Farm and Food Cybersecurity Act of 2025
Farm and Food Cybersecurity Act of 2025
Plain Language Summary
# Farm and Food Cybersecurity Act of 2025 – Summary **What the Bill Would Do** This bill would require the U.S. Department of Agriculture (USDA) to assess and prepare for cybersecurity threats to America's food and agriculture systems. Specifically, USDA would need to conduct a risk assessment every two years to identify cyber vulnerabilities affecting farms, food processing plants, distribution centers, and other food-related businesses. The agency would also run annual practice drills (simulation exercises) to test how well the government and food industry could respond to cyber emergencies or disruptions that could affect the food supply. **Who It Affects** The bill covers a broad range of entities involved in agriculture and food production—from individual farms to large food manufacturers, distributors, and retailers.
It primarily impacts USDA and would likely involve coordination with the Department of Homeland Security and other agencies. Indirectly, it affects consumers by focusing on protecting the security and stability of the U.S. food supply. **Current Status** The bill was introduced by Representative Brad Finstad (R-Minnesota) in the 119th Congress and is currently in committee, meaning it has not yet been voted on by the full House.
CRS Official Summary
Farm and Food Cybersecurity Act of 2025This bill directs the Department of Agriculture (USDA) to (1) assess cybersecurity threats in the agriculture and food critical infrastructure sector, and (2) conduct annual crisis simulation exercises for food-related emergencies or disruptions. The agriculture and food critical infrastructure sector includes (1) any activity relating to the production, processing, distribution, storage, transportation, consumption, or disposal of agricultural or food products; and (2) any entity involved in any of these activities.Specifically, USDA must conduct a risk assessment every two years on the cybersecurity threats to, and security vulnerabilities in, this sector. The risk assessment must include any recommendations for federal legislative or administrative actions to address related threats and vulnerabilities.USDA must also conduct an annual simulation exercise relating to a food-related emergency or disruption in coordination with the Department of Homeland Security (DHS), the Department of Health and Human Services (HHS), and the Office of the Director of National Intelligence (ODNI).Among other things, the exercise must (1) involve a realistic and plausible scenario that simulates a food-related emergency or disruption that affects multiple sectors and jurisdictions, and (2) incorporate input from experts and stakeholders from various disciplines and sectors (e.g., agriculture, public health, emergency management, transportation, and energy). USDA, in consultation with DHS, HHS, and ODNI, must submit a report to Congress on each simulation exercise, including recommendations to enhance the cybersecurity and resilience of the agriculture and food critical infrastructure sector.
Latest Action
Referred to the Subcommittee on Nutrition and Foreign Agriculture.