Farm and Food Cybersecurity Act of 2025
Farm and Food Cybersecurity Act of 2025
Plain Language Summary
# Farm and Food Cybersecurity Act of 2025 - Summary **What the bill would do:** This bill requires the U.S. Department of Agriculture (USDA) to evaluate cybersecurity risks facing America's farming and food production systems and to regularly conduct emergency preparedness drills. Specifically, USDA would conduct risk assessments every two years to identify weaknesses in how farms, food processors, warehouses, and distribution networks protect against cyberattacks.
The bill also mandates annual practice exercises to test how the food system would respond to cyber emergencies or disruptions. **Who it affects:** The bill impacts the entire agricultural and food sector—farmers, food processors, distributors, transporters, storage facilities, and restaurants. It also involves federal agencies, particularly USDA and the Department of Homeland Security's cybersecurity division, which would coordinate these assessments and exercises. **Key provisions:** USDA must identify cybersecurity threats and vulnerabilities, recommend fixes through legislation or policy changes, and run annual simulation exercises for food-related emergencies. The bill recognizes that cyberattacks on farms or food systems could disrupt the food supply and public safety. **Current status:** The bill is in committee (S 754, 119th Congress) and has not yet been voted on by the full Senate.
CRS Official Summary
Farm and Food Cybersecurity Act of 2025This bill directs the Department of Agriculture (USDA) to (1) assess cybersecurity threats in the agriculture and food critical infrastructure sector, and (2) conduct annual crisis simulation exercises for food-related emergencies or disruptions. The agriculture and food critical infrastructure sector includes (1) any activity relating to the production, processing, distribution, storage, transportation, consumption, or disposal of agricultural or food products; and (2) any entity involved in any of these activities.Specifically, USDA, in coordination with the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency, must conduct a risk assessment every two years on the cybersecurity threats to, and security vulnerabilities in, this sector. The risk assessment must include any recommendations for federal legislative or administrative actions to address related threats and vulnerabilities.USDA must also conduct an annual simulation exercise relating to a food-related emergency or disruption in coordination with DHS, the Department of Health and Human Services (HHS), and the Office of the Director of National Intelligence (ODNI).Among other things, the exercise must (1) involve a realistic and plausible scenario that simulates a food-related emergency or disruption that affects multiple sectors and jurisdictions, and (2) incorporate input from experts and stakeholders from various disciplines and sectors (e.g., agriculture, public health, emergency management, transportation, and energy). USDA, in consultation with DHS, HHS, and ODNI, must submit a report to Congress on each simulation exercise, including recommendations to enhance the cybersecurity and resilience of the agriculture and food critical infrastructure sector.
Latest Action
Read twice and referred to the Committee on Agriculture, Nutrition, and Forestry.