Sponsors (6)
This is not an official government website.
Copyright © 2026 PLEJ LC. All rights reserved.
Requires the Department of Agriculture to run repeated cybersecurity risk assessments of the agriculture and food sector and to lead annual, cross‑sector simulation exercises about food‑system disruptions. Reports on findings and recommendations must be sent to Congress on a regular schedule and limited funding is authorized to support the exercises for 2026–2030.
The bill strengthens sector-wide cyber information sharing, assessments, and preparedness—improving resilience and policymaker insight—but increases reporting and participation burdens, raises confidentiality and compliance-cost risks for small food-sector actors, and may be underfunded to fully deliver on its aims.
Farmers, processors, small food businesses, and rural communities will receive faster, sector-wide threat warnings and improved cross-sector coordination because the bill designates the Food and Agriculture ISAC and requires multi-jurisdictional exercises and information sharing.
Policymakers at the federal, state, and local levels will get regular, evidence-based assessments and annual reports so they can identify vulnerabilities, reduce duplication, and pursue targeted legislative or administrative fixes.
Consumers and communities (especially in rural areas) will likely experience improved food safety, security, and availability because assessments and exercises require evaluating and recommending mitigations for impacts on food safety and supply continuity.
Small farms, processors, small retailers, and other small food businesses may face new or higher compliance costs because the bill's broad, inclusive definitions and potential federal recommendations could expand regulatory obligations.
Small private-sector actors and farms could be diverted from immediate operational or cybersecurity work because participating in assessments, consultations, and annual exercises will impose additional reporting and time burdens.
Private companies, utilities, and small businesses risk exposure of proprietary or sensitive vulnerability information because centralized ISAC information sharing, reporting, and exercises may not fully safeguard confidentiality.
Introduced February 26, 2025 by Brad Finstad · Last progress February 26, 2025