Farm and Food Cybersecurity Act of 2025

This bill aims to protect the nation’s food and farm system from cyberattacks. It makes the Department of Agriculture (USDA) check cyber risks in the food and agriculture sector every two years and share recommendations to fix weak spots. It also requires a yearly practice drill, for five years, to test how government and industry would handle a food emergency or disruption. These drills are run with Homeland Security, Health and Human Services, and the intelligence community, and each one is followed by feedback and a report on lessons learned and how to improve security and resilience .

USDA must work with private partners, including the Food and Agriculture Information Sharing and Analysis Center (ISAC), and report to Congress on both the risk checks and the drills . The bill also authorizes $1,000,000 per year for fiscal years 2026–2030 to run the exercises.

• Who is affected: The entire food system, including farming, processing, distribution, storage, transport, sales, and disposal, plus the companies and workers involved in these steps, and federal, state, local, Tribal, and territorial agencies that help keep food safe and available .
• What changes:
  • A cyber risk check every two years with recommendations to close gaps, done with input from private sector groups like the ISAC and sector councils.
  • A yearly, cross-sector practice drill with many partners, realistic scenarios, and a public report of findings and fixes after each exercise .
• When: First risk report due within one year of enactment, then every two years; drills happen annually for five years; funding covers fiscal years 2026–2030 .