Alberta’s farms are increasingly vulnerable to cyberattacks because outdated systems on older equipment were never designed with cybersecurity in mind.
In October, the RCMP warned that hacktivists had accessed internet-connected grain-drying systems and altered temperature and humidity settings, risking spoiled grain or a fire, according to a federal cybersecurity alert from Oct. 2025.
The same notice reported tampering at a municipal water facility and false alarms at an oil and gas company, noting potentially unsafe conditions if not caught in time. Specific sites were not disclosed for security reasons.
Experts say farms are attractive targets for money and leverage. Ransomware can freeze automated controllers until a payment is made.
In one European case, hackers disabled a robotic milker and demanded about US$10,000, according to industry case studies.
Even minor tweaks to settings can throw off harvest schedules or animal care, where timing is critical.
A cyber incident at Federated Co-op in Saskatchewan last year disrupted inventory for weeks, CBC reported at the time.
Food processors have also been hit repeatedly, with ransomware attacks on Canadian dairy sector organizations Lactanet and Agropur affecting producers, according to industry reports.
Many producers still see cybersecurity as someone else’s job, creating a gap between rapid adoption of GPS-guided machinery and the safeguards needed to protect it.
Researchers at the University of Guelph and the University of Saskatchewan warn that farms often overlook digital risk.
“Producers frequently assume that digital risk is external and technical, not operational,” said Steven Clark, co-author of Cybersecurity Risks in Precision Agriculture.
Another report said security must be embedded into everyday farm decisions in the same way as biosecurity or equipment safety.
Preparedness remains low, with 80 per cent of farms lacking an incident response plan and nearly half of suppliers having faced attacks, according to technology consultants MNP Digital. That disconnect leaves adversaries free to exploit vulnerable networks.
“It’s rarely about technical difficulty — it’s about priorities and cost,” said Evan Adnams, a network and IT consultant based in Edmonton. “Why would some equipment manufacturers invest in upgrading older systems when they can push customers toward buying new ones? We’ve seen that with farm equipment and planned obsolescence.”
Adnams said even basic security measures can make a big difference. Isolate devices on their own network, keep them offline if they don’t need internet access, and use firewalls with updated signatures.
Enforce strong passwords with two-factor authentication that avoids SMS, and where possible, maintain secure backups that aren’t connected to the same network or the internet.
“You’re only as secure as your weakest link,” he added. “Once attackers get inside, they can use that device as a base to move through the rest of your systems — unless everything is properly segmented and secured. Even separating your email computer from other devices helps limit exposure. Email security is tough, and while big providers like Google and Microsoft do some pre-screening, the easiest way in is still fooling the person at the keyboard. It all really comes down to IT security best practices.”
This report is a product of the Local Journalism Initiative. The Canadian Press assists with editorial and technical support. This report was first published Dec. 30, 2025.