Cyberattacks on agricultural machinery could slash farm profits, study warns

A cyberattack targeting digitally connected agricultural machinery could cause tens of thousands of dollars in crop losses, according to new research investigating cybersecurity risks in precision agriculture. The study, led by researchers from the University of Nebraska-Lincoln and the University of Nebraska-Omaha, presents one of the first quantifiable models of how tampering with modern farming machinery can directly impact food production and farmer revenue.

The paper, titled "Investigating the Implications of Cyberattacks Against Precision Agricultural Equipment," was presented at the 20th International Conference on Cyber Warfare and Security (ICCWS 2025). It focuses on equipment that relies on Controller Area Network (CAN) bus systems - digital communication frameworks increasingly embedded in precision agriculture tools such as fertilizer applicators and tractors.

The researchers simulated a cyberattack on a fertilizer side-dress implement used in corn farming, using real agronomic and economic data from Saunders County, Nebraska. Their findings reveal that a well-executed attack on such machinery could result in profit losses ranging from $13,000 to over $32,000 across a single 100-acre field. The study underscores that as agriculture becomes more connected, it is becoming more vulnerable to targeted cyberattacks.

CAN bus technology enables seamless communication between farm vehicles and attached implements. It allows farmers to automate precise application of seed, fertilizer, and pesticides. However, the same digital integration also creates new attack surfaces. In vehicles, CAN bus vulnerabilities have already been exploited in remote hacking demonstrations. This research explores similar threats applied to the agricultural context.

The simulated attack scenarios manipulated fertilizer application rates across different field zones. In one scenario, attackers selectively increased or decreased the amount of fertilizer applied by up to 100%, resulting in over-fertilization in some areas and under-fertilization in others. In a second scenario, fertilizer was drastically reduced across most of the field and oversupplied in just a few rows. In all three scenarios analyzed, the total crop yield decreased significantly, leading to direct financial losses for the farmer.

The most damaging case resulted in a 4,291-bushel loss in corn yield, costing the farmer $32,284 in profits. Even the least damaging attack cost nearly $13,130 in lost revenue. In some cases, the farmer unknowingly applied more fertilizer than needed, increasing costs. In others, lower yields went unnoticed until harvest time, when the damage was already done.

According to the FBI, cybercriminals have become more active in targeting agriculture, especially during critical periods like planting and harvesting. The study reinforces those concerns, showing that digital attacks don’t require shutting down systems—they only need to quietly alter field-level variables to cause damage that becomes apparent months later.

The researchers warn that most farmers lack the cybersecurity training or forensic tools needed to detect and respond to such attacks. In precision agriculture systems, application data is typically displayed on tractor consoles. If an attacker gains access to those interfaces, they can spoof normal operations—making it nearly impossible for a farmer to detect sabotage until crop yields suffer.

Moreover, the study raises questions about incident response protocols in agricultural settings. Standard cybersecurity frameworks, such as the NIST 800-61 Computer Security Incident Handling Guide, assume practices that don’t translate well to farming. Powering down equipment or isolating systems may not preserve useful forensic data, and commonly used digital forensics tools are not designed for agricultural machinery.

The lack of industry-wide standards compounds the problem. Many farmers lease equipment from third parties or rely on proprietary software from manufacturers, making it unclear who holds responsibility in the event of a cyber incident. The authors call for the development of dedicated agricultural cybersecurity standards and incident handling practices tailored to the unique constraints of farm operations.

The study also highlights the financial stakes. Corn is the dominant cash crop in the U.S., accounting for nearly a quarter of all crop revenues. Fertilizer is one of its most significant input costs - and also one of its most vulnerable control points. Even small manipulations in application can have major effects on yield, profitability, and environmental impact.

As more farms adopt smart systems and Internet of Things (IoT) devices for everything from irrigation to drone monitoring, the attack surface continues to grow. Researchers warn that a coordinated attack exploiting a common equipment vulnerability could impact not just individual farmers, but entire regions or supply chains.

The authors suggest that future research expand beyond fertilizer equipment to include other IoT-driven agricultural technologies - tractors, drones, autonomous harvesters, cloud-connected farm management systems, and more. As digital transformation accelerates in agriculture, the risk of cybercrime increases in parallel.

To mitigate these risks, the researchers recommend several steps:

• Developing cybersecurity awareness programs for farmers and equipment operators
• Creating forensics-ready hardware in precision equipment to assist in post-incident analysis
• Building cybersecurity testbeds for agricultural environments
• Clarifying liability and response roles among equipment manufacturers, farmers, and third-party service providers
• Advancing research on cost-effective cybersecurity controls for farm-specific systems

The study also notes the need for economic modeling tools that help quantify the real cost of cyberattacks on agriculture. With mounting pressure to feed growing populations and stabilize food systems amid climate disruptions, even subtle disruptions to farming technologies could have cascading effects on food security.