As the agri-food sector increasingly embraces automation with GPS, robotic systems, cloud-connected devices, and AI-driven tools to boost efficiency and crop yields, cyber risks have been rapidly escalating. With ransomware attacks as the primary threat, the food and agriculture sector ranks as the seventh most targeted industry in the United States, just behind sectors like manufacturing and financial services.
Many of the technologies driving the digital transformation in food and agriculture were designed long before cyberattacks became a serious concern, leaving critical vulnerabilities throughout the supply chain. With these systems not built to withstand modern threats, the sector has become a prime target for cyber-criminals.
FBI Special Agent Gene Kowel, in a speech at the bureau’s second annual Agriculture Threats Symposium in Nebraska in August emphasized that “The cyber risk and national security threat to farms, ranches, and food processing facilities is growing exponentially. The threats are evolving, becoming more complex and severe.”
Cory Brandolini, co-founder of Railtown, a software company specializing in AI-powered solutions for developer best practices and productivity, stresses that food production has become one of the most automated industries in the world.
“We’re seeing robotic systems managing farms, automated feeding systems for livestock, and even AI-based optimization tools to improve crop yields. But all this automation brings significant cyber risk if Infrastructure leaks or PII leaks (Personal Identifiable Information) within the underlying software that are not constantly protected. Imagine if a hacker could tamper with the feeding schedules for livestock or the storage temperatures for perishable goods; that’s not just an inconvenience, that could lead to massive financial losses and food scarcity.”
Brandolini warns that failure to address technical debt in legacy software systems can lead to escalating costs and risks over time.
“These systems were never designed to be exposed to the internet, yet they are now part of highly interconnected global networks,” he says.
If a cyber breach occurs in industrial control systems (ICS), a hacker could manipulate temperature controls or sensors, alter important information like ingredient lists and allergen labels, potentially putting customers at risk and causing significant disruptions.
Companies that sell foods that are at risk for spoilage are most vulnerable because they are more willing to pay ransom rather than risk their products getting spoiled.
“Any downtime caused by an attack could lead to a chain reaction of delays, potentially causing late planting or harvesting windows,” says a report from the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC).
According to the FBI, ransomware attacks, foreign malware, data and intellectual property theft, and bio-terrorism impacting food production and the water supply are the four key threats facing the agriculture sector. Special Agent Kowel says that foreign entities are actively attempting to destabilize the U.S. agriculture industry.
In September 2021, New Cooperative, a large Iowa grain cooperative with over 60 sites, and Crystal Valley Cooperative, a Minnesota-based farm supply and marketing organization, were both hit by ransomware attacks. A month later, Schreiber Foods, one of Wisconsin’s largest cheese manufacturers, was hit by a cyberattack that shut down its plants and distribution centers for five days.
Earlier that summer— in a very high-profile food industry cyberattack— JBS, the world’s largest meat producer, faced a cyberattack that forced the closure of all its U.S. beef plants, which handle nearly one-fifth of the country’s meat supply. Ultimately, JBS paid an $11 million ransom in bitcoin to minimize the potential disruption to its supply chain.
In 2022, HP Hood Dairy, the owner of Lactaid, was hit by a ransomware attack that took all its plants offline. During the same year, U.S. agricultural equipment maker AGCO suffered a ransomware attack that halted operations and delayed tractor sales at a critical point in the planting season. In 2023, several major food companies, including Dole, Sysco, and Mondelez, faced significant cyberattacks, disrupting their operations.
These attacks continue to rise, with 40 incidents reported in the U.S. agri-food sector in the first quarter of 2024 alone. One particularly devastating case occurred in Switzerland, where a ransomware attack disabled a farmer’s milking robot and data collection systems, resulting in the death of a pregnant cow and significant financial losses. The ransom went unpaid, but the damage was already done.
Even as these threats mount, the food and agriculture industry remains under-prepared. A 2019 UK government report found the sector spent just £1,080 annually on cybersecurity measures, a stark contrast to the £22,050 spent by finance and insurance firms. This trend is mirrored in the U.S., where cybersecurity is still not a priority for many farmers and producers. “When I talk to farmers about cybersecurity, their eyes often glaze over,” admits Mark McHargue, president of the Nebraska Farm Bureau.
According to Brandolini, these cyberattacks are not hypothetical.
“The vulnerability we see in industries like food production is staggering. The legacy systems that many companies rely today on are not built to withstand the complexity and scale of modern cyber threats. Unknown and unresolved issues within the underlying legacy software will continue to expose the companies to catastrophic failure or cyber-attacks,” he says.
The U.S. government is taking steps to address these challenges. Congress recently introduced the Farm, Food, and National Security Act of 2024, which requires the Secretary of Agriculture to assess cybersecurity risks in precision agriculture and the broader food supply chain. It also incorporates elements from the bipartisan Farm and Food Cybersecurity Act, including provisions for cross-sector exercises to help farmers prepare for food-related emergencies or disruptions.
From a technology perspective, artificial intelligence (AI) is set to become a key player in securing the agri-food sector against cyber threats and software vulnerabilities. With the ability to monitor, learn, and respond to vulnerabilities in real time, AI-driven platforms provide food producers with a robust tool to defend against cyberattacks, reinforcing the resilience of food systems in an increasingly interconnected and digitalized world.
“We cannot afford to wait for another major cyberattack before taking action,” says Brandolini. “AI offers the food industry a way to not only protect itself from current threats but also to future-proof its operations.”
Railtown’s “Conductor” platform exemplifies how AI technology can protect critical industries from potentially catastrophic disruptions, by identifying and correcting vulnerabilities before they turn into larger issues.
“We designed Conductor to act like a ‘conductor’ of an orchestra, where every part of the software system is in sync,” says Brandolini. “The Conductor will instantly recognize any Infrastructure or PII leaks and mask them immediately while simultaneously alerting the engineering team of the issue and the code change. The time it takes recognize and resolve the risk is key to protection.”
At an operational level, Special Agent Kowel advises of steps that can be taken to help reduce risk: “One is just basic cyber hygiene, having multi-factor authentication for any kind of system. Two, is awareness. The greater degree that our farmers, our producers, our ranchers are aware of this and are willing to come to law enforcement and report it, the greater degree we can protect the entire industry,”
The rise of precision agriculture has transformed farming by embedding advanced technology into every step of the process. Drones, often imported from China, now monitor and manage crops, while automated systems control livestock feeding, optimizing efficiency. This technological revolution extends beyond the fields, streamlining food processing and distribution to ensure smooth operations right through to supermarket shelves.
As technology becomes more sophisticated, the agri-food sector must bolster its defenses. From adopting AI-driven solutions to implementing basic cybersecurity hygiene practices, the future of food security is influenced by how the industry responds to this mounting threat. The consequences of inaction could be dire.
“A successful cyberattack on the food supply chain could lead to more than just financial losses,” warns Brandolini. “If hackers disrupt food production or distribution, millions could face food shortages. This isn’t just about economics— it’s about human lives.”
Read the full article here