Farm and Food Cybersecurity Act of 2025
- Bill Number
- S. 754
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 1
- Policy Area
- Agriculture and Food
- Status
- Introduced
- Latest Action
- 2025-02-26: Read twice and referred to the Committee on Agriculture, Nutrition, and Forestry.
- Last Updated
- 2026-04-23T11:03:25Z
AI-Generated Summary
Purpose
The Farm and Food Cybersecurity Act of 2025 aims to strengthen the cybersecurity and resilience of the U.S. agriculture and food critical infrastructure sector. It directs the Secretary of Agriculture to regularly evaluate cyber threats and vulnerabilities in this sector and to organize annual simulation exercises to prepare for food-related emergencies or disruptions, ultimately improving national food security, public health, and economic stability.
Key Provisions
- Definitions:
- Defines the "agriculture and food critical infrastructure sector" broadly to include all activities from production, processing, and distribution of food and agricultural products to their consumption and disposal, encompassing entities like farmers, processors, distributors, retailers, consumers, and regulators.
- Adopts standard terms for "cybersecurity threat," "defensive measure," "incident," and "security vulnerability" from the Homeland Security Act of 2002 (e.g., a cybersecurity threat is an action that could damage information systems).
- Specifies the "Secretary" as the head of the U.S. Department of Agriculture (USDA) and the "sector-specific ISAC" as the Food and Agriculture Information Sharing and Analysis Center (a group that shares threat information among industry stakeholders).
- Biennial Cybersecurity Risk Assessments (Section 3):
- Requires the USDA Secretary, working with the Cybersecurity and Infrastructure Security Agency (CISA), to conduct a risk assessment every two years on cyber threats and vulnerabilities in the agriculture and food sector.
- Assessments must cover: the scope of cyberattacks; their potential effects on food safety, the economy, public health, and national security; government and private sector readiness to handle incidents; existing policies and best practices; gaps or challenges; and recommendations for federal actions, including avoiding overly burdensome regulations.
- Involves consultation with private sector groups like the sector-specific ISAC and sector coordinating councils.
- Mandates a report to congressional committees (e.g., Senate Agriculture, Nutrition, and Forestry; House Homeland Security) within one year of enactment and biennially thereafter.
- Annual Simulation Exercises (Section 4):
- Requires the USDA Secretary, in coordination with the Secretaries of Homeland Security and Health and Human Services, the Director of National Intelligence, and other relevant federal agencies, to run one cross-sector crisis simulation exercise per year for five years (fiscal years 2026–2030).
- Purposes include testing preparedness, identifying supply chain weaknesses, improving coordination among stakeholders, evaluating policies, sharing best practices, and ensuring diverse participation in future exercises.
- Exercises must use realistic scenarios (e.g., a disruption affecting multiple regions), draw input from experts in agriculture, public health, cybersecurity, and related fields (including private sector researchers), employ varied formats (e.g., tabletop discussions or full drills), and include participants from federal, state, Tribal, local, territorial governments, and private entities.
- Requires private sector consultation (e.g., via ISAC and coordinating councils).
- After each exercise, provide participant feedback and submit a congressional report summarizing findings, lessons learned, and recommendations to boost cybersecurity and resilience.
- Authorizes $1,000,000 annually for fiscal years 2026–2030 to fund these exercises.
Significant Changes to Existing Law
This bill introduces new mandatory requirements not previously specified in law, such as biennial cybersecurity risk assessments focused on the agriculture and food sector and a structured five-year program of annual simulation exercises. It builds on existing frameworks like the Homeland Security Act by incorporating its definitions and requiring coordination with agencies like CISA, but it does not amend prior statutes directly—instead, it adds proactive duties for the USDA to lead these efforts.
Potential Impacts
- Government Agencies: Increases workload and coordination responsibilities for USDA (leading assessments and exercises), CISA, Department of Homeland Security, Department of Health and Human Services, and intelligence agencies; may improve inter-agency collaboration on critical infrastructure protection.
- Citizens: Enhances food supply chain security, potentially reducing risks of disruptions from cyberattacks that could lead to shortages, price spikes, or health issues; promotes broader resilience in public health and emergency response.
- Private Sector: Encourages participation in assessments and exercises, fostering better threat awareness and defensive strategies without imposing new regulations; could lead to voluntary adoption of best practices.
- International Relations: Indirectly strengthens U.S. food security posture, which may influence global trade stability in agriculture, but no direct foreign policy changes.
Main Stakeholders Affected
- Federal Government: USDA (primary lead), CISA, Department of Homeland Security, Department of Health and Human Services, Office of the Director of National Intelligence, and other agencies involved in cybersecurity and emergency management.
- State, Tribal, Local, and Territorial Governments: Participants in simulations to build coordinated response capabilities.
- Private Sector: Farmers, ranchers, food processors, distributors, retailers, manufacturers, and related entities; sector-specific ISAC and coordinating councils for information sharing and consultation.
- Congress: Receives regular reports to oversee implementation and consider recommendations.
- Consumers and Public: Indirectly affected through improved sector resilience.
Notable Legal, Constitutional, or Political Implications
- Legal: Establishes clear federal leadership in cybersecurity for a critical sector without creating new regulatory burdens, emphasizing voluntary best practices and avoiding "intrusive or duplicative" rules; relies on existing legal authorities under the Homeland Security Act, potentially setting precedents for similar sector-specific cyber initiatives.
- Constitutional: Aligns with Congress's powers to regulate interstate commerce and provide for national defense by protecting critical infrastructure; no apparent conflicts with federalism, as it encourages but does not mandate state or private actions.
- Political: Bipartisan sponsorship (e.g., Senators Cotton, Slotkin, Ricketts) highlights cross-party concern over cyber risks to food security; authorizes modest funding, which could spark debates on budget priorities amid rising cyber threats, but focuses on preparedness rather than enforcement, minimizing controversy.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (9)
Sen. Slotkin, Elissa [D-MI], Sen. Ricketts, Pete [R-NE], Sen. Tillis, Thomas [R-NC], Sen. Lummis, Cynthia M. [R-WY], Sen. Budd, Ted [R-NC], Sen. Britt, Katie Boyd [R-AL], Sen. Ossoff, Jon [D-GA], Sen. Barrasso, John [R-WY], Sen. McCormick, David [R-PA]
Recent Actions
- 2025-02-26: Read twice and referred to the Committee on Agriculture, Nutrition, and Forestry.
- 2025-02-26: Introduced in Senate
Bill Versions
- Farm and Food Cybersecurity Act of 2025 — issued 2025-02-26 — PDF (8 pages)