SafetyDetectives spoke with the CISO at John Deere, James Johnson, about this role at the company, protecting autonomous vehicles from cyberattacks, ethical hackers, and more.
Can you discuss the role of the CISO at John Deere in influencing the company’s decision-making processes and shaping its cybersecurity culture?
A key part of my role is working with our executive leadership team and board of directors to establish strategies and measures that drive the security-focused culture we need to continuously improve our security posture. Another critical part of my role is enabling my team to get what they need to execute our mission. This includes activities to attract best-in-class security talent as well as establishing partnerships with industry leading security suppliers.
What are some of the security innovations that you brought to the company?
The threat landscape is constantly changing; as a result, we must continue to evolve to stay ahead in our mission of Defending our customers, their operations, and our infrastructure. Our talent pipeline is one of the innovations I’m most proud of and one of the ways we continue to infuse new ideas into our program. We’ve partnered with Iowa State University to build a year-round intern program where we’re able to hire students, part-time early in their careers. Students can join us in our mission by working on real-world cyber challenges. Many program participants choose to join Deere at the end of their degree programs, while others go on to help the broader cybersecurity industry.
Can you tell us about the cybersecurity challenges that John Deere faces?
Tractors, combines and our other equipment are becoming more connected and complex in pursuit of our customer’s needs to do more with less via autonomy and intelligent equipment. This is why we employ a dedicated team of cyber professionals to improve the security of our products and infrastructure throughout the design and development process. AI also will continue to grow rapidly and unpredictably. We have cyber security resources to help address unique challenges associated with AI while embracing the technology to enable our customers and our employees to safely realize the incredible value AI can provide.
Looking toward the future, as autonomous tractors, lawnmowers, etc become more common, how would they be protected from cyberattacks?
As sophisticated machines become more common, having a multi-pronged approach to security is important. This includes, for example, having a security-by-design program in place so that security is a design consideration from the beginning and a team dedicated to finding security vulnerabilities in products and driving remediation.
I read that you ran a Vulnerability Disclosure Program (VDP) through HackerOne – what were some of the biggest takeaways you got from the program?
HackerOne has provided us the opportunity to engage with some of the most talented ethical hackers around. Through our partnership with them, we’ve been able to identify areas where we need increased investment, and we’ve reacted quickly to improve our security posture in those areas. I think that this program is an example that demonstrates our commitment to continuously improving our security posture with the end goal of protecting John Deere customers and dealers.
What emerging cybersecurity trends or threats specific to the agriculture sector should companies be aware of?
There is a trend related to the increased adoption of technology into Ag machines and connectivity and automation features are keys to unlocking step-change improvements in customer productivity. While this technology has tremendous customer benefits, it also increases the overall attack-surface. It is important to have a security-focused culture within any company when developing these new machines.