Farm and Food Cybersecurity Act of 2025

AI Summary

No AI Summary Available

Click the button above to generate an AI-powered summary of this bill using Claude.

The summary will analyze the bill's key provisions, impact, and implementation details.

Latest Action

Mar 28, 2025

Referred to the Subcommittee on Nutrition and Foreign Agriculture.

Summaries (1)

Introduced in House - Feb 26, 2025 00

Farm and Food Cybersecurity Act of 2025This bill directs the Department of Agriculture (USDA) to (1) assess cybersecurity threats in the agriculture and food critical infrastructure sector, and (2) conduct annual crisis simulation exercises for food-related emergencies or disruptions. The agriculture and food critical infrastructure sector includes (1) any activity relating to the production, processing, distribution, storage, transportation, consumption, or disposal of agricultural or food products; and (2) any entity involved in any of these activities.Specifically, USDA must conduct a risk assessment every two years on the cybersecurity threats to, and security vulnerabilities in, this sector. The risk assessment must include any recommendations for federal legislative or administrative actions to address related threats and vulnerabilities.USDA must also conduct an annual simulation exercise relating to a food-related emergency or disruption in coordination with the Department of Homeland Security (DHS), the Department of Health and Human Services (HHS), and the Office of the Director of National Intelligence (ODNI).Among other things, the exercise must (1) involve a realistic and plausible scenario that simulates a food-related emergency or disruption that affects multiple sectors and jurisdictions, and (2) incorporate input from experts and stakeholders from various disciplines and sectors (e.g., agriculture, public health, emergency management, transportation, and energy). USDA, in consultation with DHS, HHS, and ODNI, must submit a report to Congress on each simulation exercise, including recommendations to enhance the cybersecurity and resilience of the agriculture and food critical infrastructure sector.

Actions (4)

Referred to the Subcommittee on Nutrition and Foreign Agriculture.

Type: Committee | Source: House committee actions | Code: H11000

Mar 28, 2025

Referred to the House Committee on Agriculture.

Type: IntroReferral | Source: House floor actions | Code: H11100

Feb 26, 2025

Introduced in House

Type: IntroReferral | Source: Library of Congress | Code: Intro-H

Feb 26, 2025

Introduced in House

Type: IntroReferral | Source: Library of Congress | Code: 1000

Feb 26, 2025

Subjects (1)

Agriculture and Food (Policy Area)

Cosponsors (4)

Rep. Vindman, Eugene Simon [D-VA-7]

(D-VA)
Jul 17, 2025

Rep. Bacon, Don [R-NE-2]

(R-NE)
Feb 26, 2025

Rep. Davids, Sharice [D-KS-3]

(D-KS)
Feb 26, 2025

Rep. Tokuda, Jill N. [D-HI-2]

(D-HI)
Feb 26, 2025

Text Versions (1)

Introduced in House

Feb 26, 2025

PDF ↗ XML ↗

Full Bill Text

Length: 8,875 characters Version: Introduced in House Version Date: Feb 26, 2025 Last Updated: Nov 15, 2025 2:11 AM

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1604 Introduced in House

(IH) ]

<DOC>

119th CONGRESS
1st Session
H. R. 1604

To direct the Secretary of Agriculture to periodically assess
cybersecurity threats to, and vulnerabilities in, the agriculture and
food critical infrastructure sector and to provide recommendations to
enhance their security and resilience, to require the Secretary of
Agriculture to conduct an annual cross-sector simulation exercise
relating to a food-related emergency or disruption, and for other
purposes.

_______________________________________________________________________

IN THE HOUSE OF REPRESENTATIVES

February 26, 2025

Mr. Finstad (for himself, Ms. Tokuda, Mr. Bacon, and Ms. Davids of
Kansas) introduced the following bill; which was referred to the
Committee on Agriculture

_______________________________________________________________________

A BILL

To direct the Secretary of Agriculture to periodically assess
cybersecurity threats to, and vulnerabilities in, the agriculture and
food critical infrastructure sector and to provide recommendations to
enhance their security and resilience, to require the Secretary of
Agriculture to conduct an annual cross-sector simulation exercise
relating to a food-related emergency or disruption, and for other
purposes.

Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,

SECTION 1.

This Act may be cited as the ``Farm and Food Cybersecurity Act of
2025''.

SEC. 2.

In this Act:

(1) Agriculture and food critical infrastructure sector.--
The term ``agriculture and food critical infrastructure
sector'' means--
(A) any activity relating to the production,
processing, distribution, storage, transportation,
consumption, or disposal of agricultural or food
products; and
(B) any entity involved in an activity described in
subparagraph
(A) , including a farmer, rancher,
processor, manufacturer, distributor, retailer,
consumer, and regulator.

(2) Cybersecurity threat; defensive measure; incident;
security vulnerability.--The terms ``cybersecurity threat'',
``defensive measure'', ``incident'', and ``security
vulnerability'' have the meanings given those terms in

section 2200 of the Homeland Security Act of 2002 (6 U.

(3) Secretary.--The term ``Secretary'' means the Secretary
of Agriculture.

(4) Sector-specific isac.--The term ``sector-specific
ISAC'' means the Food and Agriculture-Information Sharing and
Analysis Center.

SEC. 3.

VULNERABILITIES IN THE AGRICULTURE AND FOOD CRITICAL
INFRASTRUCTURE SECTOR.

(a) Risk Assessment.--The Secretary shall conduct a risk
assessment, on a biennial basis, on the cybersecurity threats to, and
security vulnerabilities in, the agriculture and food critical
infrastructure sector, including--

(1) the nature and extent of cyberattacks and incidents
that affect the agriculture and food critical infrastructure
sector;

(2) the potential impacts of a cyberattack or incident on
the safety, security, and availability of food products, as
well as on the economy, public health, and national security of
the United States;

(3) the current capability and readiness of the Federal
Government, State and local governments, and private sector
entities to prevent, detect, mitigate, respond to, and recover
from cyberattacks and incidents described in paragraph

(2) ;

(4) the existing policies, standards, guidelines, best
practices, and initiatives applicable to the agriculture and
food critical infrastructure sector to enhance defensive
measures in that sector;

(5) the gaps, challenges, barriers, or opportunities for
improving defensive measures in the agriculture and food
critical infrastructure sector; and

(6) any recommendations for Federal legislative or
administrative actions to address the cybersecurity threats to,
and security vulnerabilities in, the agriculture and food
critical infrastructure sector, including intrusive,
duplicative, or conflicting regulatory requirements that may
divert attention and resources from operational risk management
to a compliance regime that impedes actual security efforts.

(b) Private Sector Participation.--In conducting a risk assessment
under subsection

(a) , the Secretary shall consult with appropriate
entities in the private sector, including--

(1) the sector-specific ISAC; and

(2) the appropriate sector coordinating council.
(c) Biennial Report.--Not later than 1 year after the date of
enactment of this Act, and every 2 years thereafter, the Secretary
shall submit a report on each risk assessment conducted under
subsection

(a) to--

(1) the Committee on Agriculture, Nutrition, and Forestry
of the Senate;

(2) the Committee on Homeland Security and Governmental
Affairs of the Senate;

(3) the Committee on Agriculture of the House of
Representatives; and

(4) the Committee on Homeland Security of the House of
Representatives.

SEC. 4.

(a) Establishment.--The Secretary, in coordination with the
Secretary of Homeland Security, the Secretary of Health and Human
Services, the Director of National Intelligence, and the heads of other
relevant Federal agencies, shall conduct, over a 5-year period, an
annual cross-sector crisis simulation exercise relating to a food-
related emergency or disruption (referred to in this section as an
``exercise'').

(b)

=== Purposes === -The purposes of each exercise are-- (1) to assess the preparedness and response capabilities of Federal, State, Tribal, local, and territorial governments and private sector entities in the event of a food-related emergency or disruption; (2) to identify and address gaps and vulnerabilities in the food supply chain and critical infrastructure; (3) to enhance coordination and information sharing among stakeholders involved in food production, processing, distribution, and consumption; (4) to evaluate the effectiveness and efficiency of existing policies, programs, and resources relating to food security and resilience; (5) to develop and disseminate best practices and recommendations for improving food security and resilience; and (6) to identify key stakeholders and categories that were missing from the exercise to ensure the inclusion of those stakeholders and categories in future exercises. (c) Design.--Each exercise shall-- (1) involve a realistic and plausible scenario that simulates a food-related emergency or disruption affecting multiple sectors and jurisdictions; (2) incorporate input from experts and stakeholders from various disciplines and sectors, including agriculture, public health, nutrition, emergency management, transportation, energy, water, communications, related equipment suppliers and manufacturers, and cybersecurity, including related academia and private sector information security researchers and practitioners, including the sector-specific ISAC; (3) use a variety of methods and tools, such as tabletop exercises, workshops, seminars, games, drills, or full-scale exercises; and (4) include participants from Federal, State, Tribal, local, and territorial governments and private sector entities (including the sector-specific ISAC and appropriate sector coordinating councils) that have roles and responsibilities relating to food security and resilience. (d) Private Sector Participation.--In conducting an exercise under subsection (a) , the Secretary shall consult with appropriate entities in the private sector, including-- (1) the sector-specific ISAC; and (2) the appropriate sector coordinating councils. (e) Feedback; Report.--After each exercise, the Secretary, in consultation with the heads of the Federal agencies described in subsection (a) , shall-- (1) provide feedback to, and an evaluation of, the participants in that exercise on their performance and outcomes; and (2) produce, and submit to Congress, a report that summarizes, with respect to that exercise, the findings of that exercise, lessons learned from that exercise, and recommendations to enhance the cybersecurity and resilience of the agriculture and food critical infrastructure sector. (f) Authorization of Appropriations.--There is authorized to be appropriated to carry out this section $1,000,000 for each of fiscal years 2026 through 2030. <all>

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1604 Introduced in House

    (IH) ]

<DOC>

119th CONGRESS
 1st Session
 H. R. 1604

 To direct the Secretary of Agriculture to periodically assess 
 cybersecurity threats to, and vulnerabilities in, the agriculture and 
 food critical infrastructure sector and to provide recommendations to 
 enhance their security and resilience, to require the Secretary of 
 Agriculture to conduct an annual cross-sector simulation exercise 
 relating to a food-related emergency or disruption, and for other 
 purposes.

_______________________________________________________________________

 IN THE HOUSE OF REPRESENTATIVES

 February 26, 2025

 Mr. Finstad (for himself, Ms. Tokuda, Mr. Bacon, and Ms. Davids of 
 Kansas) introduced the following bill; which was referred to the 
 Committee on Agriculture

_______________________________________________________________________

 A BILL

 To direct the Secretary of Agriculture to periodically assess 
 cybersecurity threats to, and vulnerabilities in, the agriculture and 
 food critical infrastructure sector and to provide recommendations to 
 enhance their security and resilience, to require the Secretary of 
 Agriculture to conduct an annual cross-sector simulation exercise 
 relating to a food-related emergency or disruption, and for other 
 purposes.

 Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

 This Act may be cited as the ``Farm and Food Cybersecurity Act of 
2025''.

SEC. 2. DEFINITIONS.

 In this Act:

    (1) Agriculture and food critical infrastructure sector.--
 The term ``agriculture and food critical infrastructure 
 sector'' means--
        (A) any activity relating to the production, 
 processing, distribution, storage, transportation, 
 consumption, or disposal of agricultural or food 
 products; and
        (B) any entity involved in an activity described in 
 subparagraph
        (A) , including a farmer, rancher, 
 processor, manufacturer, distributor, retailer, 
 consumer, and regulator.

    (2) Cybersecurity threat; defensive measure; incident; 
 security vulnerability.--The terms ``cybersecurity threat'', 
 ``defensive measure'', ``incident'', and ``security 
 vulnerability'' have the meanings given those terms in 

section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).

    (3) Secretary.--The term ``Secretary'' means the Secretary 
 of Agriculture.

    (4) Sector-specific isac.--The term ``sector-specific 
 ISAC'' means the Food and Agriculture-Information Sharing and 
 Analysis Center.

SEC. 3. ASSESSMENT OF CYBERSECURITY THREATS AND SECURITY 
 VULNERABILITIES IN THE AGRICULTURE AND FOOD CRITICAL 
 INFRASTRUCTURE SECTOR.

    (a) Risk Assessment.--The Secretary shall conduct a risk 
assessment, on a biennial basis, on the cybersecurity threats to, and 
security vulnerabilities in, the agriculture and food critical 
infrastructure sector, including--

    (1) the nature and extent of cyberattacks and incidents 
 that affect the agriculture and food critical infrastructure 
 sector;

    (2) the potential impacts of a cyberattack or incident on 
 the safety, security, and availability of food products, as 
 well as on the economy, public health, and national security of 
 the United States;

    (3) the current capability and readiness of the Federal 
 Government, State and local governments, and private sector 
 entities to prevent, detect, mitigate, respond to, and recover 
 from cyberattacks and incidents described in paragraph

    (2) ;

    (4) the existing policies, standards, guidelines, best 
 practices, and initiatives applicable to the agriculture and 
 food critical infrastructure sector to enhance defensive 
 measures in that sector;

    (5) the gaps, challenges, barriers, or opportunities for 
 improving defensive measures in the agriculture and food 
 critical infrastructure sector; and

    (6) any recommendations for Federal legislative or 
 administrative actions to address the cybersecurity threats to, 
 and security vulnerabilities in, the agriculture and food 
 critical infrastructure sector, including intrusive, 
 duplicative, or conflicting regulatory requirements that may 
 divert attention and resources from operational risk management 
 to a compliance regime that impedes actual security efforts.

    (b) Private Sector Participation.--In conducting a risk assessment 
under subsection

    (a) , the Secretary shall consult with appropriate 
entities in the private sector, including--

    (1) the sector-specific ISAC; and

    (2) the appropriate sector coordinating council.
            (c) Biennial Report.--Not later than 1 year after the date of 
enactment of this Act, and every 2 years thereafter, the Secretary 
shall submit a report on each risk assessment conducted under 
subsection

    (a) to--

    (1) the Committee on Agriculture, Nutrition, and Forestry 
 of the Senate;

    (2) the Committee on Homeland Security and Governmental 
 Affairs of the Senate;

    (3) the Committee on Agriculture of the House of 
 Representatives; and

    (4) the Committee on Homeland Security of the House of 
 Representatives.

SEC. 4. FOOD SECURITY AND CYBER RESILIENCE SIMULATION EXERCISE.

    (a) Establishment.--The Secretary, in coordination with the 
Secretary of Homeland Security, the Secretary of Health and Human 
Services, the Director of National Intelligence, and the heads of other 
relevant Federal agencies, shall conduct, over a 5-year period, an 
annual cross-sector crisis simulation exercise relating to a food-
related emergency or disruption (referred to in this section as an 
``exercise'').

    (b) 

=== Purposes ===
-The purposes of each exercise are--

    (1) to assess the preparedness and response capabilities of 
 Federal, State, Tribal, local, and territorial governments and 
 private sector entities in the event of a food-related 
 emergency or disruption;

    (2) to identify and address gaps and vulnerabilities in the 
 food supply chain and critical infrastructure;

    (3) to enhance coordination and information sharing among 
 stakeholders involved in food production, processing, 
 distribution, and consumption;

    (4) to evaluate the effectiveness and efficiency of 
 existing policies, programs, and resources relating to food 
 security and resilience;

    (5) to develop and disseminate best practices and 
 recommendations for improving food security and resilience; and

    (6) to identify key stakeholders and categories that were 
 missing from the exercise to ensure the inclusion of those 
 stakeholders and categories in future exercises.
            (c) Design.--Each exercise shall--

    (1) involve a realistic and plausible scenario that 
 simulates a food-related emergency or disruption affecting 
 multiple sectors and jurisdictions;

    (2) incorporate input from experts and stakeholders from 
 various disciplines and sectors, including agriculture, public 
 health, nutrition, emergency management, transportation, 
 energy, water, communications, related equipment suppliers and 
 manufacturers, and cybersecurity, including related academia 
 and private sector information security researchers and 
 practitioners, including the sector-specific ISAC;

    (3) use a variety of methods and tools, such as tabletop 
 exercises, workshops, seminars, games, drills, or full-scale 
 exercises; and

    (4) include participants from Federal, State, Tribal, 
 local, and territorial governments and private sector entities 
 (including the sector-specific ISAC and appropriate sector 
 coordinating councils) that have roles and responsibilities 
 relating to food security and resilience.
            (d) Private Sector Participation.--In conducting an exercise under 
subsection

    (a) , the Secretary shall consult with appropriate entities 
in the private sector, including--

    (1) the sector-specific ISAC; and

    (2) the appropriate sector coordinating councils.

    (e) Feedback; Report.--After each exercise, the Secretary, in 
consultation with the heads of the Federal agencies described in 
subsection

    (a) , shall--

    (1) provide feedback to, and an evaluation of, the 
 participants in that exercise on their performance and 
 outcomes; and

    (2) produce, and submit to Congress, a report that 
 summarizes, with respect to that exercise, the findings of that 
 exercise, lessons learned from that exercise, and 
 recommendations to enhance the cybersecurity and resilience of 
 the agriculture and food critical infrastructure sector.

    (f) Authorization of Appropriations.--There is authorized to be 
appropriated to carry out this section $1,000,000 for each of fiscal 
years 2026 through 2030.
 <all>

View original source ↗

119-hr1604