Cybersecurity and the Agri-Food Sector: A Critical Challenge to Sustainable Development Goals
Introduction: Digitalization and Emerging Threats to Global Food Security
The increasing digitalization of the agri-food sector, while driving innovation, presents significant cybersecurity challenges that directly threaten the achievement of several Sustainable Development Goals (SDGs). The security of the food supply chain is fundamental to SDG 2 (Zero Hunger), which aims to ensure access to safe and nutritious food for all. However, the sector’s critical infrastructure, from farms to distribution, is increasingly exposed to cyberattacks due to a reliance on legacy systems not designed for modern threat environments.
Direct Impacts on SDG 2 (Zero Hunger)
Cyber threats pose a direct and growing risk to food production and availability, undermining progress towards ending hunger and achieving food security.
Key Threats Identified
- Ransomware Attacks: The FBI has identified ransomware as a primary threat. Reported attacks on the food and agriculture sector more than doubled in the first quarter of 2025 compared to the same period in 2024, with 84 documented cases.
- Foreign Malware and Espionage: The introduction of foreign malware and the theft of data and intellectual property can disrupt operations and compromise proprietary agricultural research.
- Bioterrorism: The potential for cyber-enabled bioterrorism presents a high-impact risk to the sector.
Consequences for Food Production
Successful attacks disrupt critical agricultural processes, leading to consequences that jeopardize food security:
- Production Halts: Attacks can disable essential equipment, such as a ransomware incident affecting a Swiss dairy farmer’s milking robot, which resulted in livestock loss.
- Supply Chain Disruption: Compromised seed production or processing facilities can necessitate the costly relocation of crops, straining resources and creating delays.
- Increased Food Prices: Geopolitical tensions elevate the risk of nation-state attacks aimed at causing maximum disruption, which can halt food production, create shortages, and drive up consumer prices, impacting the affordability pillar of SDG 2.
Broader Implications for Health, Well-being, and Economic Growth
The consequences of cyberattacks extend beyond food availability, affecting public health, economic stability, and consumer trust, which are central to other SDGs.
Impact on SDG 3 (Good Health and Well-being)
Compromised digital systems in the food supply chain create significant public health risks. An attack that disables temperature or storage control systems can lead to rapid food spoilage, posing a direct danger to consumers and undermining food safety standards essential for public health.
Impact on SDG 8 (Decent Work and Economic Growth)
- Financial Losses: Attacks result in direct financial damages from ransom payments, fraud, and operational downtime, hindering the economic viability of agribusinesses.
- Operational Delays: Production and delivery slowdowns create cascading effects across the supply chain, impacting related businesses and economic productivity.
- Erosion of Trust: Incidents such as the cybersecurity breaches at Stop & Shop and Whole Foods, which led to product shortages, damage consumer trust in the reliability and safety of the food supply chain, affecting long-term economic stability.
Vulnerabilities Hindering Resilient Infrastructure (SDG 9)
The agri-food sector’s vulnerability to cyber threats stems from systemic weaknesses that challenge the development of resilient infrastructure, a key target of SDG 9 (Industry, Innovation, and Infrastructure).
Primary Security Gaps
- Legacy Technology: Many farms and food companies utilize outdated operational technology and software with inadequate security features.
- Lack of Cybersecurity Prioritization: Small- and mid-sized agribusinesses, in particular, have often neglected cybersecurity investments, leaving them exposed.
- The Human Element: Insufficient employee training on recognizing phishing attempts and social engineering tactics creates a significant vulnerability.
- Foreign Technology Risks: The use of drones and sensors with potential security flaws, particularly from foreign sources, may introduce backdoors for unauthorized access to sensitive systems.
Strengthening Institutions and Partnerships for a Secure Future (SDG 16 & SDG 17)
Addressing these multifaceted threats requires robust governance and collaborative action, aligning with SDG 16 (Peace, Justice, and Strong Institutions) and SDG 17 (Partnerships for the Goals).
Government and Institutional Responses
- European Union: The EU’s NIS2 Directive now classifies food production, processing, and distribution businesses as critical infrastructure, mandating stricter cybersecurity measures.
- United States: While lacking a single mandatory framework, the U.S. government recognizes agriculture as critical infrastructure.
- The Cybersecurity and Infrastructure Security Agency (CISA) provides voluntary resources and checklists to help the sector defend against intrusions.
- The USDA has launched the National Farm Security Action Plan to protect farmlands and the food supply from foreign adversarial influence.
- Legislative efforts, such as bills reintroduced by Congressman Don Bacon, aim to modernize and secure the agricultural sector.
Pathways to Resilience
A comprehensive strategy built on public-private partnerships is essential. Key measures include the widespread implementation of multi-factor authentication (MFA), regular software updates, continuous employee training, and collaborative threat intelligence sharing to build a resilient agri-food sector capable of supporting the Sustainable Development Goals.
1. Which SDGs are addressed or connected to the issues highlighted in the article?
The article on cybersecurity threats to the agri-food sector touches upon several Sustainable Development Goals (SDGs) by highlighting the vulnerabilities in our food systems, the economic impact on the agricultural industry, and the need for resilient infrastructure and stronger institutions to combat these threats.
-
SDG 2: Zero Hunger
This is the most central SDG, as the article directly discusses threats to food security and safety. Cyberattacks that disrupt production and supply chains can lead to food shortages and compromise the safety of food, directly impacting the goal of ensuring access to safe and sufficient food for all.
-
SDG 8: Decent Work and Economic Growth
The article details the economic consequences of cyberattacks on the agri-food sector, from small farms to large corporations. These attacks cause “direct financial losses,” operational slowdowns, and damage to businesses, which undermines economic productivity and the stability of jobs within this vital sector.
-
SDG 9: Industry, Innovation, and Infrastructure
The article emphasizes that the agri-food sector is “critical infrastructure.” It points out that much of the technology used is outdated and vulnerable, highlighting the urgent need to build resilient, reliable, and sustainable infrastructure by upgrading technology and implementing modern cybersecurity measures.
-
SDG 11: Sustainable Cities and Communities
The consequences of cyberattacks on the food supply chain have a direct impact on communities, particularly in urban areas. The article cites examples of grocery chains experiencing “widespread product shortages,” which affects the ability of cities and communities to ensure residents have access to essential goods like food.
-
SDG 16: Peace, Justice, and Strong Institutions
The article discusses cybercrime, including ransomware and data theft, and the response from governments. It highlights the role of “nation-state actors” and organized criminals. The mobilization of government agencies like CISA and the USDA and the implementation of directives like the EU’s NIS2 show efforts to build strong institutions to combat these forms of crime and ensure security.
2. What specific targets under those SDGs can be identified based on the article’s content?
Based on the issues discussed, several specific SDG targets can be identified:
-
Target 2.1: End hunger and ensure access to safe, nutritious and sufficient food
The article connects directly to this target by explaining how cyberattacks threaten the food supply. It states that “Successful attacks that halt food production can lead to shortages and drive up food prices.” Furthermore, it raises concerns about food safety, noting that if systems controlling storage temperature fail, “food can spoil quickly,” posing a “danger to people.”
-
Target 2.4: Ensure sustainable food production systems and implement resilient agricultural practices
The article highlights the vulnerability of current food production systems, stating that “a lot of the technology farms and food companies use was built long before cyberattacks became such a serious issue.” The need for resilient practices is underscored by how attacks can “disrupt key parts of farming, such as seed production,” forcing costly and inefficient relocations.
-
Target 8.2: Achieve higher levels of economic productivity through technological upgrading and innovation
The article points to the economic damage caused by a lack of technological resilience. It mentions “direct financial losses like ransom payments, fraud, or theft” and operational slowdowns that “delay production and delivery.” The fact that “small- and mid-sized agribusinesses have not prioritized cybersecurity” indicates a gap in technological upgrading that affects their productivity and viability.
-
Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure
This target is explicitly addressed when the article notes that “agriculture is officially recognized as critical infrastructure.” The core problem described is the lack of resilience in this infrastructure, making it vulnerable to cyberattacks. The entire article is a call to action to make this infrastructure more reliable and secure against modern threats.
-
Target 16.a: Strengthen relevant national institutions… to combat… crime
The article provides clear examples of this target in action. It describes how “Governments around the world have started taking this issue much more seriously.” Specific institutional responses are mentioned, including the EU’s “NIS2 Directive,” efforts by “Federal agencies such as CISA and the United States Department of Agriculture (USDA),” and the introduction of “two bills aimed at modernizing and securing America’s agricultural sector.”
3. Are there any indicators mentioned or implied in the article that can be used to measure progress towards the identified targets?
The article mentions or implies several quantitative and qualitative indicators that could be used to measure the problems and the progress towards solving them:
-
Frequency and Type of Cyberattacks
The article provides a specific metric: “In the first three months [of 2025], there were 84 reported cases [of ransomware attacks], which is more than twice the number from the same period in 2024.” Tracking the number of reported attacks (ransomware, malware, data theft) serves as a direct indicator of the threat level against Target 2.4 and 9.1.
-
Impact on Food Availability
Progress towards Target 2.1 can be measured by tracking supply chain disruptions. The article points to “widespread product shortages” at major grocery chains like Stop & Shop and Whole Foods. The frequency and scale of such incidents are measurable indicators of the food supply’s vulnerability.
-
Economic Losses
As an indicator for Target 8.2, the article mentions “direct financial losses like ransom payments, fraud, or theft.” While not providing an aggregate number, it gives a specific example of a “dairy farmer in Switzerland” who “experienced setbacks” and the “loss of a pregnant cow.” Tracking financial losses across the sector would be a key performance indicator.
-
Implementation of Security Policies and Frameworks
An indicator for Target 16.a is the adoption of government-led security initiatives. The article mentions the “NIS2 Directive” in the EU and the “National Farm Security Action Plan” in the US. The number of businesses covered by these directives or the level of implementation of the recommended “voluntary steps, services, and resources” offered by CISA can be tracked to measure progress.
-
Adoption of Cybersecurity Best Practices
The article suggests that progress can be measured by the adoption rate of key security measures. It lists the need for “implementation of MFA, regular software updates, [and] employee cybersecurity training.” The percentage of businesses in the agri-food sector that have implemented these practices would be a strong indicator of improved resilience (related to Target 9.1).
4. Create a table with three columns titled ‘SDGs, Targets and Indicators” to present the findings from analyzing the article. In this table, list the Sustainable Development Goals (SDGs), their corresponding targets, and the specific indicators identified in the article.
| SDGs | Targets | Indicators |
|---|---|---|
| SDG 2: Zero Hunger |
|
|
| SDG 8: Decent Work and Economic Growth |
|
|
| SDG 9: Industry, Innovation and Infrastructure |
|
|
| SDG 16: Peace, Justice and Strong Institutions |
|
|
Source: helpnetsecurity.com
