The digital evolution of the US food and agriculture sector has, by 2025, made cybersecurity a top-tier concern.
Recognizing the heightened risks to food security and economic stability posed by escalating cyber threats, including disruptive ransomware attacks, a collaborative effort has emerged.
The recently reintroduced Farm and Food Cybersecurity Act (H.R. 7062) seeks to address these vulnerabilities, acknowledging the growing risks associated with automation, AI, and cloud-based systems.
Food & agriculture industry overview
Historically, the food and agriculture sector has not been a notable target for cybercriminals.
Today, however, threat actors see the world’s dependence on a well-established food supply chain as an opportunity to use malware, such as ransomware, as leverage to achieve their nefarious aims.
Food and agriculture companies now use a wide range of technologies to automate and optimize their operations, including production, processing, distribution, and retail which created new vulnerabilities that can be exploited by cybercriminals.
A cyberattack on a food and agriculture company could disrupt food production and distribution, leading to food shortages and higher prices. It could also contaminate food products, putting consumers at risk of food poisoning.
Despite being increasingly aware of the cybersecurity threats it faces, the food and agriculture sector still has work to do to improve its cybersecurity posture.
Related resources
Cybersecurity issues in the food and agriculture industry
The Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC) highlights the growing threat of ransomware attacks on the food and agriculture sector.
In 2024, ransomware incidents targeting this sector increased to 212, accounting for 5.8 percent of all such attacks, a rise from 167 incidents in 2023.
The report identifies RansomHub as a key player, a ransomware-as-a-service (RaaS) group that gained prominence by offering affiliates a lucrative 90/10 profit-sharing model.
The most common attack methods include exploiting publicly exposed vulnerabilities, phishing, and social engineering. Despite law enforcement efforts disrupting major groups like LockBit and BlackCat, new ransomware strains continue to emerge, posing ongoing risks.
To mitigate these threats, the report recommends implementing robust cybersecurity practices, such as regular system updates, phishing awareness training, network segmentation, and secure data backups. These measures are critical to improving the sector’s resilience against ransomware attacks.
Notable cybersecurity incidents
JBS Foods (June 2021): A ransomware attack forced JBS, the world’s largest meat producer, to shut down all U.S. beef plants, processing nearly 20 percent of the nation’s meat supply. The company paid an $11 million ransom to minimize supply chain disruptions.
Dole Food Company (2023): A cyberattack disrupted operations, leading to product shortages and delays. The company faced significant financial and operational challenges as a result.
Stop & Shop (November 2024): A cybersecurity incident affected supply chain and delivery operations, causing shortages of fresh produce, meat, and dairy products in several U.S. states.
Krispy Kreme (November 2024): A cyberattack targeted Krispy Kreme’s IT systems, disrupting online ordering during a significant promotional period.
Blue Yonder Ransomware Attack (November 2024): A ransomware attack on Blue Yonder, a supply chain technology provider, disrupted operations for clients including Starbucks, Morrisons, and Sainsbury’s.
Starbucks (November 2024): Following the Blue Yonder attack, Starbucks faced challenges in employee scheduling and payroll tracking, resorting to manual processes to ensure operations continued smoothly.
Challenges in the food & agriculture industry
One of the main reasons Americans think little about threats to and the fragility of the food supply chain is that it ordinarily runs so smoothly.
As a result, even though the nation’s food supply chain is one of the 16 critical infrastructure sectors designated by the Department of Homeland Security, it receives comparatively little attention from security professionals compared to other sectors like airline security or the power grid.
The food and agriculture industry is highly dependent on automation to keep prices low and distribution running smoothly. The systems that enable automation are often thought to be at a lower risk for cyberattacks because they can be insulated from the internet with dedicated or segmented networks.
This perception that an air gap exists between automated food processing systems and the internet is a red herring argument. Rarely are these systems completely isolated, and even when they are, there is always a need to update the operating system and production software.
Vulnerabilities can be introduced during the update process, as happened during last year’s SolarWinds attack. A false sense of security increases the risk of attack.
Even if the automated systems that power food production factories were hypothetically isolated entirely from the internet, attackers would not need to access them to stop production.
As the JBS Meat ransomware attack illustrates, by shutting down the business operations of a food provider, their ability to continue production ceases.
The food and agriculture sector has embraced production automation technology and digital business systems faster than they have modernized its cybersecurity operations.
Some experts theorize that this is because, until the recent proliferation of ransomware that makes any business a likely target, the food and agriculture industry has largely evaded attention from cybercriminals.
Cybersecurity solutions for the food & agriculture industry
As cyber threats continue to evolve, the food and agriculture industry faces unique risks that could disrupt supply chains, compromise critical systems, and endanger sensitive data.
To strengthen cybersecurity resilience, industry leaders and government agencies have adopted key protective measures:
Multi-Factor Authentication (MFA): By requiring multiple forms of verification before granting access, MFA significantly reduces the risk of unauthorized entry into critical systems. This added layer of security helps protect sensitive operational data and prevents cybercriminals from exploiting weak passwords.
Regular Software Updates: Keeping software up to date is crucial in closing security gaps that attackers might exploit. Software patches and updates help eliminate vulnerabilities, reinforce system defenses, and ensure that the technology infrastructure is equipped to handle emerging threats.
Cybersecurity Training: Employees play a vital role in maintaining cybersecurity. Regular training programs help staff recognize common cyber threats, such as phishing attempts, ransomware, and malware. By educating employees on best practices for data security, organizations can minimize human errors that lead to breaches.
Public-Private Collaboration: Recognizing the importance of industry-wide cooperation, CISA focused its 2024 Cyber Storm exercise on improving cyber incident response in the food and agriculture sector.
Conclusion
In summary, the increasing digitization of the food and agriculture sector has introduced significant cybersecurity challenges that threaten the stability of food production and distribution systems.
Addressing these challenges requires a comprehensive approach, including the implementation of multi-factor authentication, regular software updates, employee cybersecurity training, and enhanced public-private collaborations, exemplified by initiatives like CISA’s 2024 Cyber Storm exercise.
By adopting these strategies, the food and agriculture industry can strengthen its defenses against cyber threats, ensuring the security and resilience of the nation’s food supply chain.
Frequently asked questions
Cybersecurity is crucial for the food and agriculture industry to ensure the safe production, distribution, and consumption of food. Cyberattacks can disrupt supply chains, compromise food safety, and impact economic stability.
The sector is vulnerable to ransomware attacks, phishing campaigns, attacks on automated farming equipment, insider threats, and vulnerabilities in supply chain management systems.
While modern farming technologies, such as precision agriculture and automated irrigation systems, enhance productivity and sustainability, they also introduce new cyber vulnerabilities due to their reliance on software and connectivity.
Internet of Things (IoT) devices, such as sensors in farming and food processing, offer enhanced efficiency but also present new security challenges. Ensuring these devices are secure is crucial to prevent potential disruptions.
Companies can enhance cybersecurity by conducting regular risk assessments, implementing multi-layered defense strategies, training employees on best practices, and collaborating with cybersecurity experts.
Cyberattacks can disrupt production schedules, compromise food safety systems, and lead to economic losses, affecting both producers and consumers.
Attacks on this infrastructure can lead to food shortages, price volatility, and even public health concerns if food safety is compromised.
Sources
- Farm and Food Cybersecurity Act of 2024 | Sourced from US Congress in Apr 2025
- Food and Ag Sector 2024 Cyber Threat Report | From Food and Ag-ISAC in Apr 2025
- Farm-To-Table Ransomware Realities | From Food and Ag-ISAC in Apr 2025
- Agri-Food Sector Under Increasing Threat From Cyber Attacks |From Forbes in Apr 2025
- 2024 Cyber Storm exercise | Sourced from CISA in Apr 2025