NDSU researchers developing new system to bolster agricultural security

The data that farmers and those in agriculture receive through sensors, drones and intelligent agricultural equipment is invaluable. But how is that information secured and protected?

Greg Wettstein, NDSU principal IT engineer, and Nick Dusek, assistant director and research facilitator for NDSU Center for Computationally Assisted Science and Technology, are working to help make this data secure.

The Agricultural Experiment Station was beginning a new project on ag data security, and discussions between Wettstein, Dusek, North Dakota Agricultural Experiment Station associate director Frank Casey and NDSU ag tech executive project manager Aaron Reinholz led to the deployment and testing of Quixote as part of a secure IoT data pipeline.

It is part of NDSU’s Food, Energy and Water Security research initiative. It addresses key issues facing food production, energy creation and delivery, and water resources today by strongly emphasizing technology and research.

“Modern agriculture runs on data; securing it is as essential as seed and soil. From field prep through harvest and handling, one breach can undo a year’s work,” Casey said. “Through our FEWS initiative, we’re backing trusted, end-to-end pipelines like Quixote so producers can rely on uncompromised information to deliver food, fuel and fiber.”

Cybersecurity has risen to the forefront of many areas, and it has done the same with agriculture. This project involves two key components. First, it introduces software tools that enable developers to create precise mathematical models describing the intended behavior of their software as part of their standard development workflow. These models serve as formal specifications that guide and verify the correctness of the software.

Second, the project includes the development of a new security sub-system for the Linux operating system. This sub-system enforces the mathematically defined security behavior when the software is deployed and run in production, ensuring that it operates in strict accordance with its formal specifications.

Quixote is the enabling technology for a USDA-funded project that implements trusted pipelines for agricultural data. The system will ensure data collected from field sensors has not been corrupted or modified, from the acquisition of the data to its processing and storage in the cloud.

“Quixote was designed from a clean sheet of paper to address these issues,” Wettstein said. “The objective was to provide a means for development teams to obtain 10x+ increases in the security of their applications, without the need to be security experts. Quixote directly supports new software development models that use ‘containerized’ development practices. Quixote also provides methods to implement AI-based security models without adding agent software to systems that can pose as much of a danger to the system as potential adversaries do.”

“Everyone is concerned about data security in agriculture, but very few people are building the software infrastructure needed to address the problem in a holistic way,” Dusek said. “Meanwhile, we are deploying more and more internet-connected devices to the field, in many cases, without any kind of systematic security review. Quixote represents a unique opportunity, not only to secure these devices, but to set a standard for IoT data security in agriculture, and to do it with technology developed in North Dakota and tested at NDSU.”

Wettstein described the ag security project as a “prototype implementation of a secure agricultural data pipeline.” And it is needed as the current system security technology is 50 years old and designed for systems and threats that are no longer relevant.

“These security architectures are a poor fit for our modern environment, where computing is being pushed further and further to the edge and when industries are deploying ever-increasing amounts of software with the primary objectives of functionality, speed of delivery and low development costs,” Wettstein said. “In addition, these classic security architectures do not directly support the use of artificial intelligence and/or machine learning models for detecting when systems are being attacked or compromised.”

Wettstein said the project features the implementation of a prototype system that guarantees that all of the systems that convey information from the ‘edge,’ (which include field sensors, drones, intelligent agricultural equipment) are placed into a trusted state.

“This provides a guarantee that the data can be trusted to be the same data that was acquired at the edge and that no adversaries have tried to modify or change the data,” he said.

The initial prototype focuses on securing data generated by field sensors that communicate via LoRaWAN wireless technology. This data is transmitted to servers at NDSU, where it is stored and analyzed. Most prototypes have been completed, except for the component that connects the wireless data to the Internet.

Development is currently underway on this bridging unit, which will incorporate Quixote security technology, Wettstein remarked. Why is ag security so important?

“In the modern world of networked computers and industrial control systems, North Dakotans no longer can enjoy the security that was provided in past conflicts by oceans and large land masses,” Wettstein said. “The economic advantages of the deployment of these technologies have also opened the door to our industrial, agricultural and energy systems being directly attacked.”

Several Quixote-enabled gateways will be deployed at NDSU for the initial testing phase. The long-term goal will be to deploy them in the field at different experiment station sites across North Dakota.

“Consider, for example, the potential impact of reporting soil temperatures, humidity levels, wind speeds and weed infestations that are consistently different than reality,” Wettstein said. “Our country is generating new software and adopting AI faster than it can secure the systems running this software and these models. Success of the prototype will demonstrate that the Quixote technology can enable development teams to gain 10x + increases in the security of their software without the need to become security experts.”

The development of Quixote will impact other areas of cybersecurity. There is data collection in smart cities, smart buildings, industrial control, healthcare and hospitality.

“For this project specifically, I can see Quixote being deployed to secure sensor networks at experiment stations and extension centers across North Dakota. A pilot of this scale would be the first of its kind and could provide a model for other states to adopt for securing agricultural data,” Dusek said. “Beyond this project, Quixote has the potential to launch a new ecosystem of secure data infrastructure and software development across many industries.”