The USDA’s Cybersecurity Plan for Agriculture Sounds Good... Until You Read It
Intentions are noble. But the execution? Still miles away from the realities of modern farming.
Cybersecurity in agriculture isn’t optional anymore.
It’s infrastructure. It’s food. It’s life support.
So why does the USDA’s new security plan feel like it skipped the farm entirely?
Disclaimer:
To be clear: I don’t believe this plan is ill-intentioned. But I do believe it’s incomplete. And my goal in writing this isn’t to criticize the effort; it’s to strengthen the outcome.
The USDA recently rolled out something it’s calling the National Farm Security Action Plan, a big-picture effort to protect American agriculture from cyber threats, foreign interference, and bad actors buying up farmland or messing with agricultural research. And on the surface, it sounds like a win. Cybersecurity is finally on the table for agriculture! Farms are being acknowledged as part of national security! Washington is paying attention! Hooray! But when you read it, actually read it, it becomes clear this plan was built in a boardroom, not a barn.
"It’s encouraging to see national attention on farm security, but once again, the plans lean on familiar ideas that don’t quite reach the soil."
I work in cybersecurity and operational risk, with a focus on the agriculture and food sectors. My frustration doesn’t come from politics or opinion. It comes from the field.
Agriculture isn’t a spreadsheet; it’s a system. And when you ignore how those systems actually operate, no amount of awareness will keep the power on in a barn when the controls go dark.
You can’t treat a robotic milking system or a hatchery’s environmental control panel like a laptop. Modern farms run on complex, cyber-physical systems, automated irrigation, GPS-guided combines, feed distribution software, remote grain monitoring, and climate-controlled barns. In the poultry and dairy industries, especially, these systems aren’t “emerging”; they have been in daily use for a while now.
And yet, the USDA’s plan reads like farms are just now discovering the internet.
Rather than confronting these cyber-physical realities, the plan leans heavily on partnerships with the Food and Ag-ISAC, a members-only, IT-centric organization with a paywall. Most farmers don’t know it exists, and those who can likely can’t justify the cost or see the value. Meanwhile, we’re told the USDA will “coordinate with law enforcement” and “raise awareness,” which is code for: you’re on your own, but we’ll root for you from Washington.
Then there’s the section on training the next generation in agro-defense, which is great in theory. But who’s teaching them? Where’s the curriculum? Who’s building the bridge between cybersecurity and ag operations? Right now, there are fewer than a dozen people in the U.S. talking about OT cybersecurity in agriculture, let alone shaping policy or teaching in land-grant programs.
And we need to be honest: farmers aren’t cybersecurity experts.
Nor should they be expected to become one just because the tech they’re handed isn’t secure. This idea that awareness alone can secure the farm is like handing out umbrellas in a hurricane. Too late, and not nearly enough.
The gaps go deeper…
There’s no incident response framework, no hotline, no field-level playbook for what happens when your feed control system locks up. No communication strategy is in place for when ransomware compromises a cold storage unit. No strategy for legacy tech, which is still very much in use across rural America. No real conversation about supply chain threats, what happens when a processor or logistics partner gets hit? And absolutely nothing that holds AgTech vendors accountable for building security into the products they profit from.
But the part that really gets under my skin? Agroterrorism. It’s mentioned briefly in the context of research security. Foreign actors, stolen pathogens. That’s fine. But what about the rest?
Nothing about domestic extremists. Nothing about physical sabotage. Nothing about contamination risks or intentional attacks on animal or plant systems. And we’ve seen it. We know it happens.
In recent years, activists have been accused of targeting farms and facilities through coordinated break-ins, sabotage, and operational disruption. According to Sentient Media, the FBI has investigated animal rights groups over actions that go well beyond protest, including system interference and surveillance. Whether or not you agree with their motives, the risk to agriculture is real.
And we’d be naïve to think domestic threats can’t be nudged, or amplified, by foreign actors. In an age of disinformation, you don’t have to breach a grain elevator control system. You can just radicalize someone who already has access.
So, where is that in the plan?
This is where I start to lose patience. Because we can’t keep putting out glossy PDFs that look good in a press release but collapse in practice, this isn’t an abstract sector. When systems fail in agriculture, animals die, and people get hurt. Crops spoil. Food doesn’t make it to the shelf. And real people, already operating on tight margins, carry the burden.
We need more than good intentions.
We need a response framework. We need standards and incentives that don’t place the entire burden on the end user, aka the farmer. We need education that starts early, teaches systems thinking, and treats cybersecurity as part of the agricultural ecosystem, not something bolted on after the fact. And we need AgTech companies to build secure-by-design products from the start, not leave farmers holding the bag when things break.
The National Farm Security Action Plan is a start. But it’s a fragile one. And if we want to truly secure what feeds us, we need to stop designing “policy and plans” in isolation from the people and processes it’s meant to protect.
So what now?
If you work in food, agriculture, agtech, OT, or cybersecurity, what do you think this plan gets right? What does it miss? And most importantly: who should be leading these conversations... and who’s still missing from the table?
Stay safe, Stay Curious,
Kristin King
