Cyber to Soil: How America’s Food System Became a Battlespace

The U.S. food system is a marvel of modern logistics, productivity, and innovation. However, its very efficiency, anchored in just-in-time delivery, concentrated infrastructure, and foreign input reliance, has also made it profoundly fragile. Once seen as just an economic domain, agriculture now sits at the intersection of multiple threat vectors: cyber, bio, economic, and geopolitical.

From fertilizer imports and precision agriculture equipment to processors and cold storage facilities, nearly every stage of the U.S. agriculture supply chain relies on seamless operations. This makes disruption not just possible, but likely, especially when combined with the hybrid warfare threats that make up today’s strategic landscape. Recent crises have exposed these weaknesses: processing facility closures and port delays during the COVID-19 pandemic and fertilizer shortages due to Russia’s invasion of Ukraine showed how quickly a system built for efficiency can unravel. At the same time, state actors like China have quietly positioned themselves to exploit agriculture chokepoints, investing in foreign land, gaining control of upstream inputs, and infiltrating ag-tech ecosystems.

Despite its formal designation as critical infrastructure by the Department of Homeland Security, agriculture is marginalized in U.S. national defense strategy. It is still treated primarily as an economic sector, not as a theater of hybrid competition. As a result, U.S. food systems are left undefended, despite serious vulnerabilities that could be exploited by actors with nefarious intent. This is a major oversight in an era where adversaries see supply chains not as neutral logistics but as terrain for geopolitical maneuvering and manipulation.

Cyber Vulnerabilities

Cyber risks crosscut into every layer of the food supply chain, from farms to processing facilities to grocery shelves. The U.S. food and agriculture system relies increasingly on digital infrastructure, including global positioning systems (GPS), positioning, navigation, and timing (PNT) systems, variable rate technology (VRT) for fertilizer application, industrial control technologies like programmable logic controllers (PLCs), and cloud-based logistics platforms. This digital integration, while it enhances productivity, has created complex vulnerabilities. Disruptions in one node can ripple across the entire supply chain, from planting, processing, and distribution, introducing broad risks to national food security and resilience.

Cyberattacks targeting agricultural systems are on the rise. The FBI recognizes ransomware, foreign malware, and intellectual property theft as among the top threats to our nation’s agriculture. Recent high-profile attacks only reveal the sector’s exposure. In 2016, China’s APT3 compromised Trimble Inc., a GPS-focused ag-tech firm, exfiltrating sensitive positioning and design data used in precision ag systems. In 2021, JBS USA, the country’s largest meatpacker, was hit by a ransomware attack attributed to the Russian-linked REvil group, forcing the company to pay $11 million and temporarily halting meat processing operations across the U.S., Canada, and Australia. In 2022, the China-linked group APT41 breached USAHerds’ biosecurity platform, gaining access to sensitive animal health data across multiple U.S. states. And in 2023, although not state-linked, a ransomware attack on Dole shut down several North American production facilities, causing major delays and product shortages, and exposing the personal data of nearly 4,000 employees.

Agricultural IoT, which spans autonomous tractors to AI-powered precision tools, presents an especially tempting target for nefarious actors to exploit. At DEF CON 29 in 2021, researchers showed that hackers could remotely access and control GPS-guided equipment from John Deere and Case-IH tractors, raising alarms about the vulnerability of essential farm machinery. Modern tractors, planters, drones, and irrigation systems are not just machines, they are platforms. When adversaries control their firmware, GPS modules, or software updates, it opens the door to manipulation, surveillance, or sabotage. In 2024, CISA warned that foreign-manufactured ag drones posed “serious threats to critical infrastructure,” as they can be turned off, rerouted, or used as instruments of pressure in geopolitical conflicts.

Upstream Risks

As the world’s leading agricultural exporter by total value in 2023, the United States dominates global food supplies. U.S. farms produced and exported massive quantities of staple crops, accounting for approximately 31% of global corn exports, 35% of soybeans, and 15% of wheat. Yet behind this agricultural dominance is a deep structural vulnerability: the system’s reliance on foreign-sourced inputs. From fertilizers, agrochemicals, and precision equipment parts, the foundation of U.S. agricultural production depends on global supply chains, many of which run through geopolitical rivals.

Agricultural drones, sensors, and autonomous equipment increasingly rely on rare earth minerals and semiconductors, components dominated by Chinese and East Asian supply chains. Elements like neodymium and dysprosium are vital for motors and sensors, while advanced semiconductors power data processing and AI functions. China refines nearly 90% of the world’s rare earth elements and has repeatedly shown a willingness to restrict exports for geopolitical leverage, as seen in its 2010 embargo on Japan and more recent restrictions targeting the U.S. defense sector. Taiwan, meanwhile, produces over 60% of the world’s semiconductors and more than 90% of the most advanced chips, leaving essential nodes in the ag-tech ecosystem vulnerable to disruption from a brewing PRC-Taiwan conflict. This threatens not just food production efficiency but also food system sovereignty, as it places U.S. agricultural resilience at the mercy of geopolitical instability far beyond its borders.

Despite having significant natural gas reserves and production capacity, the U.S. is the world’s third-largest importer of fertilizers. While it now produces the majority of its nitrogen fertilizer domestically—with imports accounting for approximately 13% of total use—it remains moderately reliant on imports for phosphate fertilizers (~16%) and almost entirely dependent on imports for potash (over 90%), primarily sourced from countries like Belarus, Russia, and China. In both 2021 and 2024, China imposed export bans on key fertilizers, which sent global prices soaring. The impact didn’t take long to reach American fields: farmers were forced to delay planting, reduce inputs, or accept lower yields. In March 2022, prices for anhydrous ammonia and urea reached historic highs, up to 184% above the previous year. These episodes revealed a critical truth: agriculture is time-sensitive, and even short-term disruptions in input supply can cripple production and ripple through global markets.

Upstream risks extend beyond fertilizers. The 2017 acquisition of Syngenta by China’s state-owned ChemChina placed huge swaths of seed genetics, crop protection technology, and U.S.-based R&D infrastructure under the control of a geopolitical competitor. Today, Syngenta is not just a multinational input provider; it is an arm of the Chinese state with access to proprietary U.S. agronomic data and biotech innovation. Taken together, these upstream exposures mean that adversaries don’t need to destroy America’s food system to degrade it. They simply need to choke it slowly, upstream, by turning the tools of production into instruments of pressure.

Midstream Risks

Midstream chokepoints, where agricultural commodities are cleaned, packed, and shipped, are often the least visible but the most strategically vulnerable parts of the U.S. food supply chain. These facilities are geographically concentrated and consolidated, meaning that disruption at just one or two sites can have cascading effects across entire regions. Most of these facilities run on a just-in-time model. If something goes wrong, whether it’s a cyberattack, equipment failure, or supply chain delay, it can bring the system to a halt almost immediately.

China has already secured footholds in this part of the U.S. supply chain. In 2013, the Chinese-owned WH Group acquired Smithfield Foods, giving Beijing control of more than 140,000 acres of U.S. farmland and full ownership of a vertically integrated company that oversees nearly one-quarter of U.S. hog production, processing, and distribution. During China’s African Swine Fever crisis, Smithfield ramped up pork exports to China to meet surging demand. Just months later, at the height of the COVID-19 pandemic, American grocery shelves went empty as processing plant shutdowns and supply chain disruptions shook the U.S. food infrastructure. The overlap of these events made it clear how vertically integrated, foreign-controlled agribusinesses can prioritize external markets even during domestic shortages.

In 2024, China’s state-owned China Oil and Foodstuffs Corporation (COFCO) acquired a grain terminal in Cahokia, Illinois, strategically located along the Mississippi River. This facility plays a major role in aggregating and shipping U.S. grain exports, making it a chokepoint for domestic distribution and global commodity flows. This type of infrastructure ownership raises alarms about potential market manipulation, surveillance, and the ability to stall outbound trade flows during a geopolitical standoff.

Biotech and Biosecurity Risks

As biotechnology revolutionizes agriculture, it also opens a new arena for hybrid conflict. The U.S. agricultural sector has already seen a surge in IP theft, with Chinese nationals prosecuted for stealing elite seed strains, genetically modified rice lines, and proprietary machine-learning algorithms that optimize fertilizer and planting cycles. These cases, while often framed as economic espionage, lay bare a deeper risk: the foundational code of American food production could be replicated, manipulated, or disrupted by adversaries looking for asymmetric advantage.

The dual-use nature of agricultural biotech makes this especially problematic. Genetically modified traits that improve drought tolerance or disease resistance can also be reverse-engineered to introduce new threats to crops, including yield loss or invasive traits. Chinese researchers have openly acknowledged the ease with which GMO technologies can be deconstructed and weaponized. This isn’t just theoretical: in 2020, thousands of unsolicited seed packets, many traced to China, arrived at American homes. While dismissed initially as a “brushing scam,” investigations revealed that seed packages, some invasive, some potentially harmful to U.S. crops, were still arriving in the U.S. as of this year. In June 2025, the threat of agricultural bioterrorism became even more apparent. Two Chinese nationals were arrested and charged with conspiracy after smuggling Fusarium graminearum—a crop-destroying fungal pathogen and potential agroterrorism weapon—into a University of Michigan lab without permits. Fusarium graminearum causes “head blight,” a disease that affects wheat, barley, maize, and rice, in addition to causing liver disease, vomiting, and reproductive defects in humans and livestock. Just a week later, another Chinese researcher was accused of illegally shipping worm-related biological materials to the University of Michigan, hiding samples inside books. Although no attack occurred, these back-to-back incidents expose critical gaps in U.S. agricultural biosecurity and show that state-enabled agroterrorism is no longer a distant threat. A targeted biological attack on staple crops could trigger price spikes, supply shortages, and global market disruptions, destabilizing food systems, sparking public panic, and shaking confidence in government. Yet U.S. biodefense strategies remain focused on human health and military threats, leaving agriculture dangerously exposed to modern biothreats.

Downstream Risks

Downstream nodes (i.e., grocery retailers, e-commerce platforms, cold chains, and delivery services) are often seen as just logistical endpoints. But in the context of hybrid warfare, they become pressure points where upstream disruption, digital sabotage, and narrative manipulation can come together to maximize impacts on society. The growing digitalization and interconnectedness of infrastructure create possible attack vectors with widespread reach. Attacks at scale can cause major delivery delays, threaten access to essential groceries, erode consumer trust, and trigger panic buying.

Compounding this is the fact that the U.S. grocery retail sector is highly concentrated: just five companies control over 60% of grocery sales nationwide. A breach at a major national retailer can instantly affect millions. In November 2024, Ahold Delhaize USA, one of the largest food retailers in the United States, was the victim of a ransomware attack that crippled payment operations, product delivery delays, and restocking efforts at more than 2,000 stores, including Hannaford, Food Lion, and Stop & Shop. During the attack, Hannaford’s e-commerce portal went offline, several websites were taken down, and data theft was confirmed. In April 2025, Marks and Spencer (M&S), a leading British quality food retailer, suffered a significant ransomware attack, which disrupted online ordering, in-store payment systems, and stock management. Analysts at Deutsche Bank estimate the attack has already sliced £30m off M&S’s annual profits and will continue to hit the retailer by £15m a week, with disruptions expected to continue through June and July 2025. Customer data was also stolen during this attack.

These events reveal a deeper vulnerability: the reliance on tightly integrated, omnichannel systems. As retailers sync in-store logistics with mobile apps, ecommerce platforms, payment processors, and social media, a breach in one segment can rapidly spread, leading to disruptions across multiple areas. According to Cybernews, Ahold Delhaize’s “omnichannel customer-centric business model” became its weakest link: interconnectivity without reliance.

The delivery infrastructure underpinning downstream operations is no less fragile. The U.S. relies on a fragmented trucking sector, where small firms often lack cybersecurity resources. During the COVID-19 pandemic, inconsistent state-level regulations and rest stop closures exposed how quickly the last-mile system can falter.  According to a MITRE network analysis on food chain security, the entire distribution network depends on a small number of critical logistical corridors (e.g., Interstates 80 and 29) and on cold storage hubs, such as those in Douglas County, Nebraska. Disruptions at these chokepoints, whether from cyberattacks, infrastructure sabotage, or natural disasters, would paralyze the movement of goods and threaten domestic food availability.

Downstream risks aren’t just technical; they’re also psychological. Russia has already shown how information warfare can exploit food insecurity.  After its July 2023 withdrawal from the Black Sea Grain Initiative, cutting off Ukrainian grain to global markets, Kremlin-backed outlets flooded state and social media with false narratives blaming Western sanctions for the crisis. According to The New York Times and State Department reporting, these campaigns targeted audiences in Africa, the Middle East, and Europe to stoke anti-Western sentiment and position Russia as a benevolent alternative. It’s a clear demonstration of how food disruption and disinformation can work together. If a cyberattack on a U.S. retailer were paired with online rumors of contamination or shortages, the result could quickly lead to panic buying, civil unrest, and a strained food system.

Conclusion

Food systems have long been instruments of power, from Cold War grain diplomacy to today’s export bans. But in the 21^st century, they have become an increasingly contested terrain. The U.S. must reframe agriculture not just as infrastructure, but as a domain of strategic competition. To meet this challenge, the U.S. needs more than just incremental reforms (i.e. CISA’s Food and Agriculture-Sector Specific Plan (2015), Securing Our Agriculture and Food Act (2017), the National Agriculture and Food Defense Strategy (2015, 2019), and the 2024 National Security Memorandum-22 (NSM-22)). While these measures do go so far as to recognize the importance of food and agriculture systems, they fall short in addressing hybrid threats coming from state actors. What is required is a national strategy that treats food and agriculture as critical assets within hybrid conflict environments, where the tools of disruption are digital, biological, economic, and often deniable.

This means moving beyond stove-piped food security conversations and bringing agriculture into the heart of national security planning. It means tracking foreign ownership with the same rigor applied to defense acquisitions. It means treating fertilizer and seed supply chains like the strategic assets they are, and agricultural cyber systems as foundational to national resilience. It means cultivating muscle memory before a crisis hits.

Public-private-academic partnerships that combine insights from universities, producers and distributors, and federal agencies, including DHS, CISA, USDA, and the FBI, will be key to building food and agriculture resilience. Existing models, such as the DHS-funded Cross-Border Threat Screening and Supply Chain Defense (CBTS) Center at Texas A&M, which analyzes risks at the U.S.-Mexico agricultural interface, offer a strong foundation but must be scaled nationally. These types of partnerships should lead the development of tabletop exercises and red-team simulations that stress-test the food system under adversarial scenarios, building on models like Cyber Storm IX and extending them into bio, geoeconomic, and other supply chain threat scenarios. This work should not exist in isolation. It should inform strategy, policy, and create pathways to protect food systems against hybrid threats. Initiatives such as Arizona State University’s Agriculture and National Security Project and Mississippi State University’s Food and Agriculture as Competitive Statecraft (FACS) Collaboratory are already paving the way, integrating research, policy development, threat mapping, and resilience planning across the food supply chain. With the right support, these efforts can serve as national hubs for innovation, readiness, and response to secure U.S. agriculture against 21^st century threats.