I was driving home this last Tuesday, listening to the evening financial news on APM’s Marketplace, when a story about modern farming caught my attention. About two-thirds of the way through the story, reporter Tess Vigeland related:
“… I said to my dad this spring that maybe I’d like to take a week off and come work on a farm again. And he very politely and gently said that probably that’s not a good idea because I’m not qualified to drive the equipment anymore. Really, it’s not mechanized, but computerized.”
That comment struck a chord for me. We’re accustomed in big business to treating IT services as an indispensible component of the operation. E-mail, mobile computing, massive data stores, bespoke applications and general automation are all hallmarks of how we live and work today. If you cut the corporate headquarters’ outside network access, people will panic. True, there are some employees who still remember how to drive production along with ballpoint pens and carbonless forms. Most folks, though, will seize up. Even ten years ago I got accustomed to being woken up in the middle of the night by angry executives because the BlackBerry Enterprise Server had hiccupped and e-mail access seemed to have gone down for more than ten minutes.
Once a service becomes a utility, we tend to skew our perspective on the complexity, ubiquity and difficulty of providing the service. We also expect that a shed-full of boffins are always available to keep the core services secure as well as available on-demand. That’s just not the case for the majority small businesses. As we kicked around back in June, a great many small businesses don’t have professional IT support staff in-house. They don’t have “robust” IT systems or services … and the managers responsible for the bottom line might not have the nuanced IT perspective to preemptively harden their critical systems against penetration, espionage and exploitation.
All of which brings us around to the above-mentioned Marketplace article. I remember driving a combine out on a Kansas farm once when I was a kid. Admittedly, I only drove it for about thirty feet, but it was all me at the controls for that terrifying minute. As a twelve year old, I thought the giant beast was complicated, but manageable … and it also occurred to the hooligan streak in the back of my little pre-teen head that this giant machine could do an awful lot of damage if it was controlled by someone with mischievous intent. When Ms. Vigeland mentioned how the same equipment was computerized now, the cyber security klaxons in the back of my head started clamoring for attention.
Ms. Vigeland is absolutely right: the production equipment, planning systems, logistics support systems … everything on the modern farm (in a developed country) is either computerized, networked or both. While that makes for tremendous increases in efficiency (e.g., analyzing data in order to optimize your use of fertilizer and seed), it also presents a tempting target to potential adversaries. And where there’s an unguarded target, someone is going to get up to trying some mischief.
I counsel most small business owners that I meet to learn how to lock down, harden and monitor their core systems. Step one of that security lock-down is to hire a trained, experienced employee whose primary job is to own the core equipment – and to be ultimately responsible for everything that happens with (and to) it.
During a particularly irritating router replacement job a few years back, I had to explain to the shop owner why a firewall was necessary to keep his point-of-sale machines and credit card processing equipment shielded from the public Internet. The owner’s response was “But all that equipment is here … in the store … it’s not outside on the Internet, so it’s all safe!” Aaargh … That fellow, fortunatley, had little to tempt a would-be criminal: he did a few hundred dollars in niche market clothing sales a week, and didn’t have the kind of inventory or sales receipts that most online hooligans would bother trying to steal.
A farm, though … that’s a whole new sport for the criminal class to dabble in. In addition to the significant funds involved in farming (even accounting for the razor-thin profit margin of non-corporate operations), farms have those enormous, wonderful toys … If we take as accepted fact that a hacker will enjoy the technical challenge of futzing with controllable devices ranging from Lego™ Mindstorms programmable toys to industrial SCADA controllers just for the sheer joy of seeing something work, imagine how tempting a target a multi-ton combine harvester or tractor might be. It’s the ultimate remote-controlled toy car, even if you have to be a bit indirect about it (e.g., GPS tampering, inertial guidance manipulation, etc.).
Farms, in this case, represent another industry sector where production now relies on commercial IT services to function. Farms – like many other businesses – operate very close to the margins, and can’t always afford dedicated support employees for non-core functions. Given a choice between hiring a trained farmer and an IT tech, when there’s only funding to hire one employee, the fellow who directly drives production will usually get the nod. Long-term, though, this is a risky tactic. The more that any business depends on IT services to function, the more vulnerable it become to outages, attacks, misconfigurations, and other such impositions. If a business wants to stay in business, it needs to invest strategically to build in the defensive measures necessary to preempt the inevitable outside attack.
Inevitably, the position of “chief of IT services” is going to become an indispensible and inarguable of every commercial farm, just as it has in every large business world-wide. Give it another ten years, and the archetype of the fellow running Ethernet cables from the office to the barn will be as iconic to our common cultural image of “farm” as the fellow driving the tractor across the freshly-tilled field.
Keil Hubert is a business, security and technology operations consultant in Texas. He’s built dot-com start-ups for KPMG Consulting, created an in-house consulting practice for Yahoo! Broadcast, and helped launch four small businesses (including his own). His experience creating and leading IT teams in the defence, healthcare, media, government and non-profit sectors has afforded him an eclectic perspective on the integration of business needs, technical services and creative employees. He currently commands a small IT support organization for a military agency, where his current focus is mentoring technical specialists into becoming credible, corporate team leaders.