Farmer here. I've been saying for years to my fellow farmers that equipment security shouldn't be dismissed.<p>I did not focus much on tractors, though, but automatized irrigation systems that allow remote access and configuration. When choosing my own options, and since I never had the information I needed, I always chose the simplest solution, i.e., local manual configuration without remote access.<p>Around here the public water supply is remotely controlled, but like an Intranet, via optical fiber. I suspect this has to do not only with poor reception in remote locations but also with security. But water meters are accessed via SIM, I think.<p>Every time I mention any concerns with security, however, these are met with skepticism. The usual inability to foresee third-parties' motivations, in variations of<p><i>"Why would anyone want to interfere with my equipment?"</i><p>are very common. And I admittedly lack the skills to raise concerns for this issue past saying that ignorance of threats doesn't make them go away. My only hypothetical case is systematic crop failure due to poor irrigation associated with futures markets that depend on yields.
More like "farm equipment manufacturers have insecure backoffice web services" with some tenuous and unsubstantiated highly contrived links to fanciful action movie sub-plots.<p>I agree that automotive and farm equipment have generally mediocre security track records and that, with the addition of remote connectivity, these issues are concerning. But all hyperbole and breathless reporting like this gains us is an excuse for repair hostility under the guise of "security."
Goes right along with "Bugs allowed hackers to dox John Deere tractor owners" <a href="https://news.ycombinator.com/item?id=26903482" rel="nofollow">https://news.ycombinator.com/item?id=26903482</a>
Modern large scale farming is really not that much different from other industrial endeavors. Increasingly, small farms have to sell out to the industrial farms due to the economics.
Link to the actual talk (why didn't op just link to the talk?) maybe, instead of linking to the website of a "security software" company with ties to the FSB?<p><a href="https://www.youtube.com/watch?v=zpouLO-GXLo" rel="nofollow">https://www.youtube.com/watch?v=zpouLO-GXLo</a>
This link doesn't work for me in Canada, because of some faulty re-routing that Kaspersky's backend is doing (keep getting redirected to <a href="https://www.kaspersky.ca/fr" rel="nofollow">https://www.kaspersky.ca/fr</a>). This one does: <a href="https://usa.kaspersky.com/blog/hacking-agriculture-defcon29/25561/" rel="nofollow">https://usa.kaspersky.com/blog/hacking-agriculture-defcon29/...</a>
One could have seen it coming...<p><a href="https://www.vice.com/en/article/xykkkd/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware" rel="nofollow">https://www.vice.com/en/article/xykkkd/why-american-farmers-...</a>