Universities are partnering with industry and government to strengthen cybersecurity.
Editor’s note: This story is derived from an episode of Seed Speaks. To watch that episode, click here.
In 2017, a major cyberespionage incident exposed the vulnerability of the US seed industry: a Chinese company was accused of hacking into the networks of major US agricultural biotechnology companies, including Monsanto, DuPont Pioneer and Syngenta. Hackers used phishing emails to infiltrate the companies’ networks and steal valuable intellectual property related to genetically modified (GM) crops.
The stolen data included proprietary information and trade secrets about genetically modified seeds, posing significant economic risks and potentially allowing counterfeit products to be distributed, threatening to disrupt the market. This incident highlights the urgent need for strong cybersecurity measures in the seed industry and has spurred industry collaboration and efforts to strengthen cyber defenses.
“Cybersecurity is fundamentally detrimental to equipment manufacturers, the seed industry, and the livestock industry,” said Jim Leasey, vice dean for research at Iowa State University’s College of Agriculture and Life Sciences. “What’s learned in one aspect of agriculture can be easily applied[to the entire value chain]because all of the same techniques are used by malicious actors.”
The U.S. is experiencing an increase in cyber attacks targeting the food and agriculture industry, including the seed sector. To address these evolving threats, the National Food and Agriculture Information Sharing and Analysis Center (ISAC) has partnered with Iowa State University, the University of Nebraska, Purdue University, and Virginia Tech. The collaboration aims to combine university research expertise with real-world industry threats to design solutions to protect the industry.
“We actively research threats to better protect the food and agriculture sector,” said Jonathan Braley, director of the Food & Agriculture ISAC. “Our partnerships with trusted universities and trade associations aim to better disseminate information and analysis across the industry.”
Braley stressed that the partnership is crucial for monitoring threats to the agriculture and seed industries and providing insights into emerging technologies.
The Urgency of Cybersecurity
Josh DeTre, director of the University Consortium on Health, Food and Agriculture Resilience at Purdue University, said cybersecurity in the food and agriculture sector may not get as much attention as finance or healthcare, but it is an important area of focus.
“Cybersecurity in agriculture is often overlooked,” he said. “This partnership allows us to collaborate with other great universities and address a real problem in the industry.”
A recent study found that there have been at least 30 major cyber attacks on U.S. agriculture in the past decade, with damages averaging $200 million each.
“The average time to discover a cyberattack in the biological sector, including agriculture, is 21 days. This delay is harmful and makes it difficult to assess and mitigate the impact,” said Feras Baltase, an associate professor in Virginia Tech’s Department of Biological Systems Engineering.
Bridging the gap between academia and industry
The partnership aims to influence research and development in the seed sector, focusing on safety-critical issues such as genetic modification and crop resistance.
“University researchers can work together with industry to address these challenges in real time, enhancing communication and developing practical solutions,” Detre emphasizes.
Matt Hammons, assistant vice president and director of federal relations at the University of Nebraska, emphasized the importance of collaboration between industry, academia and producers.
“This partnership strengthens communication between researchers and industry and helps ensure the relevance of research to reality,” he says. “It also provides an opportunity to share challenges and collaborate on solutions.”
Hammons points to Nebraska efforts such as the On-Farm Research Network, which has been connecting farmers with university researchers for decades.
“Producers work closely with the University of Nebraska, and this partnership strengthens that connection, enabling stronger problem-solving and innovation,” he added.
Proactive Threat Monitoring and Reporting
Braley emphasizes the need for a comprehensive approach to cybersecurity.
“Managing risk in the food and agriculture sector requires collaboration between industry, academia and government,” he said. “Our university partners not only foster research relevant to our members, but also increase opportunities to share threat intelligence from the Food and Agriculture ISAC with small and medium-sized businesses. This university partner program is an important step in helping to defend and protect the sector.”
Braley said ISAC provides weekly threat intelligence reports to its partners to help them get ahead of potential attacks.
“We track vulnerabilities across IT and industrial control systems, monitor ransomware trends, and build collaboration opportunities,” he says. “Our reports provide valuable insights to industry members.”
The ISAC report includes detailed analysis of critical vulnerabilities, ransomware attacks, and operational technology risks.
“The collaboration will also enable us to share our findings with government agencies and industry associations,” he added.
Braley also emphasizes the importance of addressing the biological components of cybersecurity in agriculture.
“Cyber biosecurity is unique to agriculture, impacting seeds, crops and genetics,” he explains. “A threat to one aspect can spread quickly and impact the entire supply chain.”
Supporting small and medium-sized enterprises and individual farmers
The partnership aims to benefit smaller seed companies and individual growers, too. Braley said not every company has the financial means to join ISAC, but the organization produces guides and reports to support the industry as a whole.
“We understand that small and medium-sized businesses may not have a dedicated cyber team,” he said. “Our goal is to share lessons learned and offer advice to improve your defenses.”
Detre emphasizes the important role that extension work plays among smallholder farmers.
“Many small farms lack the capacity to manage cybersecurity,” he said. “It’s essential to integrate cybersecurity into outreach efforts and find new solutions.”
Food and agricultural security is national security
Going forward, ISAC plans to expand the partnership to include more universities and agricultural companies.
“We started this partnership with partners we’ve worked with in the past, but we plan to expand it as more universities and organizations become interested,” Braley said.
The broader impact of cybersecurity in agriculture goes beyond the direct threat. Cybersecurity is critical to the seed industry due to the high value of intellectual property (IP). Seed companies invest heavily in research and development to create new, durable seed varieties. Protecting IP from cyber theft is critical to staying competitive and ensuring financial returns.
The integrity of the data used in precision agriculture is essential. A cyber attack could corrupt or alter critical data, leading to inaccurate planting, breeding and crop management decisions, resulting in significant financial loss and operational disruption. Ensuring supply chain security is also critical, as a cyber incident could disrupt seed distribution, affecting availability and quality for farmers and ultimately impacting the food supply.
Agriculture is a cornerstone of national and global economies, and cyberattacks on agricultural systems could disrupt food production and distribution, leading to shortages and economic instability. Protecting sensitive data such as financial information, customer details and proprietary farming practices is also essential to prevent breaches that could compromise privacy and operational security. Modern agriculture’s increasing reliance on mobile devices creates further vulnerabilities. These devices, used to monitor and manage crops, livestock and equipment, can become targets for hackers.
Maintaining trust and reputation is another key aspect of cybersecurity in agriculture. Farmers and agricultural businesses need to maintain strong relationships with consumers, suppliers and partners. Cyber incidents can seriously undermine this trust, leading to long-term reputational damage and financial losses. In addition, ensuring food safety and quality is of paramount importance. Cyber attacks compromising agricultural systems could lead to food contamination or tampering, posing significant risks to public health. Investing in robust cybersecurity measures is essential to protect the seed industry and the entire agricultural sector and ensure the stability, safety and sustainability of food production systems.
“Food security is national security,” Detre said. “Agriculture has ties to public health, water security, animal health, and so on. We need to protect agriculture from evolving threats.”
“Our primary goal is to ensure a safe food supply for years to come, and this collaboration between industry, academia and government is a step in the right direction,” Braley said.
“To address these issues, we need to be creative and strategic in our communications,” Hammons adds. “We see great synergies in this partnership.”
For more information on the group’s progress, visit https://www.foodandag-isac.org/
