Sponsors (7)
Introduced February 26, 2025 by Brad Finstad · Last progress February 26, 2025
The bill centralizes and funds coordinated cybersecurity assessment, information‑sharing, and exercises to strengthen food‑system resilience—benefiting producers, governments, and consumers—but it also raises compliance costs, privacy/exposure risks, and administrative burdens that fall disproportionately on small farms, local agencies, and taxpayers.
Farmers, processors, distributors, state and local governments, and private food-sector partners get clearer, centralized coordination (Secretary of Agriculture as lead, designation of a Food and Agriculture ISAC, and required sector consultations) that speeds and harmonizes responses to cyber incidents affecting the food supply.
Farmers, food producers, and consumers benefit from improved detection, information-sharing, and recommended defenses (ISAC designation, regular assessments, and exercise feedback) that reduce cyber risks to food safety and availability.
State, Tribal, local, and private partners receive actionable identification of supply-chain and infrastructure gaps so agencies and businesses can prioritize fixes to reduce future food shortages and resilience failures.
Small farms and food businesses face increased compliance and administrative costs from broader statutory definitions, required assessments/consultations, and potential new federal standards.
Farm operators, service providers, and critical infrastructure owners risk privacy, operational exposure, or reputational harm because adoption of DHS-style definitions, reporting frameworks, and public exercise reports could surface sensitive business or infrastructure vulnerabilities.
Relying on a single federal lead and federally driven annual exercises could centralize decision-making and create bottlenecks or impose coordination burdens on State, Tribal, local, and territorial agencies during wide incidents or evaluations.
Based on analysis of 4 sections of legislative text.
Directs USDA to run biennial cybersecurity risk assessments for the agriculture and food sector and lead annual cross-sector food emergency exercises, with $1M/year authorized FY2026–2030.
Requires the Department of Agriculture to run regular cybersecurity risk assessments for the agriculture and food critical infrastructure sector and to lead annual, multi-agency food emergency simulation exercises for five years. The bill sets definitions, requires private-sector consultation (including the Food and Agriculture ISAC), mandates reports to Congress, and authorizes $1,000,000 per year for FY2026–FY2030 to support the exercises. The risk assessments must be done every two years and cover threats, incidents, impacts on food safety and availability, readiness of public and private entities, existing policies, gaps, and recommendations. The exercises must be cross-sector, include diverse methods and experts, produce participant feedback, and yield a Congress-facing report of findings and recommendations.