Food and agriculture companies in the United States are increasingly facing cyberattacks, ranging from ransomware to nation-state espionage. In response, major firms including PepsiCo, Tyson Foods, Cargill, and Conagra launched the Food and Agriculture Information Sharing and Analysis Center (ISAC) in May 2023 to coordinate cybersecurity efforts across the sector.
Two years later, the ISAC reports growing activity, assisting companies in mitigating risks to the food supply chain. Victims in recent years have included Dole, Mondelēz, Sysco, United Natural Foods, and HP Hood, which shut down plants after a 2022 breach. Scott Algeier, executive director of the food ISAC, said: "There's a lot of attention being paid to cybersecurity now within the industry."
The ISAC evolved from a special interest group inside the IT-ISAC, ensuring continuity of resources for participating companies. Earlier efforts in 2002 failed due to concerns over antitrust and competition, but new legal protections and prior experience in IT security helped rebuild trust. Algeier noted: "They had these trust relationships [with each other] that were already established, and they had multiple years of success sharing."
Today, the ISAC collects and shares threat intelligence across members, producing reports such as a May update highlighting a rise in ransomware attacks on food and agriculture. It also issues alerts tied to geopolitical events, collaborates with universities, and updates cybersecurity guidance for small and medium enterprises. Doug Baker of FMI said the ISAC provides "relevant, real-time insights that are both actionable and valuable."
The ISAC maintains ties with the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture, with monthly meetings to review threats and coordinate publications. The Trump administration's National Farm Security Action Plan formally recognized the ISAC as a key partner. Algeier noted that the 2015 Cybersecurity Information Sharing Act, which provides liability protection for members, is due to expire, and the ISAC hopes Congress will reauthorize it.
The increasing adoption of operational technology in agriculture, from GPS tractors to crop-monitoring drones and livestock tracking systems, has expanded the sector's exposure to cyber risks. Algeier explained: "Reliance on some technology is now being integrated into food and agriculture in ways that it hasn't been done before." The interconnected nature of supply chains, combined with just-in-time delivery, increases the risk of disruptions.
Nation-state actors remain a concern, particularly in attempts to steal seed technology and other intellectual property. "In the same way that they steal intellectual property to increase their military, nation-state actors are interested in intellectual property from the food and agriculture sector so they can elevate their agriculture programs internally within their countries," Algeier said.
Despite these threats, companies have generally managed to keep operations running. As Algeier observed: "Some of these supply chains — they bend a little bit, but they haven't broken."
Source: CyberSecurityDive