Farm and Food Cybersecurity Act of 2025
This bill directs the Department of Agriculture (USDA) to (1) assess cybersecurity threats in the agriculture and food critical infrastructure sector, and (2) conduct annual crisis simulation exercises for food-related emergencies or disruptions. The agriculture and food critical infrastructure sector includes (1) any activity relating to the production, processing, distribution, storage, transportation, consumption, or disposal of agricultural or food products; and (2) any entity involved in any of these activities.
Specifically, USDA must conduct a risk assessment every two years on the cybersecurity threats to, and security vulnerabilities in, this sector. The risk assessment must include any recommendations for federal legislative or administrative actions to address related threats and vulnerabilities.
USDA must also conduct an annual simulation exercise relating to a food-related emergency or disruption in coordination with the Department of Homeland Security (DHS), the Department of Health and Human Services (HHS), and the Office of the Director of National Intelligence (ODNI).
Among other things, the exercise must (1) involve a realistic and plausible scenario that simulates a food-related emergency or disruption that affects multiple sectors and jurisdictions, and (2) incorporate input from experts and stakeholders from various disciplines and sectors (e.g., agriculture, public health, emergency management, transportation, and energy).
USDA, in consultation with DHS, HHS, and ODNI, must submit a report to Congress on each simulation exercise, including recommendations to enhance the cybersecurity and resilience of the agriculture and food critical infrastructure sector.