The Attack Surface You Eat: Cyber Risk in Food and Agriculture
Season 4 - Episode 3
Host: Patrick Miller
Guest: Kristin King
Kristin King joins Patrick Miller to make the case that food cybersecurity is not food security, and that food and agriculture is one of the most under-defended corners of critical infrastructure. From precision agriculture and processing plants to aquaculture, zoos, and aquariums, they trace where the OT and ICS risk actually lives, why the regulatory floor is so thin, and how the threat range runs from opportunistic ransomware to nation-state targeting and agroterrorism.
Guest: Kristin King, founder and CEO of AnzenSage, CEO and co-founder of AnzenOT, host of the Bites & Bytes Podcast, and author of Securing What Feeds Us: Cybersecurity in Food and Agriculture (Wiley).
Kristin King and her work
AnzenSage (her firm, food/ag/zoo/aquaria security): https://www.anzensage.com/
AnzenOT (her SaaS OT cyber risk platform): https://www.anzenot.com/
Bites & Bytes Podcast (note spelling: Bites, then Bytes): https://www.bitesandbytespodcast.com/about
Kristin on LinkedIn: https://www.linkedin.com/in/kingmkristin
Sessionize speaker profile: https://sessionize.com/kristin-king/
The book
Securing What Feeds Us: Cybersecurity in Food and Agriculture (Wiley, out September 29, 2025): https://securingwhatfeedsus.com/
Guests and people mentioned
Jonathan Lawler (the "punk rock farmer," purple tomatoes, his Bites & Bytes episode): https://www.punkfarmermedia.com/the-punk-rock-farmer
Dr. Darin Detwiler (wrote the foreword; food safety figure tied to the Jack in the Box E. coli case, featured in Netflix's Poisoned): https://www.linkedin.com/in/darindetwiler/
Incidents and warnings referenced
JBS ransomware attack (2021): https://www.cybersecuritydive.com/news/JBS-meat-producer-white-house-russia-ransomware/601119/
UNFI cyberattack (2025): disrupted distribution to Whole Foods and Amazon-supplied grocery. https://www.reuters.com/business/retail-consumer/unfi-says-cyberattack-disrupted-its-operations-2025-06-09/
Norway dam / fishery intrusion (2025): https://industrialcyber.co/industrial-cyber-attacks/lake-risevatnet-dam-hack-exposes-industrial-cyber-gaps-as-weak-passwords-risk-critical-infrastructure-attacks/
Australia sugar mill attack (Mackay Sugar): https://www.cyberdaily.au/security/13734-two-mackay-sugar-mills-shut-down-following-cyber-incident
FBI Private Industry Notification, ransomware attacks on agricultural cooperatives timed to planting and harvest seasons (April 20, 2022; second of two FBI warnings, the first in September 2021): https://www.ic3.gov/CSA/2022/220420-2.pdf
Reports and data cited
Check Point: https://blog.checkpoint.com/research/global-cyber-threats-august-2025-agriculture-hit-hard/
Food and Ag-ISAC 2025 Ransomware/Threat Report: https://www.foodandag-isac.org/post/navigating-the-2025-food-and-agriculture-sector-ransomware-landscape
Food and Ag-ISAC home: https://www.foodandag-isac.org/
FAO (farmed fish now exceeds wild-caught): https://www.fao.org/publications/home/fao-flagship-publications/the-state-of-world-fisheries-and-aquaculture/en
Standards, frameworks, and regulation named
CISA Food and Agriculture Sector (sector designation and federal framing): https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/food-and-agriculture-sector
PAS 96:2026 (UK food defence guide, voluntary guidance): https://knowledge.bsigroup.com/products/food-defence-protection-and-prevention-from-deliberate-acts-guide
US FDA Food Safety Modernization Act (FSMA), general reference: https://www.fda.gov/food/guidance-regulation-food-and-dietary-supplements/food-safety-modernization-act-fsma
FSMA Intentional Adulteration rule (21 CFR Part 121), the enforceable food-defense provision requiring vulnerability assessments and mitigation strategies: https://www.fda.gov/food/food-safety-modernization-act-fsma/fsma-final-rule-mitigation-strategies-protect-food-against-intentional-adulteration
NIST 800 series: https://csrc.nist.gov/publications/sp800
ISO/IEC 27001: https://www.iso.org/standard/27001
EU NIS2 Directive: https://eur-lex.europa.eu/eli/dir/2022/2555