US
Us Congress Senate Bill SB754

Us Congress 2025-2026 Regular Session

Us Congress Senate Bill SB754 Compare Versions

Only one version of the bill is available at this time.
OldNewDifferences
11 II
22 119THCONGRESS
33 1
44 STSESSION S. 754
55 To direct the Secretary of Agriculture to periodically assess cybersecurity
66 threats to, and vulnerabilities in, the agriculture and food critical infra-
77 structure sector and to provide recommendations to enhance their secu-
88 rity and resilience, to require the Secretary of Agriculture to conduct
99 an annual cross-sector simulation exercise relating to a food-related emer-
1010 gency or disruption, and for other purposes.
1111 IN THE SENATE OF THE UNITED STATES
1212 FEBRUARY26, 2025
1313 Mr. C
1414 OTTON(for himself, Ms. SLOTKIN, Mr. RICKETTS, Mr. TILLIS, Ms.
1515 L
1616 UMMIS, Mr. BUDD, and Mrs. BRITT) introduced the following bill; which
1717 was read twice and referred to the Committee on Agriculture, Nutrition,
1818 and Forestry
1919 A BILL
2020 To direct the Secretary of Agriculture to periodically assess
2121 cybersecurity threats to, and vulnerabilities in, the agri-
2222 culture and food critical infrastructure sector and to
2323 provide recommendations to enhance their security and
2424 resilience, to require the Secretary of Agriculture to con-
2525 duct an annual cross-sector simulation exercise relating
2626 to a food-related emergency or disruption, and for other
2727 purposes.
2828 Be it enacted by the Senate and House of Representa-1
2929 tives of the United States of America in Congress assembled, 2
3030 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
3131 kjohnson on DSK7ZCZBW3PROD with $$_JOB 2
3232 •S 754 IS
3333 SECTION 1. SHORT TITLE. 1
3434 This Act may be cited as the ‘‘Farm and Food Cyber-2
3535 security Act of 2025’’. 3
3636 SEC. 2. DEFINITIONS. 4
3737 In this Act: 5
3838 (1) A
3939 GRICULTURE AND FOOD CRITICAL INFRA -6
4040 STRUCTURE SECTOR .—The term ‘‘agriculture and 7
4141 food critical infrastructure sector’’ means— 8
4242 (A) any activity relating to the production, 9
4343 processing, distribution, storage, transportation, 10
4444 consumption, or disposal of agricultural or food 11
4545 products; and 12
4646 (B) any entity involved in an activity de-13
4747 scribed in subparagraph (A), including a farm-14
4848 er, rancher, processor, manufacturer, dis-15
4949 tributor, retailer, consumer, and regulator. 16
5050 (2) C
5151 YBERSECURITY THREAT ; DEFENSIVE 17
5252 MEASURE; INCIDENT; SECURITY VULNERABILITY .— 18
5353 The terms ‘‘cybersecurity threat’’, ‘‘defensive meas-19
5454 ure’’, ‘‘incident’’, and ‘‘security vulnerability’’ have 20
5555 the meanings given those terms in section 2200 of 21
5656 the Homeland Security Act of 2002 (6 U.S.C. 650). 22
5757 (3) S
5858 ECRETARY.—The term ‘‘Secretary’’ means 23
5959 the Secretary of Agriculture. 24
6060 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
6161 kjohnson on DSK7ZCZBW3PROD with $$_JOB 3
6262 •S 754 IS
6363 (4) SECTOR-SPECIFICISAC.—The term ‘‘sec-1
6464 tor-specific ISAC’’ means the Food and Agriculture- 2
6565 Information Sharing and Analysis Center. 3
6666 SEC. 3. ASSESSMENT OF CYBERSECURITY THREATS AND 4
6767 SECURITY VULNERABILITIES IN THE AGRI-5
6868 CULTURE AND FOOD CRITICAL INFRASTRUC-6
6969 TURE SECTOR. 7
7070 (a) R
7171 ISKASSESSMENT.—The Secretary, in coordina-8
7272 tion with the Cybersecurity and Infrastructure Security 9
7373 Agency, shall conduct a risk assessment, on a biennial 10
7474 basis, on the cybersecurity threats to, and security 11
7575 vulnerabilities in, the agriculture and food critical infra-12
7676 structure sector, including— 13
7777 (1) the nature and extent of cyberattacks and 14
7878 incidents that affect the agriculture and food critical 15
7979 infrastructure sector; 16
8080 (2) the potential impacts of a cyberattack or in-17
8181 cident on the safety, security, and availability of 18
8282 food products, as well as on the economy, public 19
8383 health, and national security of the United States; 20
8484 (3) the current capability and readiness of the 21
8585 Federal Government, State and local governments, 22
8686 and private sector entities to prevent, detect, miti-23
8787 gate, respond to, and recover from cyberattacks and 24
8888 incidents described in paragraph (2); 25
8989 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
9090 kjohnson on DSK7ZCZBW3PROD with $$_JOB 4
9191 •S 754 IS
9292 (4) the existing policies, standards, guidelines, 1
9393 best practices, and initiatives applicable to the agri-2
9494 culture and food critical infrastructure sector to en-3
9595 hance defensive measures in that sector; 4
9696 (5) the gaps, challenges, barriers, or opportuni-5
9797 ties for improving defensive measures in the agri-6
9898 culture and food critical infrastructure sector; and 7
9999 (6) any recommendations for Federal legislative 8
100100 or administrative actions to address the cybersecu-9
101101 rity threats to, and security vulnerabilities in, the 10
102102 agriculture and food critical infrastructure sector, 11
103103 including intrusive, duplicative, or conflicting regu-12
104104 latory requirements that may divert attention and 13
105105 resources from operational risk management to a 14
106106 compliance regime that impedes security efforts. 15
107107 (b) P
108108 RIVATESECTORPARTICIPATION.—In con-16
109109 ducting a risk assessment under subsection (a), the Sec-17
110110 retary shall consult with appropriate entities in the private 18
111111 sector, including— 19
112112 (1) the sector-specific ISAC; and 20
113113 (2) the appropriate sector coordinating council. 21
114114 (c) B
115115 IENNIALREPORT.—Not later than 1 year after 22
116116 the date of enactment of this Act, and every 2 years there-23
117117 after, the Secretary shall submit a report on each risk as-24
118118 sessment conducted under subsection (a) to— 25
119119 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
120120 kjohnson on DSK7ZCZBW3PROD with $$_JOB 5
121121 •S 754 IS
122122 (1) the Committee on Agriculture, Nutrition, 1
123123 and Forestry of the Senate; 2
124124 (2) the Committee on Homeland Security and 3
125125 Governmental Affairs of the Senate; 4
126126 (3) the Committee on Agriculture of the House 5
127127 of Representatives; and 6
128128 (4) the Committee on Homeland Security of the 7
129129 House of Representatives. 8
130130 SEC. 4. FOOD SECURITY AND CYBER RESILIENCE SIMULA-9
131131 TION EXERCISE. 10
132132 (a) E
133133 STABLISHMENT.—The Secretary, in coordina-11
134134 tion with the Secretary of Homeland Security, the Sec-12
135135 retary of Health and Human Services, the Director of Na-13
136136 tional Intelligence, and the heads of other relevant Federal 14
137137 agencies, shall conduct, over a 5-year period, an annual 15
138138 cross-sector crisis simulation exercise relating to a food- 16
139139 related emergency or disruption (referred to in this section 17
140140 as an ‘‘exercise’’). 18
141141 (b) P
142142 URPOSES.—The purposes of each exercise are— 19
143143 (1) to assess the preparedness and response ca-20
144144 pabilities of Federal, State, Tribal, local, and terri-21
145145 torial governments and private sector entities in the 22
146146 event of a food-related emergency or disruption; 23
147147 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
148148 kjohnson on DSK7ZCZBW3PROD with $$_JOB 6
149149 •S 754 IS
150150 (2) to identify and address gaps and 1
151151 vulnerabilities in the food supply chain and critical 2
152152 infrastructure; 3
153153 (3) to enhance coordination and information 4
154154 sharing among stakeholders involved in food produc-5
155155 tion, processing, distribution, and consumption; 6
156156 (4) to evaluate the effectiveness and efficiency 7
157157 of existing policies, programs, and resources relating 8
158158 to food security and resilience; 9
159159 (5) to develop and disseminate best practices 10
160160 and recommendations for improving food security 11
161161 and resilience; and 12
162162 (6) to identify key stakeholders and categories 13
163163 that were missing from the exercise to ensure the in-14
164164 clusion of those stakeholders and categories in fu-15
165165 ture exercises. 16
166166 (c) D
167167 ESIGN.—Each exercise shall— 17
168168 (1) involve a realistic and plausible scenario 18
169169 that simulates a food-related emergency or disrup-19
170170 tion affecting multiple sectors and jurisdictions; 20
171171 (2) incorporate input from experts and stake-21
172172 holders from various disciplines and sectors, includ-22
173173 ing agriculture, public health, nutrition, emergency 23
174174 management, transportation, energy, water, commu-24
175175 nications, related equipment suppliers and manufac-25
176176 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
177177 kjohnson on DSK7ZCZBW3PROD with $$_JOB 7
178178 •S 754 IS
179179 turers, and cybersecurity, including related academia 1
180180 and private sector information security researchers 2
181181 and practitioners, including the sector-specific ISAC; 3
182182 (3) use a variety of methods and tools, such as 4
183183 tabletop exercises, workshops, seminars, games, 5
184184 drills, or full-scale exercises; and 6
185185 (4) include participants from Federal, State, 7
186186 Tribal, local, and territorial governments and private 8
187187 sector entities, including the sector-specific ISAC 9
188188 and appropriate sector coordinating councils, that 10
189189 have roles and responsibilities relating to food secu-11
190190 rity and resilience. 12
191191 (d) P
192192 RIVATESECTORPARTICIPATION.—In con-13
193193 ducting an exercise, the Secretary shall consult with ap-14
194194 propriate entities in the private sector, including— 15
195195 (1) the sector-specific ISAC; and 16
196196 (2) the appropriate sector coordinating councils. 17
197197 (e) F
198198 EEDBACK; REPORT.—After each exercise, the 18
199199 Secretary, in consultation with the heads of the Federal 19
200200 agencies described in subsection (a), shall— 20
201201 (1) provide feedback to, and an evaluation of, 21
202202 the participants in that exercise on their perform-22
203203 ance and outcomes; and 23
204204 (2) produce, and submit to Congress, a report 24
205205 that summarizes, with respect to that exercise, the 25
206206 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
207207 kjohnson on DSK7ZCZBW3PROD with $$_JOB 8
208208 •S 754 IS
209209 findings of that exercise, lessons learned from that 1
210210 exercise, and recommendations to enhance the cyber-2
211211 security and resilience of the agriculture and food 3
212212 critical infrastructure sector. 4
213213 (f) A
214214 UTHORIZATION OF APPROPRIATIONS.—There is 5
215215 authorized to be appropriated to carry out this section 6
216216 $1,000,000 for each of fiscal years 2026 through 2030. 7
217217 Æ
218218 VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6301 E:\BILLS\S754.IS S754
219219 kjohnson on DSK7ZCZBW3PROD with $$_JOB