How agriculture, water systems are fighting AI pitfalls with AI

Noah Frank

21 Oct 2024

Feras Batarseh speaks at a recent Tech on Tap event about his work on cybersecurity for water treatment systems. (Craig Newcomb for Virginia Tech)

Large language models might not produce better writing than humans. AI systems might not create movies on par with a filmmaker’s work. But they’re very good at spitting out large quantities of content — both written and visual — that can look good enough to fool someone into thinking they’re generated by a person. And in the game of cybersecurity, it often only takes fooling one person to create a breach.

Feras Batarseh, an associate professor with the Commonwealth Cyber Initiative and the Department of Biological Systems Engineering at Virginia Tech, is hoping to change that through his work with the newly developed Food and Agriculture Information Sharing Analysis Center (ISAC). Using his own artificial intelligence-driven cyberbiosecurity tools, Batarseh’s team at Virginia Tech was chosen as a founding member of the University Partner Program, along with Iowa State, Nebraska, and Purdue. Together, they’re working on both immediate and long-term solutions to help, essentially using the more complex, less visible side of artificial intelligence research to combat the one people see every day in the news.

The original ISAC was formed for the information technology space in 2000. ISACs function as member-funded organizations that help provide guidance and best practices for their members of various designated critical infrastructures to help manage the ever-growing and changing array of cyber threats that they face. Since the turn of the century, the ISACs have expanded to try to cover every critical sector.

Agriculture is the fastest rising cyber crime target, and it now ranks as the seventh-most attacked sector. The threats for agriculture go beyond email campaigns, though. One of Batarseh’s current projects involves helping detect cyber threats to the GPS systems used in machinery on large farms. The firmware within those systems, which is usually made in China, can often be enabled or disabled remotely. And the operators, while experts in the areas of agriculture that they need to be to perform their jobs, often know little to nothing about the ins and outs of the technology they rely on.

“Some of these small farms don’t even have an IT staff,” said Jonathan Braley, Director of the Food and Ag ISAC. “They’re not going to really see the value in some of the technical stuff that’s getting passed around.”

While you may have used ChatGPT to help you write an email for work, so have cybercriminals, increasingly, and to much more successful and detrimental impact. For foreign actors whose first language isn’t English, some of these tools have enabled much larger, more convincing phishing campaigns, particularly against critical infrastructure. In the United States, a lot of our systems for industries like agriculture and water rely on legacy systems, often run by small, local and regional operators, without the knowledge or resources to defend against the growing global threat of cyber crime.

“So there’s this stigma with AI, ChatGPT and all that stuff, which is very well understandable,” said Batarseh. “Our team, my lab, works on AI assurance applications. We don’t merely do AI — we do assurance of AI systems.”

AI assurance is the process of evaluating the explainability, accuracy, and ethics of AI. Batarseh’s first-of-its-kind AI & Cyber for Water & Ag (ACWA) lab combines cybersecurity with physical and biological systems to help research cyberbiophysical threats. This means doing the hard work of vetting threat vectors through generative adversarial networks that they create to help simulate baselines for attacks that haven’t happened yet, giving critical infrastructures the ability to recognize and diagnose an attack as it happens.

“The proposition here is that AI can help, that it can be a tool for good and for change,” said Batarseh.

A big part of that, at least in the near-term, is combatting the ways in which AI has made cyberattacks easier.

“That was one of the early concerns immediately once OpenAI came out, was that phishing emails’ quality just got significantly better,” said Braley. “Those typical tells — the bad language that you could usually spot and say, ‘This English doesn’t really make sense,’ that’s gone, right? It’s really empowered some of these threat actors who are kind of lower sophistication to really improve what they’re doing.’”

Because of the diverse nature of these threats, Batarseh has enlisted a multidisciplinary crew at Virginia Tech to help him. Led by the Center for Advanced Innovation in Agriculture in the College of Agriculture and Life Sciences, the university formed a committee to be the primary point of contact with the ISAC. In addition to Batarseh, the committee includes:

Virginia Tech Transportation Institute (VTTI) Division of Technology Development and Deployment Division Director Zeb Bowden
Virginia Tech Applied Research Corporation (VT-ARC) Vice President of Technology Matt Wolfe
Yiming Feng, assistant professor at the Virginia Seafood Agricultural Research and Extension Center

That gives the group the breadth of knowledge to address a wide breadth of areas that can be impacted by developing cyber threats.

Around 2007, food and agriculture companies started reaching out to Braley, but it wasn’t until 2013 that the Food and Agriculture Special Interest Group was formed. While the special interest group sufficed for a while, the growing threat vector to the industry led to further reconsideration in recent years, and the formation of the formal ISAC in the spring of 2024, under the broader IT ISAC umbrella.

“It made more sense to kind of brand ourselves and make sure that people knew that we’d been doing this for a long time, and we wanted to be the ISAC to do it,” said Braley. “Once we kind of formalized, we got a lot more recognition out there, people knew that we were around. We’ve had a lot of growth since then.”

Braley and his team have worked with Virginia Tech for years prior to connecting with Batarseh for this project. Working with universities allows for a fruitful partnership between government, industry, and higher education that benefits all parties.

“We want to align research that Virginia Tech is doing with our members, so that the needs of industry are aligning with the research that’s being done,” said Braley.

That alignment will happen in person for the first time in November in Arlington, at the 2024 AI for Agriculture Fall Symposia. While all the parties involved will get a chance to discuss the rapidly changing AI landscape, the meeting underscores how crucial test beds like the ACWA lab are not just for Virginia Tech, but for the kinds of academic, government, and private partnerships like the ISAC.

“Besides some companies that do research, only labs and universities are able to run extensive scientific tests to see how to counter attacks,” says Batarseh. “That’s the first line of defense that you go to so you can figure out how to understand the attack.”

Beyond the straightforward solutions to individual problems, the work being done on the Virginia Tech campus is also training a wave of new cybersecurity professionals in the specific details of tackling cybersecurity challenges in agriculture. That serves a long-term workforce development goal, preparing students to transition into the working world and provide a meaningful and lasting impact of shoring up cybersecurity in this sector.

“As we develop this workforce, it becomes more and more doable,” said Batarseh.