The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations.

  • The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have been well-documented and garnered international attention. We judge that the current media spotlight on these issues will motivate cyber threat actors to conduct future attacks on this industry as they realize the consequences of prolonged disruption for related entities and potential leverage they would have over victims.
  • The agriculture sector is highly vulnerable to cyber-attacks given its low downtime tolerance, insufficient cyber defenses, and far-reaching ripple effects of disruption. We assess those future threats to the agriculture section will mainly include financially motivated ransomware actors and disruptive attacks carried out by state-sponsored APTs.
  • Network defenders and leaders should consider their business resiliency in agriculture or agriculture adjacent industries.

For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement ranges from commercial and critical infrastructure to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way.

Ukraine has been a frequent victim of state-sponsored cyber-attacks aimed at critical infrastructures like power and transportation. Russia’s invasion of Ukraine not only increased the risk to these sectors but also effectively sparked a global food crisis, with the war driving rising prices and scarcity of many essential foods desperately needed by consumers around the world. The exposed fragility of the global food supply chain will also likely have implications for future cyber threats, as adversaries are notorious for targeting vulnerable sectors with low downtime tolerance and insufficient cyber defenses. This was most recently seen in the wave of ransomware attacks against health care entities during the COVID-19 pandemic.

To truly grasp the implications of the war in Ukraine, we must examine how vital Ukrainian agriculture feeds the world, the current situation, and what this means for the global cybersecurity posture to protect agricultural assets.

Threats to agriculture sector likely to grow with Ukraine war

Ransomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. According to an April 2022 FBI alert, “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” Adversaries are known to be shrewd and calculating and understand their victims’ weaknesses and industries—key reasons why they are frequently successful in their operations.

While we know that the agriculture sector is vulnerable, the war in Ukraine has exacerbated this threat, clearly demonstrating the global consequences of disruptive activity.  The world is already facing several stresses on the global economy and supply chain, including rising costs of food, inflation and the ongoing COVID-19 pandemic. Food insecurity, starvation and additional global unrest are all but assured as the war in Ukraine rages on. To truly grasp the enormity of this, let’s look at Ukraine, a massive global supplier of agriculture and the implications for global agriculture security.

Just how important is Ukraine in global agriculture?

Ukraine is often referred to as the “Breadbasket of Europe,” and it is a well-earned moniker.  


As of 2021, Ukraine was the sixth-largest exporter of wheat in the world, accounting for 10% of the market share. The country produced 20 million tons of wheat, with Egypt, Indonesia, Turkey, Pakistan and Bangladesh as the primary destinations. Many countries impacted by the ripple effects of the war in Ukraine are already highly vulnerable, particularly those in Africa, the Middle East, and parts of Asia. In Ethiopia, Somalia, and Kenya, the number of people facing extreme hunger has more than doubled since last year. In Afghanistan, humanitarian agencies have warned that the country has been close to famine for months, while Lebanon has been in an economic crisis for over a year.

At home, Ukraine relies heavily on farming as a key source of revenue, with agriculture accounting for more than 20% of the country’s GDP, according to the U.N. Agriculture also provides employment for 14% of Ukraine’s population, according to the U.S. Department of Agriculture. Ukraine is unique in that a large portion of the country's land has incredibly fertile soil, with over half the country having well-suited arable land dedicated to crops like wheat, maize and sunflower. Some may assume that swathes of rich land are all that is necessary to be an agriculture giant, but in truth, one needs a well-laid and maintained infrastructure to move crops, seeds and fertilizer, and robust deep-water oceanic ports that can import and export products quickly. Ukraine has all of these features, but they have been largely disrupted or destroyed in the war.

Understanding the mess of Ukrainian wartime agriculture

It is something of an understatement to say that Ukrainian agriculture exports are in dire straights. Currently, due to the invasion, Ukraine has limited access to seaports to export its extensive backlog of wheat and other agricultural products. Pre-war, 70% of agriculture was exported via seaports, averaging 25 million metric tons a year. This has been reduced to a trickle — only 2 million tons were exported in June alone, a far cry from the 4 million that’s typical of that time of year. Poor countries that cannot shoulder the steep increase in prices will suffer the most. Forty percent of Ukraine’s wheat exports go directly to the U.N. World Food Program, which helps feed these poorer countries.

Additionally complicating matters is the act of planting and harvesting in Ukraine. Some farm fields are now filled with mines — unexploded ordinances — and farm labor is difficult to find. These factors can create delays that can be catastrophic to the sustainability of a farm's ability to provide food to the world. For example, every day delayed during a planting season could affect the total bushel-per-acre yield, without taking into consideration weather, market conditions, and of course, armed conflict.

There is also a lack of grain storage capacity for current harvests, as grain is trapped in silos and there are very poor logistics to export out of the country via methods other than bulk oceanic freight. Without the ability to effectively ship last year's harvest, and this year's current harvest being reaped, planting for the 2023’s harvest is in serious jeopardy. All of these complications means Ukraine will effectively have a vastly and painfully reduced presence in the agriculture market for years to come.

Ukraine and Russia recently signed a U.N.-brokered deal, in which an agreement to allow grain shipping exports to resume via the Odessa seaport. This is a much-needed means to deliver trapped grain products in Ukraine, but the agreement is on very precarious footing. Russia is still actively bombing and targeting the Odessa metropolis, and has demonstrated time and again that it is willing to abandon agreements when it suits them. This agreement also runs somewhat counter to the Russian tactic of weaponizing the food supply chain to its advantage. By artificially creating scarcity, Russia can leverage concessions from a global community that relies deeply on Ukrainian grain exports to feed the world. A lack of scarcity could inhibit one of the few cards they can play to compel global compliance to its demands. Starvation and scarcity as a means of control is something the Ukrainian people are quite familiar with.

No easy answers

Ukraine is looking for additional ways to export their trapped agricultural products without the reliance on the pseudo availability of its Odessa seaport, which as of this writing, are very laboriously exporting via rail to other Eastern European countries, or via the Danube River to other countries' seaports. The Bessarabia region, in the Odessa Oblast, has two prominent river ports: Izmail and Reni. These ports, however, are quite old and were not built to ingest and export agriculture at peacetime volumes. Even utilizing seaports reached via river barge, like Constanta in Romania, only offers a small percentage of peacetime oceanic volume.

Even the Ukrainian rail system is problematic for shipping agricultural products. Ukraine has older Soviet railroad tracks that are incompatible with countries like Poland and cannot just roll trains to the rest of Europe without considerable effort. To put it all succinctly: There are only bad answers to the terrible questions of how to export agriculture in the middle of a Russian invasion.

So what are the security threat models to agriculture?

Industry-specific instability is seen as enticing, as victims are seen to be more compliant to pay an extortion fee in exchange for the return of their data and network. The more unstable and exposed the industry, the more compelling it is to an attacker. Nation states may also see agricultural instability as an opportunistic way to project power and advance national interests.

Critical infrastructure, like agriculture, is part of a complex and interwoven network of critical services that let society function. Cyber attacks on that infrastructure will always carry value to a nation-state advanced persistent threat actor. The ability to disrupt or deny critical services is a potent weapon to enforce one nation’s will over another. Even indirect attacks can affect agriculture. Cyber-attacks launched against energy or water industries can create a ripple effect that impedes the ability of agriculture to produce at optimum. Ukraine has a long history of suffering these kinds of cyber-attacks, including the costly NotPetya attack, that was attributed to Russian APTs.

There are also mutual interests that criminal ransomware cartels and the Russian government share. Ransomware cartels are not shy about their relationships with Russia. Many ransomware gangs also operate within that country's borders with relative impunity. These groups, who often act as proxy state-sponsored actors, have financial interests that align with the Russian government. Russia is kinetically targeting agriculture with the express intent of creating additional food chain supply insecurity. Ransomware cartels also want to extort victims and additional food and supply chain disruptions continue to favor Russian interests.

Much like the Colonial Pipeline ransomware attack, there are also unintended consequences of a cyber-attack that have a way of trickling down into how businesses can operate in an industrial environment. As defenders, we must consider our integrations into industrial operations. Agriculture industries are rapid adopters of industrial automation. The imperative to produce rapidly and deliver to market is driving companies to remove the human element where possible. For example, a fully automated grain elevator removes the need for humans to assist in the unloading of grain, extending the serviceable hours an elevator can stay open for farmers. Automated milking systems make it possible to increase milk cows more frequently, and automated feed pushers keep herds fed so milk production stays consistent.  As you think about cyber defense, ask yourself what does an attack on your converged farms and facilities look like? Would the loss of IT assets trickle into industrial operational technology that lets your business operate? Could you still ship perishable milk? Could a grain elevator still operate?

What does this mean for cyber defenders?

The invasion of Ukraine is awful. And it is easy to be lost in the suffering and sacrifice of the Ukrainian people. Now is the time, more than ever, to understand what is at stake and what we can do to keep the world fed. Whether we’re protecting a direct agriculture business, or something agricultural-adjacent, now is the time to reflect on business resiliency. As defenders, we cannot control war, the weather, or the agriculture market. Instead, the security community should consider this an opportunity to improve their situational awareness. By just maintaining awareness of outside events, we can draw a better picture of the current security risks. It can be easy to dismiss global events as having no additional effects on an organization’s cybersecurity posture — we’re under constant attack as it is. Instead, consider not the “what,” but the “why” of adversary motivations, and how that can affect potential targets. Understanding that could make all the difference in keeping businesses safe and productive.

Executive call to action

For executive leadership, now is an opportune time to evaluate your accepted business risks. That means taking the time to understand how interconnected your agriculture operations are to your corporate offices. Could you function as a business should a ransomware attack affect you? What investments have you made to build resiliency into your operations? These are incredibly difficult questions to answer. Use the catalyst of global events to invest in technology and more importantly, people, to help you find those answers. Be proactive, and train for climatic events like a cyber-attack. Utilize third-party services to give unbiased evaluations of your resiliency and recovery. Perhaps most importantly – resist complacency. Cybersecurity threats evolve and shift as do global events. Maintaining strong situational awareness could be the critical deciding factor between a crippling costly cyber-attack and a resilient enterprise able to weather any storm. The fate of the world’s agricultural supply chain could rely on it.