Cybersecurity curriculum targets food and agriculture sector amid rising threats

A team of researchers from the University of Nebraska at Omaha has developed a ten-module cybersecurity curriculum tailored for farmers, food producers, and agriculture students - populations historically underserved by cybersecurity training programs.

The effort, outlined in a new preprint titled Cultivating Cybersecurity: Designing a Cybersecurity Curriculum for the Food and Agriculture Sector, addresses urgent vulnerabilities in a sector that has seen a surge in ransomware, data theft, and equipment disruption incidents in recent years. The initiative is supported by the U.S. National Science Foundation and aims to build a more cyber-aware agricultural workforce as farms become more digitally connected.

Despite the sector’s increasing reliance on technologies such as precision agriculture, drones, and IoT-enabled devices, cybersecurity literacy among farmers remains alarmingly low. A 2018 survey cited in the paper revealed that only 10% of farmers had received any form of cybersecurity training. The researchers cite high-profile cyber incidents, including the 2021 ransomware attack that shut down a fifth of U.S. beef processing operations and another that targeted a grain storage cooperative in Iowa, as examples of how unprotected digital infrastructure can cripple food supply chains.

The proposed curriculum includes modules on malware, social engineering, wireless security, cyber warfare, and incident response, and is designed to be delivered online or in-person. The content is aligned with the National Initiative for Cybersecurity Education (NICE) Workforce Framework, covering key knowledge and skills categories while targeting foundational learning outcomes such as understanding, applying, and implementing basic cybersecurity hygiene.

Modules range from introductory lessons on cybersecurity principles to more advanced topics, including threats posed by mobile devices, securing wireless networks, and understanding the implications of the Farm and Food Cybersecurity Act. Each 30-minute session features video instruction, open-source readings, case studies, and relevant news articles to contextualize threats within the agricultural domain.

The curriculum’s initial rollout will target three key populations. First are students enrolled in agriculture degree programs, particularly in the University of Nebraska system. The authors note that newer farmers, those with fewer than ten years of experience, are more likely to adopt advanced technologies and thus more vulnerable to digital threats. Introducing cybersecurity at the academic level aims to prepare these future professionals before they encounter real-world vulnerabilities.

Second are practicing farmers and food producers, particularly in Nebraska, who will be invited to attend workshops where the content is delivered in a practical, face-to-face format. The initiative builds on the University of Nebraska’s long-standing agricultural extension programs, which already train farmers in drone usage and smart farming tools.

Third, and most urgently, are American Indian farmers, particularly those affiliated with the Ponca Tribe of Nebraska. These farmers, according to the U.S. Department of Agriculture, manage over 5,000 farms nationally and often serve communities with limited food access. Many Ponca farms supply a grocery store in a “food desert” region, meaning that a cyberattack disrupting their operations could have significant implications for tribal food security and regional economic stability.

The paper underscores the critical role cybersecurity will play in future-proofing not just agricultural operations but broader rural economies. Researchers emphasize that cybersecurity risks in agriculture go beyond individual farms, potentially affecting entire communities, ecosystems, and food systems.

To assess the effectiveness of the curriculum, the team plans to implement a pretest-treatment-posttest evaluation. Participants will complete a survey assessing their cybersecurity knowledge before and after taking the course, enabling the researchers to measure learning outcomes and refine content accordingly.

While educational frameworks for cybersecurity exist in sectors like healthcare, aviation, and homeland security, the food and agriculture sector has largely been excluded from such efforts. This curriculum represents a first-of-its-kind attempt to systematize cybersecurity learning for agricultural professionals, combining both technical instruction and contextual relevance.

The researchers cite prior studies showing that smart farming technologies - such as GPS-guided tractors and automated irrigation systems - are highly susceptible to cyber intrusion due to weak security design and inadequate user awareness. Reports from the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) echo these concerns, noting that many attacks could have been prevented with basic protective measures.

Despite growing concern, structural challenges persist. Many farmers do not prioritize cybersecurity, lack access to affordable digital infrastructure, or are unaware of the risks posed by connected devices. The authors argue that unless this knowledge gap is addressed at scale, food systems will remain vulnerable to exploitation - whether through criminal ransomware, espionage, or agri-terrorism.

The curriculum’s flexibility - available online and offline - makes it suitable for widespread distribution across rural communities, where internet access may be inconsistent. The authors also recommend integrating cybersecurity into broader farming education and policymaking, advocating for new regulatory support to make such training a baseline requirement for tech-enabled agriculture.