arxiv: 2604.13308 · v1 · submitted 2026-04-14 · 💻 cs.CR · cs.SY· eess.SY

Recognition: unknown

Threat Modeling and Attack Surface Analysis of IoT-Enabled Controlled Environment Agriculture Systems

Andrii Vakhnovskyi

Authors on Pith no claims yet

Pith reviewed 2026-05-10 14:28 UTC · model grok-4.3

classification 💻 cs.CR cs.SYeess.SY

keywords IoT securitythreat modelingcontrolled environment agriculturecybersecuritycritical infrastructureAI attacksSTRIDEICS security

0 comments

The pith

IoT-enabled controlled environment agriculture systems have 123 unique threats including five novel attack classes targeting AI components.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper applies STRIDE analysis, MITRE ATT&CK for ICS mapping, and IEC 62443 zone-and-conduit decomposition to a production IoT platform running in over 30 commercial facilities. It maps 25 data-flow elements across 15 protocols and finds that ten of those protocols run with zero authentication or encryption by design. The work identifies five attack classes that exploit AI-driven controls for crop management and energy use, then quantifies how quickly such attacks could destroy crops or create safety hazards. A survey of ten vendors shows almost no public security disclosures or certifications in the sector. If the mapping holds, food production facilities designated as critical infrastructure operate with minimal protections against both remote and physical disruptions.

Core claim

Applying STRIDE analysis, MITRE ATT&CK for ICS mapping, and IEC 62443 zone-and-conduit decomposition to a production CEA platform reveals 123 unique threats across 25 data-flow-diagram elements spanning 15 communication protocols. Five novel attack classes are identified: stealth destabilization of neural-network-tuned PID controllers, baseline drift poisoning of anomaly detectors, cross-facility propagation via federated transfer learning, adversarial agronomic schedules that exploit crop biology rather than computational models, and reward poisoning of reinforcement-learning energy optimizers. Physical impact analysis shows crop loss timelines ranging from minutes in aeroponics to days in

What carries the argument

STRIDE threat modeling combined with MITRE ATT&CK for ICS and IEC 62443 zone-and-conduit decomposition applied to the platform's 25 data-flow elements and 15 protocols.

If this is right

Physical impacts from successful attacks can destroy crops in minutes for aeroponic systems or over days for others, while also creating worker safety hazards through CO2 injection manipulation.
Ten of the fifteen communication protocols operate with zero authentication or encryption by design.
A survey of ten commercial CEA vendors finds only one CVE ever issued, zero bug bounty programs, and zero IEC 62443 certifications.
A defense-in-depth countermeasure framework is proposed, with Security Level 2 recommended as the minimum baseline for these systems.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same modeling approach could be applied to conventional field agriculture or livestock systems to test whether comparable gaps exist outside controlled environments.
Because food and agriculture is already designated critical infrastructure, the absence of any mandatory security requirements may warrant regulatory review.
Independent replication on additional vendor platforms would clarify whether the five attack classes remain distinct when the underlying hardware and AI models differ.

Load-bearing premise

The single production platform and the ten-vendor survey represent the broader CEA industry, and the five listed attack classes are genuinely novel rather than extensions of known industrial-control or AI attacks.

What would settle it

Documentation that the same five attack classes already appear in prior literature on ICS or AI control systems, or direct observation that none of the predicted physical impacts have occurred in the 30+ operating facilities despite the identified threats.

Figures

Figures reproduced from arXiv: 2604.13308 by Andrii Vakhnovskyi.

**Figure 1.** Figure 1: Level 0 Data Flow Diagram of the CEA reference architecture showing three tiers (Field, Edge AI, Cloud), seven trust boundaries (TB1–TB7), and [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗

read the original abstract

The United States designates Food and Agriculture as one of sixteen critical infrastructure sectors, yet no mandatory cybersecurity requirements exist for agricultural operations and no formal threat model has been published for Controlled Environment Agriculture (CEA) systems. This paper presents the first comprehensive threat model for IoT-enabled CEA, applying STRIDE analysis, MITRE ATT&CK for ICS mapping, and IEC 62443 zone-and-conduit decomposition to a production platform deployed across 30+ commercial facilities in 8 U.S. climate zones. We enumerate 123 unique threats across 25 data-flow-diagram elements spanning 15 communication protocols, 10 of which operate with zero authentication or encryption by design. We identify five novel attack classes unique to AI-driven CEA: stealth destabilization of neural-network-tuned PID controllers, baseline drift poisoning of anomaly detectors, cross-facility propagation via federated transfer learning, adversarial agronomic schedules that exploit crop biology rather than computational models, and reward poisoning of reinforcement-learning energy optimizers. Physical impact analysis quantifies crop loss timelines from minutes (aeroponics) to days, including worker safety hazards from CO2 injection manipulation. A survey of 10 commercial CEA vendors reveals only one CVE ever issued, zero bug bounty programs, and zero IEC 62443 certifications. We propose a defense-in-depth countermeasure framework and recommend Security Level 2 as a minimum baseline.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper applies standard frameworks to map threats in IoT-enabled CEA on one deployed system and flags real gaps in vendor practices, but its claims of being the first comprehensive model and naming five novel attack classes rest on sampling that is too narrow to carry those assertions.

read the letter

The main point for you is that this work takes familiar tools—STRIDE, MITRE ATT&CK for ICS, and IEC 62443 zone-and-conduit modeling—and runs them on a production CEA platform across 30+ facilities. It produces a concrete count of 123 threats, notes that ten of the fifteen protocols lack authentication or encryption, and links some risks to the AI controllers and crop biology. The ten-vendor survey showing almost no CVEs, bug bounties, or certifications is a straightforward signal of low security maturity in the sector. The section on physical impacts, such as crop loss timelines from minutes to days, gives the analysis a practical edge that pure abstract modeling often misses. These pieces together make the paper a usable first cut at documenting the attack surface in an under-modeled critical infrastructure area. The proposed defense-in-depth framework and Security Level 2 recommendation are direct enough to be tested by operators. The soft spot is the jump to “first comprehensive” and “five novel attack classes.” The analysis sits on a single platform plus a small survey, with no systematic side-by-side check against prior ICS or AI-control literature to show the five classes (stealth NN-PID destabilization, baseline drift poisoning, federated transfer, adversarial agronomic schedules, RL reward poisoning) have no meaningful precedents. If other CEA architectures differ in sensor fusion or multi-vendor setups, both the threat count and the novelty label become harder to generalize. Readers working on IoT security for agriculture or critical infrastructure will get the most from the concrete mappings and the vendor data. It is not a theoretical advance, but the applied enumeration is honest about its sources. The paper deserves a serious referee to pressure-test the scope of the claims and to push for clearer literature grounding. I would send it to review rather than desk reject.

Referee Report

3 major / 2 minor

Summary. The paper claims to deliver the first comprehensive threat model for IoT-enabled Controlled Environment Agriculture (CEA) systems. It applies STRIDE analysis, MITRE ATT&CK for ICS mapping, and IEC 62443 zone-and-conduit decomposition to a production platform deployed across 30+ commercial facilities in 8 U.S. climate zones. The work enumerates 123 unique threats across 25 data-flow-diagram elements and 15 protocols (10 with zero authentication or encryption), identifies five novel attack classes unique to AI-driven CEA (stealth destabilization of neural-network-tuned PID controllers, baseline drift poisoning, cross-facility federated transfer, adversarial agronomic schedules, and reward poisoning of RL optimizers), quantifies physical impacts including crop-loss timelines and worker-safety hazards, reports a survey of 10 vendors showing minimal security maturity (one CVE, zero bug bounties, zero IEC 62443 certifications), and proposes a defense-in-depth framework recommending Security Level 2 as baseline.

Significance. If the representativeness and novelty claims hold, the paper would fill a documented gap in cybersecurity for the Food and Agriculture critical-infrastructure sector, where no mandatory requirements or prior formal threat models exist. The grounding in a real multi-facility production platform, the explicit mapping to physical consequences (minutes-to-days crop loss), and the vendor survey that exposes industry-wide deficiencies are concrete strengths. The proposed countermeasure framework could serve as a practical starting point for standards development.

major comments (3)

[Abstract] Abstract: the assertion that the five listed attack classes are 'unique to AI-driven CEA' and have 'no meaningful precedents' is load-bearing for the central contribution, yet the manuscript provides no systematic comparison against existing ICS, AI-control, or adversarial-ML literature to substantiate that these classes (e.g., stealth destabilization of NN-tuned PID controllers or reward poisoning of RL optimizers) are not extensions of known attacks.
[Abstract] Abstract: the claim of presenting the 'first comprehensive threat model' and enumerating '123 unique threats' rests on the assumption that the single production platform (30+ facilities, 25 DFD elements, 15 protocols) plus the 10-vendor survey generalizes to the broader CEA industry; no evidence of architectural variations across other vendors or systematic sampling justification is supplied, rendering both the threat count and novelty classification non-generalizable without further validation.
[Abstract] The physical-impact analysis and vendor-survey results are presented without raw data, threat lists, or verification steps, preventing independent assessment of completeness or the accuracy of the reported counts (e.g., 'only one CVE ever issued').

minor comments (2)

[Abstract] The abstract is information-dense; a bulleted list of contributions would improve readability.
Consider adding a table that cross-references the 123 threats to STRIDE categories, MITRE techniques, and IEC 62443 zones for easier navigation.

Simulated Author's Rebuttal

3 responses · 0 unresolved

Thank you for the opportunity to respond to the referee's comments. We have carefully considered each point and outline our responses below, along with planned revisions to the manuscript.

read point-by-point responses

Referee: [Abstract] Abstract: the assertion that the five listed attack classes are 'unique to AI-driven CEA' and have 'no meaningful precedents' is load-bearing for the central contribution, yet the manuscript provides no systematic comparison against existing ICS, AI-control, or adversarial-ML literature to substantiate that these classes (e.g., stealth destabilization of NN-tuned PID controllers or reward poisoning of RL optimizers) are not extensions of known attacks.

Authors: We agree that a more explicit comparison would strengthen the novelty claims. Our identification of these attack classes stems from the unique intersection of AI-driven control in CEA with physical crop processes and multi-site deployments, which we did not find directly addressed in prior literature. To address this, we will revise the manuscript to include a new subsection under 'Novel Attack Classes' that systematically maps each of the five classes to related work in adversarial machine learning (e.g., data poisoning in RL), ICS control system attacks (e.g., on PID controllers), and AI security in other domains. This will highlight the distinguishing features, such as the exploitation of agronomic schedules and cross-facility transfer in CEA contexts. We believe this will substantiate the claims without altering the core contribution. revision: partial
Referee: [Abstract] Abstract: the claim of presenting the 'first comprehensive threat model' and enumerating '123 unique threats' rests on the assumption that the single production platform (30+ facilities, 25 DFD elements, 15 protocols) plus the 10-vendor survey generalizes to the broader CEA industry; no evidence of architectural variations across other vendors or systematic sampling justification is supplied, rendering both the threat count and novelty classification non-generalizable without further validation.

Authors: The analysis is grounded in a real-world production platform spanning 30+ facilities across 8 U.S. climate zones, which we consider representative of modern IoT-enabled CEA systems. The 10-vendor survey further supports the prevalence of the identified vulnerabilities. However, we acknowledge the lack of explicit discussion on architectural variations. In the revised manuscript, we will add a 'Limitations and Generalizability' section that discusses potential differences in other CEA implementations (e.g., variations in sensor networks or AI integration levels) based on our vendor survey insights and publicly available data. We will also qualify the 'first comprehensive' claim to specify it as the first for this type of deployed IoT-CEA architecture, while maintaining that the threat enumeration is comprehensive for the analyzed system. revision: partial
Referee: [Abstract] The physical-impact analysis and vendor-survey results are presented without raw data, threat lists, or verification steps, preventing independent assessment of completeness or the accuracy of the reported counts (e.g., 'only one CVE ever issued').

Authors: We will include the complete list of 123 threats, categorized by STRIDE and mapped to the 25 DFD elements, as an appendix in the revised manuscript to enable independent verification. For the physical-impact analysis, we will add a table detailing the crop-loss timelines and safety hazards with references to the underlying agronomic data sources. Regarding the vendor survey, we will expand the methodology section to describe the selection criteria for the 10 vendors, the public data sources used for CVE searches (e.g., NIST NVD), and verification steps. Due to non-disclosure agreements, individual vendor responses cannot be released, but we will provide aggregated statistics and confirm that the 'one CVE' count was verified through exhaustive searches as of the paper's submission date. revision: yes

Circularity Check

0 steps flagged

No circularity; standard threat-modeling enumeration using external frameworks

full rationale

The manuscript applies established external standards (STRIDE, MITRE ATT&CK for ICS, IEC 62443 zone-and-conduit) to a single production platform and 10-vendor survey, enumerating threats and classifying five attack classes as novel. No equations, fitted parameters, predictions, or self-referential derivations exist. Claims of 'first comprehensive' and 'novel' rest on the scope of the performed analysis and implicit comparison to prior ICS/AI literature via the cited frameworks, without reducing to self-definition, self-citation load-bearing, or renaming of known results. The work is self-contained as a domain-mapping exercise.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No mathematical derivations, fitted parameters, or new physical entities; the paper rests on standard security analysis frameworks applied to a new domain.

pith-pipeline@v0.9.0 · 5546 in / 1081 out tokens · 25086 ms · 2026-05-10T14:28:55.219566+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

49 extracted references · 4 canonical work pages · 1 internal anchor

[1]

Controlled environment agriculture market size, share & trends analysis report,

Research Nester, “Controlled environment agriculture market size, share & trends analysis report,” 2025. [Online]. Available: https://www.researchnester.com/reports/controlled-environment- agriculture-market/6650

2025
[2]

IOGRUCloud: A Scalable AI-Driven IoT Platform for Climate Control in Controlled Environment Agriculture

A. Vakhnovskyi, “IOGRUCloud: A scalable AI-driven IoT platform for climate control in controlled environment agriculture,”arXiv preprint arXiv:2604.07586, 2026

work page internal anchor Pith review Pith/arXiv arXiv 2026
[3]

Food and agriculture sector,

Cybersecurity and Infrastructure Security Agency, “Food and agriculture sector,” 2024. [Online]. Available: https://www.cisa.gov/topics/critical- infrastructure-security-and-resilience/critical-infrastructure-sectors/food- and-agriculture-sector

2024
[4]

Ransomware attacks on agricultural cooperatives potentially timed to critical seasons,

Federal Bureau of Investigation, “Ransomware attacks on agricultural cooperatives potentially timed to critical seasons,” Private Industry Notification, Apr. 2022

2022
[5]

Ransomware attacks targeting agriculture and food production doubled in 2025,

Halcyon, “Ransomware attacks targeting agriculture and food production doubled in 2025,” Halcyon Blog, 2025

2025
[6]

JBS paid $11 million to resolve ransomware attack,

B. Fung, “JBS paid $11 million to resolve ransomware attack,”CNN Business, Jun. 2021. [Online]. Available: https://www.cnn.com/2021/06/09/business/jbs-cyberattack-ransom- paid/

2021
[7]

BlackMatter ransomware hits Iowa grain coopera- tive NEW Cooperative,

J. Greig, “BlackMatter ransomware hits Iowa grain coopera- tive NEW Cooperative,”ZDNet, Sep. 2021. [Online]. Avail- able: https://www.zdnet.com/article/blackmatter-ransomware-hits-iowa- grain-cooperative/

2021
[8]

STIIIZY data breach exposes cannabis buyers’ IDs and purchases,

L. Abrams, “STIIIZY data breach exposes cannabis buyers’ IDs and purchases,”BleepingComputer, Jan. 2025. [Online]. Available: https://www.bleepingcomputer.com/news/security/stiiizy-data-breach/

2025
[9]

Threat modelling of cyber- physical systems — a case study of a microgrid system,

M. Jbair, B. Ahmad, and R. Harrison, “Threat modelling of cyber- physical systems — a case study of a microgrid system,”Computers & Security, vol. 124, 2023

2023
[10]

A systematic review of TARA methodologies for connected and automated vehicles,

R. Moreira, E. Cust ´odio, and A. Pinto, “A systematic review of TARA methodologies for connected and automated vehicles,”IEEE Access, vol. 12, pp. 42560–42583, 2024

2024
[11]

STRIDE-based threat modeling and risk assessment framework for IoT-enabled smart healthcare sys- tems,

M. Z. Hasan, R. Hasan, and S. Islam, “STRIDE-based threat modeling and risk assessment framework for IoT-enabled smart healthcare sys- tems,”Sensors, vol. 25, no. 3, 2025

2025
[12]

On building automation system security,

R. Kaur, D. Gabrijelcic, and T. Peceny, “On building automation system security,”Internet of Things, vol. 25, p. 101063, Elsevier, 2024

2024
[13]

STRIDE-based cy- ber security threat modeling for IoT-enabled precision agricul- ture systems,

H. Fereidooni, A. Taheri, and A.-R. Sadeghi, “STRIDE-based cy- ber security threat modeling for IoT-enabled precision agricul- ture systems,” inProc. IEEE CCNC, 2022, pp. 955–960. DOI: 10.1109/CCNC49032.2022.9732597

work page doi:10.1109/ccnc49032.2022.9732597 2022
[14]

A study on threat modeling in smart greenhouses,

N. Tripathi, N. Hubballi, and Y . Singh, “A study on threat modeling in smart greenhouses,”J. Inform. Security Cybercrimes Res., 2021

2021
[15]

Shostack,Threat Modeling: Designing for Security

A. Shostack,Threat Modeling: Designing for Security. Wiley, 2014

2014
[16]

ATT&CK for Industrial Control Systems,

MITRE, “ATT&CK for Industrial Control Systems,” 2020. [Online]. Available: https://attack.mitre.org/matrices/ics/

2020
[17]

Industrial automation and control systems security,

ISA/IEC 62443, “Industrial automation and control systems security,” International Society of Automation, 2013–2024

2013
[18]

Howard and D

M. Howard and D. LeBlanc,Writing Secure Code, 2nd ed. Microsoft Press, 2002

2002
[19]

Threat modeling — a systematic litera- ture review,

W. Xiong and R. Lagerstr ¨om, “Threat modeling — a systematic litera- ture review,”Computers & Security, vol. 84, pp. 53–69, 2019

2019
[20]

Threat modeling: A summary of available methods,

N. Shevchenkoet al., “Threat modeling: A summary of available methods,” SEI CMU, Tech. Rep., 2018

2018
[21]

Publish your threat models!

D. Kohnfelder and A. Shostack, “Publish your threat models!”arXiv preprint arXiv:2511.08295, 2025

work page arXiv 2025
[22]

Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,

M. A. Ferraget al., “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,”J. Inform. Security Appl., 2020

2020
[23]

A review on security of smart farming and precision agriculture,

M. Guptaet al., “A review on security of smart farming and precision agriculture,”Applied Sciences, vol. 11, no. 16, 2021

2021
[24]

Cyber security in smart agriculture: Threat types, current status, and future trends,

A. Alahmadi, N. Alkhatib, and M. Alardhi, “Cyber security in smart agriculture: Threat types, current status, and future trends,”Computers and Electronics in Agriculture, vol. 224, p. 109202, 2024

2024
[25]

Cybersecurity in smart agricul- ture: A systematic literature review,

M. Hossain, Y . Sani, and S. Kashem, “Cybersecurity in smart agricul- ture: A systematic literature review,”Computers & Security, vol. 146, p. 104051, 2024

2024
[26]

A review of cybersecurity incidents in the food and agriculture sector,

S. Kulkarniet al., “A review of cybersecurity incidents in the food and agriculture sector,”Smart Agricultural Technology, 2025. arXiv:2403.08036

work page arXiv 2025
[27]

Cyberbiosecurity: An emerging new discipline to help safeguard the bioeconomy,

R. S. Murchet al., “Cyberbiosecurity: An emerging new discipline to help safeguard the bioeconomy,”Frontiers in Bioengineering and Biotechnology, 2018

2018
[28]

Cyberbiosecurity: A new perspective on protecting U.S. food and agricultural system,

S. E. Duncanet al., “Cyberbiosecurity: A new perspective on protecting U.S. food and agricultural system,”Frontiers in Bioengineering and Biotechnology, vol. 7, p. 63, 2019

2019
[29]

Threat modeling of industrial control systems: A systematic literature review,

A. Humayed, J. Lin, F. Li, and B. Luo, “Threat modeling of industrial control systems: A systematic literature review,”Computers & Security, vol. 137, p. 103617, 2024

2024
[30]

72 active threat actors targeting food supply chains,

Food and Ag-ISAC, “72 active threat actors targeting food supply chains,”Industrial Cyber, 2025

2025
[31]

Agriculture in the crosshairs of nation-state sponsored hackers,

Hunt & Hackett, “Agriculture in the crosshairs of nation-state sponsored hackers,” 2024

2024
[32]

Stuxnet: Dissecting a cyberwarfare weapon,

R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,”IEEE Security & Privacy, vol. 9, no. 3, pp. 49–51, 2011

2011
[33]

Manipulating machine learning: Poisoning attacks and countermeasures for regression learning,

M. Jagielski, A. Oprea, B. Biggio, C. Liu, C. Nita-Rotaru, and B. Li, “Manipulating machine learning: Poisoning attacks and countermeasures for regression learning,” inProc. IEEE S&P, 2018

2018
[34]

Constrained concealment attacks against reconstruction- based anomaly detectors in industrial control systems,

A. Erbaet al., “Constrained concealment attacks against reconstruction- based anomaly detectors in industrial control systems,” inProc. ACSAC, 2020. PREPRINT 11

2020
[35]

How to backdoor federated learning,

E. Bagdasaryan, A. Veit, Y . Hua, D. Estrin, and V . Shmatikov, “How to backdoor federated learning,” inProc. AISTATS, 2020

2020
[36]

Clean-label backdoor attacks,

A. Turner, D. Tsipras, and A. Madry, “Clean-label backdoor attacks,” inICLR Workshop, 2019

2019
[37]

Policy poisoning in batch reinforcement learning and control,

Y . Ma, X. Zhang, W. Sun, and J. Zhu, “Policy poisoning in batch reinforcement learning and control,” inProc. NeurIPS, 2019

2019
[38]

Machine learning with adversaries: Byzantine tolerant gradient descent,

P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Machine learning with adversaries: Byzantine tolerant gradient descent,” inProc. NeurIPS, 2017

2017
[39]

FLTrust: Byzantine-robust federated learning via trust bootstrapping,

X. Caoet al., “FLTrust: Byzantine-robust federated learning via trust bootstrapping,” inProc. NDSS, 2021

2021
[40]

Guide to operational technology (OT) security,

NIST, “Guide to operational technology (OT) security,” NIST SP 800-82 Rev. 3, Sep. 2023

2023
[41]

IoT Top 10,

OW ASP, “IoT Top 10,” 2018. [Online]. Available: https://owasp.org/www-project-internet-of-things/

2018
[42]

Priva TopControl Suite,

CISA, “Priva TopControl Suite,” ICSA-22-356-01, Dec. 2022. CVE- 2022-3010, CVSS 7.5

2022
[43]

TRITON: How it disrupted safety systems and changed the threat landscape of industrial control systems forever,

A. Di Pinto, Y . Dragoni, and A. Carcano, “TRITON: How it disrupted safety systems and changed the threat landscape of industrial control systems forever,” inProc. Black Hat USA, 2018

2018
[44]

Analysis of the cyber attack on the Ukrainian power grid,

R. M. Lee, M. J. Assante, and T. Conway, “Analysis of the cyber attack on the Ukrainian power grid,” Electricity Information Sharing and Analysis Center (E-ISAC) and SANS ICS, Mar. 2016

2016
[45]

Honeywell/Tridium Niagara Framework multiple vulnerabili- ties,

CISA, “Honeywell/Tridium Niagara Framework multiple vulnerabili- ties,” ICS-CERT Advisories, 2025. [13 CVEs disclosed in 2025 affecting Niagara 4 Framework versions prior to 4.14.]

2025
[46]

Contemporary Controls BAScontrol BASC-20T unauthenticated remote code execution,

CISA, “Contemporary Controls BAScontrol BASC-20T unauthenticated remote code execution,” ICS-CERT Advisory, CVE-2025-13926, 2025

2025
[47]

Chinese citizen sentenced on charges of conspiring to steal trade secrets,

U.S. Department of Justice, “Chinese citizen sentenced on charges of conspiring to steal trade secrets,” Press Release, Oct. 2016. [Online]. Available: https://www.justice.gov/opa/pr/chinese-citizen-sentenced- charges-conspiring-steal-trade-secrets

2016
[48]

Former Monsanto scientist sentenced for stealing trade secrets,

U.S. Department of Justice, “Former Monsanto scientist sentenced for stealing trade secrets,” Press Release, Nov. 2017

2017
[49]

Indoor farming’s reckoning: AeroFarms, AppHarvest, and the vertical farming shakeout,

H. Pham, “Indoor farming’s reckoning: AeroFarms, AppHarvest, and the vertical farming shakeout,”AgFunderNews, 2023. [Online]. Available: https://agfundernews.com/indoor-farming-shakeout Andrii Vakhnovskyireceived the B.S. degree in computer engineering and the M.S. degree in systems engineering from the National Technical University “Kharkiv Polytechnic I...

2023