ISA NATIONAL DEFENSE CYBER THREAT REPORT: AGRICULTURE

 

Food is on the Front Line of Nation-State Cyber Attacks

 

We Are Already Under Attack

Agriculture is one of the nation’s most essential and least protected infrastructures. Rapid digitization of precision farming, automated processing, and just-in-time logistics has created an attack surface that has expanded far more quickly than cybersecurity investment. USDA officials and sector leaders warned in 2024 that modernization has outpaced security controls, leaving legacy industrial systems vulnerable [4].

Recent federal briefings emphasize that foreign cyber operators targeting agriculture have demonstrated a willingness to probe deeply into food-production systems and exploit vulnerabilities at any cost [13][14]. These are not hypothetical scenarios—they represent an ongoing conflict where digital intrusions can create strategic effects comparable to physical attacks.

Both Chinese and Russian military doctrines explicitly identify food-system disruption as a component of hybrid warfare [9][10]. Chinese state-linked actors have already accessed U.S. agriculture-related systems and pre-positioned across critical infrastructure supporting food production and distribution [1][8]. Russian agents have demonstrated the ability to disrupt fertilizer logistics, grain cooperatives, and precision agriculture systems as part of broader strategies targeting food supply chains [7][9]. Iranian operators have targeted programmable logic controllers (PLCs) and industrial control systems supporting water, irrigation, and agricultural environments [3].

The 2021 ransomware attack on JBS Foods is a case study in the vulnerabilities of digitized food systems and the impact a cyberattack can have.  The JBS attack halted nearly one-fifth of U.S. beef production [5]. The incident exposed systemic weaknesses in an industry heavily dependent on interconnected industrial controls, narrow margins, and centralized processing infrastructure.

 

Adversaries Time Their Intrusions Strategically

The FBI has warned that adversaries increasingly time their attacks for maximum impact—particularly during planting, harvest, and peak processing seasons [6]. Russian ransomware groups have employed these tactics, as seen in the attack on an Iowa grain cooperative [7]. Meanwhile, Chinese state-sponsored actors have mapped U.S. agricultural and food supply-chain dependencies to identify chokepoints [8].

A coordinated campaign could disrupt production, processing, and distribution across multiple states in a matter of weeks.

 

The Implications Are Significant—And Growing

Economically, a cyberattack on fertilizer systems, seed distribution platforms, or logistics networks during planting season could reduce agricultural yields by double-digit percentages, tightening markets already strained by climate impacts and geopolitical instability [2]. With modern supply chains operating on minimal reserve capacity, even short-term disruptions could trigger price spikes and shortages.

Some risks extend beyond economics. Agricultural facilities store chemicals—such as anhydrous ammonia and pesticides—that could cause environmental contamination or hazardous releases if digitally manipulated. While no evidence of intentional weaponization exists, the potential consequences highlight the need for improved digital safeguards.

 

A Systemic Imbalance in Defense Capability

In response, the agriculture sector has intensified its own cybersecurity. Food and ag companies, state agriculture departments, and sector ISACs are participating in coordinated cyber-incident exercises, national security briefings, and expanded deployment of monitoring and threat-intelligence tools [11][12].

However, expecting individual farmers or small cooperatives to defend against nation-state cyber units is unrealistic. Smaller producers operate on margins too thin to support enterprise-grade cybersecurity investments. Large multinational agribusinesses are deploying mature cybersecurity programs, but our vast agricultural system is heavily interconnected, leaving even large providers vulnerable. To date, no comprehensive federal modeling exists to determine the level of investment required to make the agricultural sector defensible against nation-state threats.

Additionally, agricultural entities face overlapping cybersecurity mandates from USDA, FDA, EPA, and state agencies—creating duplicative compliance burdens that waste scarce cyber resources in infrastructure without providing proportional increases in security.

Despite significant efforts, defensive capabilities remain uneven—particularly among small- and mid-sized producers that are interconnected with larger companies but lack the resources to implement advanced cybersecurity programs. At the end of the day, no farm, cooperative, or agribusiness consortium can realistically defend against nation-state actors operating with strategic intent and global reach.

 

A Perfect Storm of Exposure

The United States military and broader economy depend on American agriculture to sustain operations and stability. Every base, deployment, and supply chain relies on a secure and functioning food system. A coordinated cyberattack on the food supply could strike at the core of the nation’s confidence in its ability to provide for the common defense. Foreign adversaries have already demonstrated their capability to compromise agricultural systems and related infrastructure through targeted cyber operations [1][2].

We must reconsider what constitutes the defense industrial base in the 21st century and establish legislation that enables the nation to defend nontraditional systems—including agriculture—as essential components of national defense. A unified, outcomes-focused, risk-based regulatory framework is required to allocate cybersecurity resources effectively.

 

National Defense Begins with Food Security

Feeding the nation is the first layer of national defense—and cybersecurity must be treated accordingly. Policy fragmentation and regulatory overlap create complexity without generating measurable improvements in resilience. A more coherent system is needed—one that focuses on outcomes rather than documentation. Fortunately, there are practical, low-cost steps the government can take to significantly enhance sector-wide cyber resilience, even in systems historically outside the defense framework.

The question is not whether threats exist—they do. The question is whether the United States will act before a major agricultural cyber disruption forces crisis-driven policymaking.

Strengthening digital defenses is an act of foresight—not fear.

 

 

 

Endnotes

1. Freed, B. (2022). Suspected Chinese hackers gained access to six state governments. StateScoop.
2. Kulkarni, A., et al. (2024). A Review of Cybersecurity Incidents in the Food & Agriculture Sector.
3. CISA, NSA, FBI, CNMF. (2023). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors.
4. Government-Industry Advisory Committee (GIAC). (2024). Growing Risks Amid Rapid Digitization.
5. Kapko, M. (2022). Food supplier cyber risk spreads 1 year after JBS attack. Cybersecurity Dive.
6. FBI. (2022). Ransomware Attacks on Agricultural Cooperatives Timed to Critical Seasons.
7. Bogage, J., & Reiley, L. (2021). Russian hackers target Iowa grain co-op. Washington Post.
8. CISA & FBI. (2025). Countering Chinese State-Sponsored Actors’ Compromise of Networks Worldwide.
9. National Defense University Press. (2023). Weaponizing Wheat.
10. U.S.–China Economic & Security Review Commission. (2024). China’s Mobilization Measures.
11. Food & Ag-ISAC. (2025). Food and Ag Sector Cyber Threat Report.
12. “Agriculture Threats Symposium Highlights Foreign Risks.” FBI.gov (2024).
13. HelpNetSecurity. (2025). The Food Supply Chain Has a Cybersecurity Problem.
14. Foundation for Defense of Democracies. (2025). Cybercriminals Targeting U.S. Food & Agriculture—Now More Than Ever.