Sponsors (7)
The bill strengthens coordination, visibility, exercises, and information-sharing to bolster cybersecurity and resilience across the food and agriculture sector, but it creates new compliance, participation, confidentiality, and funding strains—especially for small operators—that could limit effectiveness unless addressed.
Farmers, processors, small food businesses, and state/local governments get a clear, consistent legal definition of the agriculture and food critical infrastructure sector and an explicit designation of the Food and Agriculture ISAC, improving eligibility for sector programs and speeding trusted cyber threat information-sharing.
Federal, state, tribal, local, and private-sector participants will have better visibility into cyber risks through mandated assessments and reporting, enabling targeted mitigation planning to reduce disruptions to food availability and safety.
Annual, realistic exercises with post-exercise feedback will improve preparedness, coordination, and response capabilities across government and industry for food-supply cyber incidents.
Small farmers and food-sector small businesses could face new reporting, compliance, or participation burdens from the broader sector definition and assessment/exercise requirements without commensurate funding or support.
The authorized $1M/year may be insufficient to run large, multi-jurisdictional full-scale exercises, limiting the practical effectiveness of preparedness efforts.
Private-sector participants (including utilities and financial firms) may incur substantial time and staffing costs to take part in frequent assessments and annual exercises without federal cost-sharing.
Based on analysis of 4 sections of legislative text.
Requires USDA to run biennial cyber risk assessments for the agriculture and food sector and annual cross-sector food emergency cyber exercises for five years, with reports to Congress and $1M/year authorized for FY2026–2030.
Introduced February 26, 2025 by Brad Finstad · Last progress February 26, 2025
Requires the Department of Agriculture to run regular cybersecurity risk work for the farm and food sector: a biennial risk assessment of cyber threats and vulnerabilities, and annual cross-sector emergency simulation exercises for five years. Reports on findings and recommendations must be sent to Congress, the private sector must be consulted, and $1,000,000 per year is authorized for FY2026–2030 to support the exercises.