July 26, 2023 | Policy Brief

America’s Food Supplies Face Growing Cyber Threats 

July 26, 2023 | Policy Brief

America’s Food Supplies Face Growing Cyber Threats 

Produce giant Dole disclosed to federal and state regulators earlier this month the impact of a February 2023 ransomware attack that cost the company $10.5 million. As the food and agriculture sector increasingly relies on internet-connected, precision technology, cyber threats to America’s food supplies are growing.  

In filings with the U.S. Securities and Exchange Commission, Dole explained that unnamed ransomware actors compromised half of the servers of one subsidiary. While the company claimed the incident had “minimal operational impact,” press reporting noted that Dole temporarily shut down operations in several plants and halted grocery shipments.  

This is not the first ransomware attack to impact American supermarkets. Two years ago, an attack on JBS, which processes nearly one-quarter of U.S. beef, caused meat prices to soar and impacted operations around the world. 

Cyber threats to food and agriculture are expanding due to the emergence of “smart” farming devices that optimize production capabilities. Farmers can harvest better yields with lower production costs thanks to crop and soil monitoring sensors, autonomous vehicles, and data analytic tools. As a 2018 Department of Homeland Security (DHS) report observed, this transformation “took highly mechanical labor-intensive industry and connected it online, dramatically increasing the attack space available to threat actors.”  

Ransomware attacks are today’s threat, but malign hackers also have the potential to compromise agriculture data to cause economic, political, or public health crises. For example, many farms use sensors to fertilize and water crops based on soil and weather data. By altering the data, hackers could cause flooding or over-fertilization. On a large enough scale, such an attack could impact the availability of certain crops nationwide. DHS warns that compromises to the data farmers use to track cattle diseases, for example, could take months to remediate. Malicious disruptions to sensors on heating and air conditioning systems could even kill many animals.  

The supply chain is also vulnerable. The food and agriculture sector relies heavily on “just in time” transportation, where goods arrive to producers and consumers when they need them. Inventories are kept light, and most goods are in transit. Owing to the consolidation of food distribution in a handful of large companies, cyberattacks on one company can wreak havoc throughout the supply chain. The JBS ransomware attack, for example, forced cattle farmers to slow slaughtering and processing. A ransomware attack on one grain cooperative in Iowa impacted the 40 percent of U.S. grain producers that use its software.  

Both the industry and the U.S. government are beginning to address the growing threat. At the end of May, the industry finally launched its own Information Sharing and Analysis Center to increase cooperation and boost awareness and security. The Biden administration’s new cybersecurity label, the U.S. Cyber Trust Mark, may improve cybersecurity of agricultural smart devices, though the label is meant only for consumer goods at this stage.  

Annie Fixler is the director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD) and an FDD research fellow. Charles O’Connor is a CCTI intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow Annie on Twitter @afixler. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.