Us Congress 2025-2026 Regular Session

Us Congress House Bill HB1604 Compare Versions

Only one version of the bill is available at this time.

Old	New	Differences
1	1	I
2	2	119THCONGRESS
3	3	1
4	4	STSESSION H. R. 1604
5	5	To direct the Secretary of Agriculture to periodically assess cybersecurity
6	6	threats to, and vulnerabilities in, the agriculture and food critical infra-
7	7	structure sector and to provide recommendations to enhance their secu-
8	8	rity and resilience, to require the Secretary of Agriculture to conduct
9	9	an annual cross-sector simulation exercise relating to a food-related emer-
10	10	gency or disruption, and for other purposes.
11	11	IN THE HOUSE OF REPRESENTATIVES
12	12	FEBRUARY26, 2025
13	13	Mr. F
14	14	INSTAD(for himself, Ms. TOKUDA, Mr. BACON, and Ms. DAVIDSof
15	15	Kansas) introduced the following bill; which was referred to the Com-
16	16	mittee on Agriculture
17	17	A BILL
18	18	To direct the Secretary of Agriculture to periodically assess
19	19	cybersecurity threats to, and vulnerabilities in, the agri-
20	20	culture and food critical infrastructure sector and to
21	21	provide recommendations to enhance their security and
22	22	resilience, to require the Secretary of Agriculture to con-
23	23	duct an annual cross-sector simulation exercise relating
24	24	to a food-related emergency or disruption, and for other
25	25	purposes.
26	26	Be it enacted by the Senate and House of Representa-1
27	27	tives of the United States of America in Congress assembled, 2
28	28	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
29	29	kjohnson on DSK7ZCZBW3PROD with $$_JOB 2
30	30	•HR 1604 IH
31	31	SECTION 1. SHORT TITLE. 1
32	32	This Act may be cited as the ‘‘Farm and Food Cyber-2
33	33	security Act of 2025’’. 3
34	34	SEC. 2. DEFINITIONS. 4
35	35	In this Act: 5
36	36	(1) A
37	37	GRICULTURE AND FOOD CRITICAL INFRA -6
38	38	STRUCTURE SECTOR .—The term ‘‘agriculture and 7
39	39	food critical infrastructure sector’’ means— 8
40	40	(A) any activity relating to the production, 9
41	41	processing, distribution, storage, transportation, 10
42	42	consumption, or disposal of agricultural or food 11
43	43	products; and 12
44	44	(B) any entity involved in an activity de-13
45	45	scribed in subparagraph (A), including a farm-14
46	46	er, rancher, processor, manufacturer, dis-15
47	47	tributor, retailer, consumer, and regulator. 16
48	48	(2) C
49	49	YBERSECURITY THREAT ; DEFENSIVE 17
50	50	MEASURE; INCIDENT; SECURITY VULNERABILITY .— 18
51	51	The terms ‘‘cybersecurity threat’’, ‘‘defensive meas-19
52	52	ure’’, ‘‘incident’’, and ‘‘security vulnerability’’ have 20
53	53	the meanings given those terms in section 2200 of 21
54	54	the Homeland Security Act of 2002 (6 U.S.C. 650). 22
55	55	(3) S
56	56	ECRETARY.—The term ‘‘Secretary’’ means 23
57	57	the Secretary of Agriculture. 24
58	58	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
59	59	kjohnson on DSK7ZCZBW3PROD with $$_JOB 3
60	60	•HR 1604 IH
61	61	(4) SECTOR-SPECIFIC ISAC.—The term ‘‘sector- 1
62	62	specific ISAC’’ means the Food and Agriculture-In-2
63	63	formation Sharing and Analysis Center. 3
64	64	SEC. 3. ASSESSMENT OF CYBERSECURITY THREATS AND 4
65	65	SECURITY VULNERABILITIES IN THE AGRI-5
66	66	CULTURE AND FOOD CRITICAL INFRASTRUC-6
67	67	TURE SECTOR. 7
68	68	(a) R
69	69	ISKASSESSMENT.—The Secretary shall conduct 8
70	70	a risk assessment, on a biennial basis, on the cybersecurity 9
71	71	threats to, and security vulnerabilities in, the agriculture 10
72	72	and food critical infrastructure sector, including— 11
73	73	(1) the nature and extent of cyberattacks and 12
74	74	incidents that affect the agriculture and food critical 13
75	75	infrastructure sector; 14
76	76	(2) the potential impacts of a cyberattack or in-15
77	77	cident on the safety, security, and availability of 16
78	78	food products, as well as on the economy, public 17
79	79	health, and national security of the United States; 18
80	80	(3) the current capability and readiness of the 19
81	81	Federal Government, State and local governments, 20
82	82	and private sector entities to prevent, detect, miti-21
83	83	gate, respond to, and recover from cyberattacks and 22
84	84	incidents described in paragraph (2); 23
85	85	(4) the existing policies, standards, guidelines, 24
86	86	best practices, and initiatives applicable to the agri-25
87	87	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
88	88	kjohnson on DSK7ZCZBW3PROD with $$_JOB 4
89	89	•HR 1604 IH
90	90	culture and food critical infrastructure sector to en-1
91	91	hance defensive measures in that sector; 2
92	92	(5) the gaps, challenges, barriers, or opportuni-3
93	93	ties for improving defensive measures in the agri-4
94	94	culture and food critical infrastructure sector; and 5
95	95	(6) any recommendations for Federal legislative 6
96	96	or administrative actions to address the cybersecu-7
97	97	rity threats to, and security vulnerabilities in, the 8
98	98	agriculture and food critical infrastructure sector, 9
99	99	including intrusive, duplicative, or conflicting regu-10
100	100	latory requirements that may divert attention and 11
101	101	resources from operational risk management to a 12
102	102	compliance regime that impedes actual security ef-13
103	103	forts. 14
104	104	(b) P
105	105	RIVATESECTORPARTICIPATION.—In con-15
106	106	ducting a risk assessment under subsection (a), the Sec-16
107	107	retary shall consult with appropriate entities in the private 17
108	108	sector, including— 18
109	109	(1) the sector-specific ISAC; and 19
110	110	(2) the appropriate sector coordinating council. 20
111	111	(c) B
112	112	IENNIALREPORT.—Not later than 1 year after 21
113	113	the date of enactment of this Act, and every 2 years there-22
114	114	after, the Secretary shall submit a report on each risk as-23
115	115	sessment conducted under subsection (a) to— 24
116	116	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
117	117	kjohnson on DSK7ZCZBW3PROD with $$_JOB 5
118	118	•HR 1604 IH
119	119	(1) the Committee on Agriculture, Nutrition, 1
120	120	and Forestry of the Senate; 2
121	121	(2) the Committee on Homeland Security and 3
122	122	Governmental Affairs of the Senate; 4
123	123	(3) the Committee on Agriculture of the House 5
124	124	of Representatives; and 6
125	125	(4) the Committee on Homeland Security of the 7
126	126	House of Representatives. 8
127	127	SEC. 4. FOOD SECURITY AND CYBER RESILIENCE SIMULA-9
128	128	TION EXERCISE. 10
129	129	(a) E
130	130	STABLISHMENT.—The Secretary, in coordina-11
131	131	tion with the Secretary of Homeland Security, the Sec-12
132	132	retary of Health and Human Services, the Director of Na-13
133	133	tional Intelligence, and the heads of other relevant Federal 14
134	134	agencies, shall conduct, over a 5-year period, an annual 15
135	135	cross-sector crisis simulation exercise relating to a food- 16
136	136	related emergency or disruption (referred to in this section 17
137	137	as an ‘‘exercise’’). 18
138	138	(b) P
139	139	URPOSES.—The purposes of each exercise are— 19
140	140	(1) to assess the preparedness and response ca-20
141	141	pabilities of Federal, State, Tribal, local, and terri-21
142	142	torial governments and private sector entities in the 22
143	143	event of a food-related emergency or disruption; 23
144	144	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
145	145	kjohnson on DSK7ZCZBW3PROD with $$_JOB 6
146	146	•HR 1604 IH
147	147	(2) to identify and address gaps and 1
148	148	vulnerabilities in the food supply chain and critical 2
149	149	infrastructure; 3
150	150	(3) to enhance coordination and information 4
151	151	sharing among stakeholders involved in food produc-5
152	152	tion, processing, distribution, and consumption; 6
153	153	(4) to evaluate the effectiveness and efficiency 7
154	154	of existing policies, programs, and resources relating 8
155	155	to food security and resilience; 9
156	156	(5) to develop and disseminate best practices 10
157	157	and recommendations for improving food security 11
158	158	and resilience; and 12
159	159	(6) to identify key stakeholders and categories 13
160	160	that were missing from the exercise to ensure the in-14
161	161	clusion of those stakeholders and categories in fu-15
162	162	ture exercises. 16
163	163	(c) D
164	164	ESIGN.—Each exercise shall— 17
165	165	(1) involve a realistic and plausible scenario 18
166	166	that simulates a food-related emergency or disrup-19
167	167	tion affecting multiple sectors and jurisdictions; 20
168	168	(2) incorporate input from experts and stake-21
169	169	holders from various disciplines and sectors, includ-22
170	170	ing agriculture, public health, nutrition, emergency 23
171	171	management, transportation, energy, water, commu-24
172	172	nications, related equipment suppliers and manufac-25
173	173	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
174	174	kjohnson on DSK7ZCZBW3PROD with $$_JOB 7
175	175	•HR 1604 IH
176	176	turers, and cybersecurity, including related academia 1
177	177	and private sector information security researchers 2
178	178	and practitioners, including the sector-specific ISAC; 3
179	179	(3) use a variety of methods and tools, such as 4
180	180	tabletop exercises, workshops, seminars, games, 5
181	181	drills, or full-scale exercises; and 6
182	182	(4) include participants from Federal, State, 7
183	183	Tribal, local, and territorial governments and private 8
184	184	sector entities (including the sector-specific ISAC 9
185	185	and appropriate sector coordinating councils) that 10
186	186	have roles and responsibilities relating to food secu-11
187	187	rity and resilience. 12
188	188	(d) P
189	189	RIVATESECTORPARTICIPATION.—In con-13
190	190	ducting an exercise under subsection (a), the Secretary 14
191	191	shall consult with appropriate entities in the private sec-15
192	192	tor, including— 16
193	193	(1) the sector-specific ISAC; and 17
194	194	(2) the appropriate sector coordinating councils. 18
195	195	(e) F
196	196	EEDBACK; REPORT.—After each exercise, the 19
197	197	Secretary, in consultation with the heads of the Federal 20
198	198	agencies described in subsection (a), shall— 21
199	199	(1) provide feedback to, and an evaluation of, 22
200	200	the participants in that exercise on their perform-23
201	201	ance and outcomes; and 24
202	202	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\H1604.IH H1604
203	203	kjohnson on DSK7ZCZBW3PROD with $$_JOB 8
204	204	•HR 1604 IH
205	205	(2) produce, and submit to Congress, a report 1
206	206	that summarizes, with respect to that exercise, the 2
207	207	findings of that exercise, lessons learned from that 3
208	208	exercise, and recommendations to enhance the cyber-4
209	209	security and resilience of the agriculture and food 5
210	210	critical infrastructure sector. 6
211	211	(f) A
212	212	UTHORIZATION OF APPROPRIATIONS.—There is 7
213	213	authorized to be appropriated to carry out this section 8
214	214	$1,000,000 for each of fiscal years 2026 through 2030. 9
215	215	Æ
216	216	VerDate Sep 11 2014 00:08 Mar 14, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6301 E:\BILLS\H1604.IH H1604
217	217	kjohnson on DSK7ZCZBW3PROD with $$_JOB