Sponsors (10)
The bill strengthens coordination, monitoring, and practical resilience measures for the food and agriculture sector—improving preparedness and guidance for businesses and governments—but does so in ways that could impose new compliance, privacy, and fiscal costs, especially for small farms and businesses.
State, local, Tribal, territorial, federal governments and private food-sector stakeholders will get regular, coordinated assessments, reports, and annual exercises that improve preparedness, reveal supply-chain and infrastructure gaps, and guide response planning for cyber and other disruptions to the food system.
Farmers, food processors, distributors, and small food businesses will receive practical recommendations and best practices to reduce vulnerabilities and improve resilience against disruptions, helping protect supply chains and food availability.
The bill defines the agriculture and food critical infrastructure sector and designates the Food and Agriculture ISAC as the sector-specific ISAC, creating clearer protection scope and a single information-sharing channel for sector threats.
Many small farms, processors, retailers, and related businesses could face new regulatory expectations or reporting obligations under a broad sector definition without dedicated funding to help them comply.
Adopting DHS cybersecurity definitions and expanding formal information-sharing pathways may increase federal authority and information flows about private operations, raising privacy and operational concerns for businesses and consumers.
Concentrating a central role with the Secretary of Agriculture could limit state and local input in incident responses and decision-making unless governance and consultation are balanced.
Based on analysis of 4 sections of legislative text.
USDA must run biennial cybersecurity risk assessments for the food and agriculture sector and lead annual cross-sector food emergency exercises for five years, with reporting and $1M/yr authorized.
Introduced February 26, 2025 by Thomas Bryant Cotton · Last progress February 26, 2025
Requires the Secretary of Agriculture, working with CISA and other federal partners, to run a biennial cybersecurity risk assessment for the agriculture and food critical infrastructure sector and to lead annual, multi‑sector crisis simulation exercises about food-related emergencies for five years. The law requires consultation with the sector-specific ISAC and sector coordinating councils, reporting of findings and recommendations to Congress, and authorizes $1,000,000 per year for FY2026–FY2030 to support the exercises. The assessments must identify cyber threats, vulnerabilities, impacts to food safety/availability and national/public health and economic security, existing policies and gaps, readiness across government and private sector, and recommended federal actions. The exercises must be realistic, include federal, state, tribal, local, territorial, and private participants, evaluate preparedness and supply-chain gaps, produce participant feedback, and yield a public report of lessons learned and recommendations.