NCC warns of rising cyber risks to connected farming

NCC Group has published a paper warning that cyber risks in agriculture are rising as farm operations adopt precision tools, cloud-connected machinery and greater automation.

The report describes agriculture as a cyber-physical system in which a digital compromise can quickly trigger physical disruption and economic harm, including yield losses, safety hazards and supply-chain interruptions.

Rami Riashy, a cybersecurity consultant at NCC Group, draws on experience in automotive engineering, heavy-duty trucking and agricultural machinery security to assess farm equipment and its supporting systems.

It argues that agriculture has a different security profile from enterprise IT and, despite shared technologies such as vehicle networks, electronic control units and telematics, differs from automotive. The paper highlights field conditions that make standard security assumptions harder to apply.

Field constraints

Connectivity is a major challenge. Many machines operate in remote areas without reliable cellular, satellite or Wi‑Fi coverage, limiting patching, authentication and monitoring methods that depend on consistent network access.

Equipment lifecycles are also far longer than in most technology sectors. Tractors, sprayers and implements can remain in service for 20 to 40 years. Many fall outside vendor support windows, and some never receive firmware updates.

The seasonal nature of farming adds pressure. Narrow planting and harvest windows leave little time for maintenance or software changes, and a failed update or lockout can halt work during critical periods.

Interoperability adds further complexity. Farms often run mixed fleets and connect tractors and implements from different manufacturers. The paper describes a "multiband ecosystem" built on standardised protocols, warning that these connections widen the attack surface and increase reliance on cross-vendor trust.

Threat scenarios

The report lists representative threats targeting agricultural vehicles and machines, including "ECU manipulation (e.g., spoofing or overriding implement controls)" and "Telematics hijacking via cellular or Wi‑Fi interfaces". It also cites "GNSS spoofing/jamming, causing navigational or agronomic errors", "Firmware attacks on CAN-connected devices (e.g., planter controllers)", and "Denial of service during critical field windows (planting, harvest)".

Risks also extend beyond machinery to backend platforms, dealer networks and manufacturing systems. A cloud compromise could expose fleet locations and field data, and create a path to tamper with over-the-air updates. The paper highlights dealer service tools such as laptops and USB storage as privileged access points that can become attack vectors if controls are weak.

Riashy also discusses the tension between security controls and the Right to Repair movement. Restricted access to diagnostic tools can prompt unofficial workarounds, increasing the risk of unauthorised firmware changes and bypassed protections.

Regulatory pressure

The paper notes growing regulatory influence from other sectors. It points to the EU Cyber Resilience Act and the EU Machinery Regulation as frameworks affecting connected products and intelligent machinery placed on the European market.

It also references UNECE Regulation No. 155 and ISO/SAE 21434, rooted in automotive security engineering and management systems. While manufacturers can draw on these approaches, the paper argues agriculture needs additional guidance to reflect offline operation, long service lives and mixed-brand environments.

A draft standard, ISO 24882, is presented as a step towards product cybersecurity processes for agricultural and off-road machinery. The paper describes it as a lifecycle-focused framework that borrows concepts from automotive standards but adapts them for agricultural realities.

Wider actors

The report outlines a broad set of threat actors, including nation-states, cybercriminals, insiders, hacktivists and opportunistic attackers. It notes that agriculture's time sensitivity and role in the food supply can shape motivations and impacts, from extortion against processors and cooperatives to intelligence gathering on yield forecasts and planting patterns.

It also cites public incidents and research disclosures referenced in the paper, including ransomware disruptions at food companies and grain cooperatives, and reported vulnerabilities in agricultural equipment firmware and interfaces.

Industry responses

The paper highlights industry efforts on interoperability testing and authenticated control between tractors and implements. It references certificate-based approaches and public key infrastructure models for mixed fleets and offline operations, and discusses securing positioning systems and correction services used for precision agriculture.

Riashy writes:

"Today, I work as a cybersecurity consultant at NCC Group helping clients "shift left" by building assurance cases, threat models, and test strategies that integrate cybersecurity from the earliest phases of design."

The paper concludes that a unified security framework will require coordinated action by equipment manufacturers, suppliers, implement makers, farmers, standards bodies, cloud providers and regulators as agriculture becomes more connected and more dependent on software-driven systems.