment?"

Because it's interesting and "because we can". It's a challenge without any other motivation besides curiosity.

But lets say some ransomware outfit discovers farmers as their niche, because the security barrier is relatively low and it's a time sensitive business. Your crops are ready to harvest, but your equipment is not starting until you pay the ransom? What can you do then? Waiting and letting the crops rot is not an option, renting hardware from others can be difficult/expensive/impossible, so the most would pay the ransom. I haven't heard of attacks targeting farmers/farm equipment in particular, but it could be a real problem in the future.

[ragebol]

Or, fantasizing here: some opposing nation state wants to disrupt food supply?

Or: very nasty farmer with the same crop hacks your equipment so you and most of his other competitors can't deliver, allowing to gauge prices due to near-monopoly.

[0des]

Knowing how most farmers live on a razor's edge between subsistence and famine, this is fucking terrifying.

[martin_a]

This works well with some bets on stock prices, too.