Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Review of Cybersecurity Incidents in the Food and Agriculture Sector

Ajay Kulkarni, Yingjie Wang, Munisamy Gopinath, Dan Sobien, Abdul Rahman, Feras A. Batarseh

TL;DR

The paper investigates cybersecurity incidents in the Food & Agriculture sector, treating FA as a critical infrastructure with interdependent digital and physical systems. It compiles and analyzes 30 disclosed incidents from 2011 to 2023, showing ransomware as the predominant threat while detailing incident specifics, ransom figures, and organizational impact. The authors review generic cybersecurity frameworks (NIST CSF 2.0, CIS Benchmarks, ISO/IEC 27000, ATT&CK) and agriculture-specific defenses, and propose the Farmer-Centered AI (FCAI) framework to embed AI assurance into farming, addressing ethical, safe, secure, explainable, and trustworthy AI goals. They discuss cascading risks to food security and the economy, highlight policy and governance implications (FSMA, CARMA, FPDI), and argue for multi-stakeholder collaboration and AI governance to improve resilience in Agriculture 4.0.

Abstract

The increasing utilization of emerging technologies in the Food & Agriculture (FA) sector has heightened the need for security to minimize cyber risks. Considering this aspect, this manuscript reviews disclosed and documented cybersecurity incidents in the FA sector. For this purpose, thirty cybersecurity incidents were identified, which took place between July 2011 and April 2023. The details of these incidents are reported from multiple sources such as: the private industry and flash notifications generated by the Federal Bureau of Investigation (FBI), internal reports from the affected organizations, and available media sources. Considering the available information, a brief description of the security threat, ransom amount, and impact on the organization are discussed for each incident. This review reports an increased frequency of cybersecurity threats to the FA sector. To minimize these cyber risks, popular cybersecurity frameworks and recent agriculture-specific cybersecurity solutions are also discussed. Further, the need for AI assurance in the FA sector is explained, and the Farmer-Centered AI (FCAI) framework is proposed. The main aim of the FCAI framework is to support farmers in decision-making for agricultural production, by incorporating AI assurance. Lastly, the effects of the reported cyber incidents on other critical infrastructures, food security, and the economy are noted, along with specifying the open issues for future development.

A Review of Cybersecurity Incidents in the Food and Agriculture Sector

TL;DR

The paper investigates cybersecurity incidents in the Food & Agriculture sector, treating FA as a critical infrastructure with interdependent digital and physical systems. It compiles and analyzes 30 disclosed incidents from 2011 to 2023, showing ransomware as the predominant threat while detailing incident specifics, ransom figures, and organizational impact. The authors review generic cybersecurity frameworks (NIST CSF 2.0, CIS Benchmarks, ISO/IEC 27000, ATT&CK) and agriculture-specific defenses, and propose the Farmer-Centered AI (FCAI) framework to embed AI assurance into farming, addressing ethical, safe, secure, explainable, and trustworthy AI goals. They discuss cascading risks to food security and the economy, highlight policy and governance implications (FSMA, CARMA, FPDI), and argue for multi-stakeholder collaboration and AI governance to improve resilience in Agriculture 4.0.

Abstract

The increasing utilization of emerging technologies in the Food & Agriculture (FA) sector has heightened the need for security to minimize cyber risks. Considering this aspect, this manuscript reviews disclosed and documented cybersecurity incidents in the FA sector. For this purpose, thirty cybersecurity incidents were identified, which took place between July 2011 and April 2023. The details of these incidents are reported from multiple sources such as: the private industry and flash notifications generated by the Federal Bureau of Investigation (FBI), internal reports from the affected organizations, and available media sources. Considering the available information, a brief description of the security threat, ransom amount, and impact on the organization are discussed for each incident. This review reports an increased frequency of cybersecurity threats to the FA sector. To minimize these cyber risks, popular cybersecurity frameworks and recent agriculture-specific cybersecurity solutions are also discussed. Further, the need for AI assurance in the FA sector is explained, and the Farmer-Centered AI (FCAI) framework is proposed. The main aim of the FCAI framework is to support farmers in decision-making for agricultural production, by incorporating AI assurance. Lastly, the effects of the reported cyber incidents on other critical infrastructures, food security, and the economy are noted, along with specifying the open issues for future development.
Paper Structure (19 sections, 3 figures)

This paper contains 19 sections, 3 figures.

Table of Contents

  1. Introduction
  2. Motivation
  3. The Need for this Survey
  4. Cybersecurity Incidents in Agriculture Sector
  5. Cybersecurity Frameworks (CSFs)
  6. Generic CSFs
  7. NIST CSF 2.0
  8. CIS Foundation Benchmarks
  9. ISO/IEC 27000 series
  10. ATT&CK CSF
  11. Agriculture-specific Cybersecurity Solutions
  12. Need of AI Assurance in Agriculture
  13. The Farmer-Centered AI (FCAI) Framework
  14. Discussion: Impacts of Cybersecurity Incidents and Challenges
  15. Critical Infrastructure Sectors
  16. ...and 4 more sections

Figures (3)

  • Figure 1: The timeline of 397 security incidents and 115 security breaches from 2015 to 2023 in the FA domain. The security incidents reported in this survey are shown using company logos from 2011 to 2023.
  • Figure 2: Six AI assurance goals that are needed for the verification and validation of AI.
  • Figure 3: The FCAI framework incorporates six goals of AI assurance at different stages of the AI lifecycle injected into the agricultural lifecycle.