II
119THCONGRESS
1
STSESSION S. 754
To direct the Secretary of Agriculture to periodically assess cybersecurity
threats to, and vulnerabilities in, the agriculture and food critical infra-
structure sector and to provide recommendations to enhance their secu-
rity and resilience, to require the Secretary of Agriculture to conduct
an annual cross-sector simulation exercise relating to a food-related emer-
gency or disruption, and for other purposes.
IN THE SENATE OF THE UNITED STATES
FEBRUARY26, 2025
Mr. C
OTTON(for himself, Ms. SLOTKIN, Mr. RICKETTS, Mr. TILLIS, Ms.
L
UMMIS, Mr. BUDD, and Mrs. BRITT) introduced the following bill; which
was read twice and referred to the Committee on Agriculture, Nutrition,
and Forestry
A BILL
To direct the Secretary of Agriculture to periodically assess
cybersecurity threats to, and vulnerabilities in, the agri-
culture and food critical infrastructure sector and to
provide recommendations to enhance their security and
resilience, to require the Secretary of Agriculture to con-
duct an annual cross-sector simulation exercise relating
to a food-related emergency or disruption, and for other
purposes.
Be it enacted by the Senate and House of Representa-1
tives of the United States of America in Congress assembled, 2
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 2
•S 754 IS
SECTION 1. SHORT TITLE. 1
This Act may be cited as the ‘‘Farm and Food Cyber-2
security Act of 2025’’. 3
SEC. 2. DEFINITIONS. 4
In this Act: 5
(1) A
GRICULTURE AND FOOD CRITICAL INFRA -6
STRUCTURE SECTOR .—The term ‘‘agriculture and 7
food critical infrastructure sector’’ means— 8
(A) any activity relating to the production, 9
processing, distribution, storage, transportation, 10
consumption, or disposal of agricultural or food 11
products; and 12
(B) any entity involved in an activity de-13
scribed in subparagraph (A), including a farm-14
er, rancher, processor, manufacturer, dis-15
tributor, retailer, consumer, and regulator. 16
(2) C
YBERSECURITY THREAT ; DEFENSIVE 17
MEASURE; INCIDENT; SECURITY VULNERABILITY .— 18
The terms ‘‘cybersecurity threat’’, ‘‘defensive meas-19
ure’’, ‘‘incident’’, and ‘‘security vulnerability’’ have 20
the meanings given those terms in section 2200 of 21
the Homeland Security Act of 2002 (6 U.S.C. 650). 22
(3) S
ECRETARY.—The term ‘‘Secretary’’ means 23
the Secretary of Agriculture. 24
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 3
•S 754 IS
(4) SECTOR-SPECIFICISAC.—The term ‘‘sec-1
tor-specific ISAC’’ means the Food and Agriculture- 2
Information Sharing and Analysis Center. 3
SEC. 3. ASSESSMENT OF CYBERSECURITY THREATS AND 4
SECURITY VULNERABILITIES IN THE AGRI-5
CULTURE AND FOOD CRITICAL INFRASTRUC-6
TURE SECTOR. 7
(a) R
ISKASSESSMENT.—The Secretary, in coordina-8
tion with the Cybersecurity and Infrastructure Security 9
Agency, shall conduct a risk assessment, on a biennial 10
basis, on the cybersecurity threats to, and security 11
vulnerabilities in, the agriculture and food critical infra-12
structure sector, including— 13
(1) the nature and extent of cyberattacks and 14
incidents that affect the agriculture and food critical 15
infrastructure sector; 16
(2) the potential impacts of a cyberattack or in-17
cident on the safety, security, and availability of 18
food products, as well as on the economy, public 19
health, and national security of the United States; 20
(3) the current capability and readiness of the 21
Federal Government, State and local governments, 22
and private sector entities to prevent, detect, miti-23
gate, respond to, and recover from cyberattacks and 24
incidents described in paragraph (2); 25
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 4
•S 754 IS
(4) the existing policies, standards, guidelines, 1
best practices, and initiatives applicable to the agri-2
culture and food critical infrastructure sector to en-3
hance defensive measures in that sector; 4
(5) the gaps, challenges, barriers, or opportuni-5
ties for improving defensive measures in the agri-6
culture and food critical infrastructure sector; and 7
(6) any recommendations for Federal legislative 8
or administrative actions to address the cybersecu-9
rity threats to, and security vulnerabilities in, the 10
agriculture and food critical infrastructure sector, 11
including intrusive, duplicative, or conflicting regu-12
latory requirements that may divert attention and 13
resources from operational risk management to a 14
compliance regime that impedes security efforts. 15
(b) P
RIVATESECTORPARTICIPATION.—In con-16
ducting a risk assessment under subsection (a), the Sec-17
retary shall consult with appropriate entities in the private 18
sector, including— 19
(1) the sector-specific ISAC; and 20
(2) the appropriate sector coordinating council. 21
(c) B
IENNIALREPORT.—Not later than 1 year after 22
the date of enactment of this Act, and every 2 years there-23
after, the Secretary shall submit a report on each risk as-24
sessment conducted under subsection (a) to— 25
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 5
•S 754 IS
(1) the Committee on Agriculture, Nutrition, 1
and Forestry of the Senate; 2
(2) the Committee on Homeland Security and 3
Governmental Affairs of the Senate; 4
(3) the Committee on Agriculture of the House 5
of Representatives; and 6
(4) the Committee on Homeland Security of the 7
House of Representatives. 8
SEC. 4. FOOD SECURITY AND CYBER RESILIENCE SIMULA-9
TION EXERCISE. 10
(a) E
STABLISHMENT.—The Secretary, in coordina-11
tion with the Secretary of Homeland Security, the Sec-12
retary of Health and Human Services, the Director of Na-13
tional Intelligence, and the heads of other relevant Federal 14
agencies, shall conduct, over a 5-year period, an annual 15
cross-sector crisis simulation exercise relating to a food- 16
related emergency or disruption (referred to in this section 17
as an ‘‘exercise’’). 18
(b) P
URPOSES.—The purposes of each exercise are— 19
(1) to assess the preparedness and response ca-20
pabilities of Federal, State, Tribal, local, and terri-21
torial governments and private sector entities in the 22
event of a food-related emergency or disruption; 23
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 6
•S 754 IS
(2) to identify and address gaps and 1
vulnerabilities in the food supply chain and critical 2
infrastructure; 3
(3) to enhance coordination and information 4
sharing among stakeholders involved in food produc-5
tion, processing, distribution, and consumption; 6
(4) to evaluate the effectiveness and efficiency 7
of existing policies, programs, and resources relating 8
to food security and resilience; 9
(5) to develop and disseminate best practices 10
and recommendations for improving food security 11
and resilience; and 12
(6) to identify key stakeholders and categories 13
that were missing from the exercise to ensure the in-14
clusion of those stakeholders and categories in fu-15
ture exercises. 16
(c) D
ESIGN.—Each exercise shall— 17
(1) involve a realistic and plausible scenario 18
that simulates a food-related emergency or disrup-19
tion affecting multiple sectors and jurisdictions; 20
(2) incorporate input from experts and stake-21
holders from various disciplines and sectors, includ-22
ing agriculture, public health, nutrition, emergency 23
management, transportation, energy, water, commu-24
nications, related equipment suppliers and manufac-25
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 7
•S 754 IS
turers, and cybersecurity, including related academia 1
and private sector information security researchers 2
and practitioners, including the sector-specific ISAC; 3
(3) use a variety of methods and tools, such as 4
tabletop exercises, workshops, seminars, games, 5
drills, or full-scale exercises; and 6
(4) include participants from Federal, State, 7
Tribal, local, and territorial governments and private 8
sector entities, including the sector-specific ISAC 9
and appropriate sector coordinating councils, that 10
have roles and responsibilities relating to food secu-11
rity and resilience. 12
(d) P
RIVATESECTORPARTICIPATION.—In con-13
ducting an exercise, the Secretary shall consult with ap-14
propriate entities in the private sector, including— 15
(1) the sector-specific ISAC; and 16
(2) the appropriate sector coordinating councils. 17
(e) F
EEDBACK; REPORT.—After each exercise, the 18
Secretary, in consultation with the heads of the Federal 19
agencies described in subsection (a), shall— 20
(1) provide feedback to, and an evaluation of, 21
the participants in that exercise on their perform-22
ance and outcomes; and 23
(2) produce, and submit to Congress, a report 24
that summarizes, with respect to that exercise, the 25
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB 8
•S 754 IS
findings of that exercise, lessons learned from that 1
exercise, and recommendations to enhance the cyber-2
security and resilience of the agriculture and food 3
critical infrastructure sector. 4
(f) A
UTHORIZATION OF APPROPRIATIONS.—There is 5
authorized to be appropriated to carry out this section 6
$1,000,000 for each of fiscal years 2026 through 2030. 7
Æ
VerDate Sep 11 2014 23:18 Mar 13, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6301 E:\BILLS\S754.IS S754
kjohnson on DSK7ZCZBW3PROD with $$_JOB