Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Cyberattackers are eyeing America’s farms and food supply

(McCrary Institute)

By Don Kauffman

Cyberattacks are increasingly threatening the U.S. food supply, according to cybersecurity experts who warn the agriculture sector has become a soft target in the broader digital battlefield. From ransomware disrupting farm operations to nation-state actors probing critical infrastructure, agriculture is now firmly in the crosshairs.

“Year after year we’re seeing a steady increase in [ransomware], which is definitely concerning to us,” said Jonathan Braley, director of the Food and Ag Information Sharing and Analysis Center (ISAC), on the Cyber Focus podcast hosted by Frank Cilluffo, director of Auburn University’s McCrary Institute. Braley said his organization reported 212 ransomware attacks against parts of the Food and Ag sector in 2024.

While larger agribusinesses are maturing in their cyber defenses, many smaller operations remain vulnerable. Their systems are often internet-connected but poorly defended – and attackers don’t discriminate.

“These small businesses will say, ‘Why would anyone take the time to attack us? We’re so small,’” Braley said. “But they don’t understand that they’re going after everybody.”

Braley warned that over time ransomware groups are likely to focus more heavily on the agriculture sector. “The incentive for a food company to pay that ransom is going to be higher than other sectors even,” he said. “And at some point they’re going to realize that, and they’re going to heavily target food.”

Food moves through a vast, just-in-time supply chain where even brief interruptions can ripple widely. A single product may rely on numerous companies – producers, packagers, transporters and retailers – and any of these could be a weak link.

“You’ve got the packaging, you’ve got the logistics, you’ve got the transportation … and all of a sudden you have 10 companies all involved in this one product,” Braley said. “Anywhere along that line, one of those companies has a cyber incident, it’s going to impact everybody.”

The same precision and automation that improve efficiency also create dependencies. “Even a minimal disruption could cause you not to find your food on the shelf,” Braley warned.

Food is also a growing target for geopolitical adversaries. Braley pointed to an attempted Russian hijack of Ukrainian tractors, thwarted only because John Deere had installed remote kill switches.

“We saw Russian adversaries actually try to take control of their tractors,” Braley said. “It was beneficial that John Deere was actually able … to kind of turn those off so they couldn’t be used against them.”

In a future conflict, he warned, U.S. food infrastructure could face the same kind of targeted disruption. Braley pointed to Volt Typhoon, a Chinese state-sponsored group that U.S. officials say has embedded malware in critical infrastructure as a contingency for future conflict. “We know that the goal was if we ever had a conflict, they’d be able to kind of turn that [malware] on and take advantage – and [it’s] no stretch of imagination that we [would] see that in food too,” he said.

Even outside of conflict, agriculture faces ongoing intellectual property theft. “It can take 10 years for a discovery in a lab to become a product on a shelf,” Braley said. “Anywhere they can jump in our timeline and start stealing some of that data … they’ve shortcutted their own resources.”

Braley emphasized that protecting the food and agriculture sector will require broader awareness, stronger collaboration and faster action – especially when it comes to closing gaps between large companies and their smaller suppliers. “The better that we can share … the private-sector sharing, the government sharing, us sharing with ourselves – that’s how you really understand the risk,” he said. 

While the food and agriculture sector has historically received less cyber attention than sectors such as finance or energy, Braley warned that the stakes are no lower: Disruption here doesn’t just hit markets – it hits dinner tables.

Click to listen highlighted text!