When adversaries can empty shelves without firing a shot, food security and cybersecurity become the same fight

June 11, 2026

Introduction: The Weapon You Never See Coming

Imagine a war fought not with missiles and drones, but with code — a silent intrusion that locks the computers of a nation's largest meat processor, shuts down grain certification platforms, alters the safety parameters of water treatment systems, and floods commodity markets with false data until prices spiral beyond the reach of millions. No city burns. No soldier falls. But the shelves empty. The supply chain seizes. The population panics.

This is not a hypothetical. It is the emerging reality of 21st-century conflict, where food security and cybersecurity have fused into a single strategic domain — and where most governments, militaries, and international institutions are dangerously behind.

The war in Ukraine has made this visible in ways that cannot be ignored. Russia's sustained campaign to destroy Ukraine's grain export infrastructure — targeting port facilities in Odesa, Pivdennyi, and Chornomorsk with missiles and drones — has repeatedly disrupted global wheat markets, spiked commodity prices, and threatened food access from North Africa to South Asia. A February 2025 drone attack on Ukraine's Reni port caused wheat futures to spike 8.5% on the Chicago Board of Trade in a single day. In the same conflict theatre, hackers targeted Russia's Rosselkhoznadzor food certification system in October 2025 with a DDoS attack that knocked the Mercury platform — used to approve shipments of animal products — offline for several hours, forcing companies to halt deliveries entirely.

Food is not a secondary concern in modern warfare. It is a primary weapon.

And cyber is the most efficient delivery mechanism yet devised.

Part I: How Exposed Is the Global Food Supply Chain?

The Digital Transformation Problem

The global food and agriculture sector has undergone a rapid and largely unprotected digital transformation. Farms now operate GPS-guided precision agriculture equipment, automated irrigation systems, and IoT-connected soil sensors. Processing plants use industrial control systems (ICS) and SCADA infrastructure to manage temperature, pressure, sanitation, and production schedules. Logistics networks are managed through cloud-based platforms, AI-powered route optimisation, and real-time tracking. Cold chain management is automated from warehouse to refrigerated truck to retail shelf.

Every one of these digitised processes is a potential point of attack.

The fundamental problem is that much of this operational technology (OT) predates the internet. Systems designed to run continuously for decades were built without cybersecurity in mind. Patching or upgrading them risks production shutdowns. A processing plant running 24 hours a day cannot afford the downtime that a security update requires — and so the vulnerabilities persist, year after year, as the threat environment intensifies around them.

The food and agriculture sector has a further structural weakness: unlike banking or energy, it is composed overwhelmingly of small and medium-sized enterprises — family farms, regional cooperatives, local distributors — that have neither the budget nor the expertise to manage serious cyber risk. Their digital systems are connected, often insecure, and in many cases unmapped. Security teams in food and agriculture are, in many cases, still cataloguing their own assets and identifying which systems are connected to external networks.

The Threat Landscape Has Changed Radically

The threat facing food and agriculture has moved from theoretical to operational, from opportunistic to strategic. The 2025 Food and Agriculture Sector Cyber Threat Report, produced by the Food and Agriculture Information Sharing and Analysis Centre (Food and Ag-ISAC), identified no fewer than 72 active threat actors targeting the sector. Russia accounted for nearly 59.3% of observed adversary activity, followed by China at 25.4%. The report documents an 82% surge in ransomware attacks on the sector and records 84 significant ransomware incidents between February and April alone — across all stages of the supply chain, from suppliers to retailers.

The ransomware groups leading attacks — Qilin, Akira, CL0P, Play, and Lynx — have identified a devastating strategic truth about food systems: the primary risk is not data theft. It is disruption. A food company cannot delay processing by 72 hours the way a law firm can delay document production. Livestock must be slaughtered on schedule. Refrigerated goods have hard expiration windows. Just-in-time supply chains have no buffer. The moment a production system goes offline, the clock is running — and ransomware operators know this, which is why food companies pay.

The broader threat picture is darker still. CrowdStrike's 2026 Global Threat Report documented an 89% increase in attacks by AI-enabled adversaries in 2025. State-sponsored actors are now using AI to identify vulnerabilities, generate attack code, and conduct reconnaissance at speeds that outpace human defenders. The food supply chain — dispersed, underprotected, and deeply integrated into national security — is an attractive and underdefended target.

Part II: The Wartime Dimension — Food as a Weapon of War

Historical Precedent

The weaponisation of food supply is not new. Deliberate sieges to starve populations, scorched-earth campaigns to deny an enemy's agricultural base, and blockades designed to cut off food imports are as old as warfare itself. Stalin's Holodomor, the Allied blockade of Germany in World War I, Japan's deliberate destruction of food infrastructure in occupied China — food deprivation as a strategic weapon has defined some of history's most catastrophic events.

What is new is the efficiency and deniability of cyber operations as a tool for food system disruption. A missile strike on a grain terminal is an act of war. A ransomware attack on the software that manages a nation's food certification system is a cybercrime — investigated by police, handled by insurance, rarely attributed publicly, and almost never met with a military response. The threshold for state retaliation is far higher, the attribution problem is real, and the damage can be just as severe.

This asymmetry is being exploited.

Ukraine: The Living Case Study

The war in Ukraine has provided the most comprehensive real-world evidence that food system attacks — physical and digital — are a coordinated strategy of modern conflict.

On the physical side, Russia's campaign against Ukrainian grain infrastructure has been methodical and intensifying. Ukraine's maritime export terminals have reduced grain intake owing to constant Russian attacks. Ukraine's wheat exports in the 2025/26 season fell to 7.5 million tonnes against 9.2 million tonnes for the same period the previous year. A ballistic missile struck the MJ Pinar bulk carrier in Odesa port while it was loading wheat for Algeria — killing four Syrian nationals. Russia has, since the full-scale invasion, exported roughly 4 million tons of stolen Ukrainian agricultural produce from occupied territories, valued at $800 million.

On the cyber side, the October 2025 DDoS attack on Russia's Mercury food certification platform — widely attributed to pro-Ukrainian hacktivist groups — demonstrated that digital food system disruption is now a two-way weapon. The attack briefly knocked offline the system used to approve shipments of animal products across Russia, forcing companies to halt deliveries entirely, despite official claims that operations continued normally. Russia's invasion of Ukraine has turned cyberspace into yet another battlefield, with food systems emerging as contested infrastructure on both sides.

The JBS Precedent: What a Supply Chain Attack Looks Like in Practice

The 2021 ransomware attack on JBS Foods — the world's largest meat processor, which handles approximately 20-25% of the US beef supply — remains the clearest demonstration of what a targeted cyber operation against food infrastructure can accomplish.

The attack, attributed to the Russian hacking group REvil, forced the shutdown of all nine of JBS's largest US beef plants simultaneously. Australia and Canada were also affected. At its peak, the attack wiped out nearly a fifth of America's daily beef production. Cattle and hog futures gyrated. Pork prices spiked. The company ultimately paid $11 million in ransom to restore operations — in cryptocurrency, to adversaries that the US government has linked to a foreign state.

The lesson was stated plainly by one Gartner analyst: "A coordinated attack on food and agriculture would lead to empty shelves nationwide in under a week. And you don't raise chickens or corn at will." The vulnerability is structural, not incidental. Food cannot be produced on demand to compensate for a three-day shutdown the way software can be rewritten or a financial transaction reversed.

During wartime or periods of heightened geopolitical tension — when adversaries have both the motivation and the capability to escalate — the JBS scenario is not a cautionary tale. It is a template.

Part III: The Attack Surface — Where Are We Vulnerable?

The Farm Layer

Modern precision agriculture is built on connected sensors, drone-based crop monitoring, GPS-guided machinery, and automated irrigation — all of which are networked, many of which have minimal authentication, and most of which were deployed without a security design framework. An attacker who compromises farm management software can corrupt planting schedules, disable irrigation during critical growth periods, or falsify soil data to degrade yields before harvest.

The implications extend beyond individual farms. Agricultural equipment manufacturers — John Deere, AGCO, CNH Industrial — centralise connectivity in ways that create systemic risk. The 2022 ransomware attack on AGCO during planting season was not a coincidence in timing; it struck when farm machinery was most critical and farmers least able to absorb disruption.

The Processing and Cold Chain Layer

This is where the JBS attack landed and where the cascading effects are fastest. Industrial control systems managing temperature, pressure, sanitation cycles, and production throughput in food processing facilities are the primary target. When ransomware moves from IT into OT — as it increasingly does — it can halt physical production entirely. Backup integrity and network segmentation are the key differentiators between a quick recovery and a multi-day shutdown that empties distribution warehouses.

Cold chain disruption is particularly dangerous during conflict. Refrigerated logistics systems managing the distribution of perishable foods — dairy, meat, fresh produce, vaccines stored alongside food in medical-adjacent cold chains — are automated and networked. An attack on cold chain management software does not just spoil food. It creates public health emergencies.

The Logistics and Certification Layer

Ports, grain terminals, freight management systems, and food safety certification platforms are the arterial infrastructure of the food supply chain. The October 2025 attack on Russia's Mercury certification system shows precisely what disruption at this layer looks like: companies across a nation simultaneously lose the digital authorisation to move food products. The physical supply exists; the paperwork — now digital — does not. Delivery stops.

Port management systems are an especially critical vulnerability. Ukraine's experience with physical attacks on Black Sea ports illustrates what can happen when export infrastructure is disrupted. A sophisticated cyber operation targeting port management software — container tracking, vessel scheduling, customs clearance — can achieve similar disruption without a single drone.

The Market and Financial Layer

Commodity markets for wheat, corn, soya, and other staple crops are globally interconnected and algorithmically sensitive. A well-timed cyberattack on a major grain terminal, combined with disinformation about crop yields in key exporting nations, can trigger futures market movements that translate into price spikes affecting billions of people — particularly in low-income countries with thin food import margins. The 8.5% wheat futures spike following a single drone attack on a Ukrainian river port illustrates how directly physical and digital disruptions feed into global market psychology.

This layer is largely undefended in cybersecurity terms. Commodity market cybersecurity remains focused on financial fraud and trade manipulation, not on the agricultural infrastructure data — crop reports, shipping manifests, storage inventory — whose integrity underpins price discovery.

Part IV: What Needs to Be Done

1. Reclassify Food and Agriculture as Tier 1 Critical Infrastructure — and Mean It

The United States designates food and agriculture as one of 16 critical infrastructure sectors, but the regulatory teeth accompanying that designation are minimal. The Farm and Food Cybersecurity Act of 2025, reintroduced with bipartisan support, would mandate USDA-CISA coordination and require public-private resiliency exercises — a meaningful step that demands swift passage. Every government that has not yet enacted equivalent legislation should do so immediately. Designation without enforceable standards is a label, not a defence.

2. Mandatory OT/IT Segmentation in Food Processing Facilities

Network segmentation — the practice of isolating operational technology networks from internet-connected IT systems — is classified by NIST as essential for preventing the lateral spread of ransomware from corporate systems into production environments. Making it mandatory for facilities above a certain processing volume is achievable, measurable, and would significantly raise the cost of an attack. Immutable, offline backups — regularly tested for restoration — must accompany this requirement.

3. A Global Food System ISAC with Wartime Protocols

The Food and Ag-ISAC operates primarily in a US context. What is needed is an internationally coordinated, real-time threat intelligence-sharing framework that spans the entire supply chain — from seed production to retail — and operates with urgency protocols specifically designed for wartime or elevated geopolitical tension. Cyber threats targeting Ukrainian grain exports, for instance, should be shared immediately with EU port operators, commodity exchanges, and logistics providers worldwide. The attack surface is global. The defence must be too.

4. AI-Powered Monitoring for Food Safety Systems

The most dangerous scenario in food infrastructure cybersecurity is not the ransomware that locks screens and demands payment — it is the silent intrusion that alters food safety parameters without triggering visible alerts. Temperature manipulation, chemical dosing changes, sanitation cycle modifications — these can cause mass food safety failures that reach consumers before they are detected. AI-powered anomaly detection, operating continuously at machine speed across OT environments, is the most effective counter to this threat, and food producers above a certain scale should be required to deploy it.

5. International Legal Framework: Cyber Attacks on Food Are Acts of War

The most critical gap is not technical — it is legal and normative. There is no internationally agreed framework that classifies a cyberattack on food supply infrastructure as an act of aggression equivalent to a missile strike on a grain terminal. This allows adversaries to achieve food system disruption effects through cyber means while operating below the threshold of armed conflict response. The international community — through the UN, NATO, and bilateral treaty frameworks — must close this gap. Attacks on food systems, whether physical or digital, must be recognised as a category of warfare subject to the same deterrence, attribution obligations, and response rights as conventional military operations.

Conclusion: The Hunger Algorithm

War has always targeted food. What has changed is the delivery mechanism.

The same digital infrastructure that has made global food supply chains more efficient, more traceable, and more interconnected has also made them more fragile and more attackable. The adversaries who understand this — Russia, China, and a growing array of well-resourced criminal actors with state ties — are already acting on it. The 72 active threat actors targeting the food and agriculture sector, the 82% surge in ransomware attacks, the coordinated physical and cyber campaign against Ukraine's grain export capacity — these are not isolated incidents. They are a pattern.

Food security, in the age of connected agriculture and digital logistics, is inseparable from cybersecurity. A nation that protects its borders but leaves its supply chain software unguarded is not food-secure. A military that projects force abroad but cannot guarantee that its domestic food processing infrastructure will operate during a crisis is not war-ready.

The old distinction between feeding a nation and defending it has collapsed. We are all, now, on the food front.

Sources: Food and Ag-ISAC 2025 Sector Cyber Threat Report; SecureWorld — "Perishable Security" (May 2026); Help Net Security — "The Food Supply Chain Has a Cybersecurity Problem" (July 2025); Industrial Cyber — Farm and Food Cybersecurity Act 2025; CrowdStrike 2026 Global Threat Report; Bitdefender — Russia Mercury Platform DDoS (October 2025); CSIS — "Russia's Renewed Attacks on Ukraine's Grain Infrastructure" (February 2026); Baird Maritime — Ukraine grain exports (December 2025); Modern Diplomacy — Russia Black Sea port attacks (December 2025); AInvest — Novorossiysk grain market analysis (May 2025); Claroty — JBS Foods Ransomware Analysis; Cybersecurity Guide — Food and Agriculture Sector Overview (February 2026).