Hackers Zero In on U.S. Agriculture, and Washington Scrambles to Help an Exposed Industry

Hackers Zero In on U.S. Agriculture, and Washington Scrambles to Help an Exposed Industry

Key Takeaways

• Cyberattacks targeting agriculture have surged, with global incidents doubling and U.S. attacks rising 38 percent.
• Lawmakers are pushing new bills that would fund university research centers and crisis‑readiness programs.
• Small and mid‑size farms face growing risks, often through basic phishing and payment‑rerouting scams.

The agricultural sector has spent years digitizing equipment, automating supply chains, and wiring up everything from tractors to irrigation systems. That modernization has brought real efficiency gains, but it has also opened doors for attackers who historically focused on banks, hospitals, or telecom systems. The numbers alone tell a story that should give any agribusiness leader pause.

A study from global cybersecurity firm Check Point found that agriculture experienced a 101 percent year-over-year increase in cyberattacks worldwide—the largest jump of any industry. In the U.S., the increase was a more modest 38 percent. Still, when a researcher like Omer Dembinsky calls that figure “very significant,” it isn’t hard to see why. Agriculture hasn't traditionally been a top-tier target. But the more computers end up in fields, trucks, and production facilities, the more those assumptions break down.

That is before you account for how little traditional security hardening exists across the sector. As Dembinsky noted, farms and food companies simply don’t have the guardrails that banks or government agencies take for granted. It’s a detail that explains why this threat curve is climbing so fast.

Recent attacks on major U.S. players highlight the vulnerability. Ahold Delhaize USA, parent of Stop & Shop, dealt with inventory disruptions after a cyberattack last year. United Natural Foods had to shut down its online ordering system entirely following a June incident. Those events garnered attention because they hit companies with national visibility. Smaller operations rarely make headlines, even when the financial impact is painful.

Doug Jacobson at Iowa State University has been trying to draw attention to that gap. His cybersecurity center sees evidence that attackers are already hitting small and mid-size farms. A stolen $5,000 might not sound like much from a national supply‑chain perspective, but for an operation running on tight margins, it is a significant blow. “Our farm sector is already under attack,” Jacobson said, and he isn’t being dramatic.

Most small-scale incidents aren’t high-tech intrusions into drone software or irrigation controls—although those risks are growing as equipment becomes more advanced. Instead, the dominant threats look familiar: Phishing. Extortion. Simple social engineering. Attackers impersonate a co‑op or distributor, claim that banking details have changed, and persuade a producer to reroute a payment. It is depressingly low‑tech, but it works.

Lawmakers, however, appear to be paying closer attention than they have in years. At least four bills introduced recently attempt to shore up agriculture’s cyber readiness. They vary widely in scope, which isn’t a surprise given how sprawling the agri‑food system is. One proposal would require the U.S. Department of Agriculture to run annual crisis simulations. Another would establish new university research programs.

Rep. Don Bacon of Nebraska has pushed the American Agricultural Security Act, which would require the USDA to create at least one university-based biosecurity and cybersecurity research center. It would operate with federal partners such as the Agricultural Research Service and focus on training and workforce development. Bacon is also pushing a competitive grant program aimed at research covering chemical, biological, cyber, and even bioterror threats across the agricultural system. It is rare to see such broad scope in a single bill, but the industry’s complexity almost demands it.

Cybersecurity tends to pull bipartisan support, and agriculture seems to be no exception. Rep. Zach Nunn of Iowa and Rep. Don Davis of North Carolina introduced the Cybersecurity in Agriculture Act this summer. Their bill calls for five Regional Agricultural Cybersecurity Centers with $25 million in annual funding. A companion bill has already surfaced in the Senate. If anything, these proposals signal a growing willingness to treat agricultural cybersecurity not as a niche concern but as critical national infrastructure.

Universities are already moving in that direction. The University of Nebraska’s National Strategic Research Institute partnered with its Institute of Agriculture and Natural Resources in 2023 to focus on food, agriculture, and environmental security. Virginia Tech runs a similar program. Those initiatives aren’t creating standalone cybersecurity degrees—Jacobson doesn’t expect many of those—but they are weaving cyber concepts into disciplines like agronomy and biology. It’s a pragmatic approach. You can’t turn every agronomist into an analyst, but you can teach foundational risk awareness.

That is where the real, practical value lies. Agricultural operators—especially the smaller ones—need strategies they can actually use. Jacobson suggests starting with urgency cues. Anytime an email asks for quick action or sudden payment changes, stop and call the sender using a known number. It is basic, but basic goes a long way in a sector where attackers often succeed through simple misdirection. And as he quipped, nobody does legitimate business in Target gift cards.

Even so, it is worth asking: How much help can legislative funding and university partnerships provide before attackers find the next weak link? The answer will depend on whether farms and food companies use this moment to rethink their risk posture instead of waiting for a high‑profile disruption to force the issue. The industry’s modernization isn’t slowing down, and neither are the people trying to exploit it.