Cybersecurity in the Food and Ag Sector

Cyberattacks on our nation’s critical infrastructure can have devastating effects on our national and economic security. In the last year, there were some 185 physical attacks or threats against electrical grid infrastructure, straining the private sector’s ability to keep pace with the grid’s virtual and physical vulnerabilities in software and hardware. Looking at the water and wastewater sector, Russian, Iranian, and Chinese-backed groups have targeted multiple organizations, disrupting operations across the U.S. Water utilities are an attractive target as they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt basic cybersecurity practices.

Similarly, in the food and agriculture sector, we see a host of challenges emerging. In 2023, Americold, one of the world's largest temperature-controlled warehousing and distribution services providers, fell victim to a ransomware attack that affected 130,000 people. Further, this breach of Americold represented the company’s second cyber-related incident in three years. In 2020, Americold suffered a ransomware attack that targeted its internal operations; this interruption was particularly concerning as at the time Americold was providing cold storage facilities essential to the COVID-19 vaccine rollout.??

?In another example, JBS, the world’s largest meat processing company, paid millions in ransom in 2021 as a result of a ransomware attack. As a result, JBS was “forced to halt their cattle slaughtering operations at every U.S. plant for an entire day,” which had a severe impact on the efficiency of fat cattle processing.

?When considering the cybersecurity preparedness of the sector, it is easy to see that there is room for improvement. For example, public and private sector leaders have yet to agree on a shared vision for cybersecurity in this critical part of our economy – one of the most basic tenets of the public-private partnership that underlies U.S. cybersecurity policy. And while the sector becomes more efficient and productive through the adoption of new technologies like Internet of Things (IoT) devices, connected farm equipment, irrigation systems, drones, global positioning systems, and satellites, our nation’s vision of cybersecurity for the sector must begin to move at the speed of technology – and the cybersecurity threats facing food and ag companies.

?Fortunately, a number of federal legislators, led by Representative Brad Finstad (MN-01), have begun providing policy guidance on cybersecurity within the food and agriculture sector. ?Rep. Finstad himself introduced the Farm and Food Cybersecurity Act of 2024 (H.R. 7062 ), which would direct the Secretary of Agriculture to conduct periodic threat assessments in the food and agriculture sector. This piece of legislation is critical as risk assessments provide an overview of the threat landscape which is key to informing recommendations on how to address and prevent cyber threats within the sector.

In addition, the Farm, Food, and National Security Act of 2024, included several cyber-related provisions, including a specific area of the center of excellence to research how best to defend the United States’ food supply from cyberattacks. This is relevant because the center not only makes cyber a priority in the sector, but it also makes cyber-related efforts eligible to receive funding and grants to enhance research into securing the sector.

Through leadership by legislators like Rep. Finstad, Congress, the Executive Branch, and the private sector can begin to collaborate on a vision to advance the state of cybersecurity in the food and ag sector. ?To discuss these issues further and help shape the future of cybersecurity policy for the food and ag sector, please join us as we host Rep. Finstad on July 31, 2024, at 2:30 pm (ET). To request an invitation, please email [email protected]