Hackers don't need to break your software to kill your crops—they just need to trick the plants into committing suicide.
April 16, 2026
Original Paper
Threat Modeling and Attack Surface Analysis of IoT-Enabled Controlled Environment Agriculture Systems
arXiv · 2604.13308
The Takeaway
We usually think of agricultural hacking as someone shutting down a tractor or stealing data. But this paper reveals a much more 'biological' threat: hackers can manipulate AI-driven growing schedules to exploit the actual chemistry of plants. By subtly shifting light and water cycles, an attacker creates an 'adversarial agronomic schedule' that triggers the plant's own biological defenses or growth phases at the wrong time, destroying the yield without ever touching a line of code. It means the future of food security isn't just about firewalls; it’s about protecting the collision between silicon and soil. For the average person, this implies that our high-tech 'controlled' food systems are vulnerable to a new type of biological sabotage that is almost impossible to detect with traditional security tools.
From the abstract
The United States designates Food and Agriculture as one of sixteen critical infrastructure sectors, yet no mandatory cybersecurity requirements exist for agricultural operations and no formal threat model has been published for Controlled Environment Agriculture (CEA) systems. This paper presents the first comprehensive threat model for IoT-enabled CEA, applying STRIDE analysis, MITRE ATT&CK for ICS mapping, and IEC 62443 zone-and-conduit decomposition to a production platform deployed across 3