Critical infrastructure—water supplies, electrical grids, natural gas facilities and oil refineries; and upstream and downstream operations for each—continues to come under threat from bad actors. Perhaps there is no greater threat potential than the agricultural sector, which has emerged as a vulnerable yet often overlooked domain.
Recognizing this, United States lawmakers have introduced the bipartisan Farm and Food Cybersecurity Act of 2025, a reintroduction of 2024 proposed legislation aiming to bolster the cybersecurity posture of America's food supply chain.
The Farm and Food Cybersecurity Act of 2025, introduced in both the House (H.R.1604) and the Senate (S.754), mandates the following actions:
Biennial risk assessments: The Secretary of Agriculture, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), is required to conduct biennial assessments of cybersecurity threats and vulnerabilities within the agriculture and food critical infrastructure sector.
Annual simulation exercises: The legislation calls for annual cross-sector crisis simulation exercises to prepare for potential food-related cyber emergencies or disruptions.
Stakeholder collaboration: The Act emphasizes collaboration with private sector entities, including farmers, processors, manufacturers, and retailers to enhance the sector's resilience against cyber threats.
As of April 2025, both versions of the bill have been introduced and referred to their respective committees:
House Version (H.R.1604): Introduced by Rep. Brad Finstad [R-MN-1] on February 26, 2025, and referred to the Subcommittee on Nutrition and Foreign Agriculture on March 28, 2025.
"With innovation and advancement in precision ag technology, the agricultural industry has become more technologically advanced, creating new challenges and vulnerabilities for farmers across southern Minnesota and the nation," Rep. Finstad said in a press release. "Food security is national security. The Farm and Food Cybersecurity Act will make tremendous strides to protect our nation's food supply from the imminent cyber threats that the ag sector experiences here at home."
Senate Version (S.754): Introduced by Sen. Tom Cotton [R-AR] on February 26, 2025, and referred to the Committee on Agriculture, Nutrition, and Forestry.
"America's adversaries are seeking to gain any advantage they can against us—including targeting critical industries like agriculture," Sen. Cotton said in a press release. "Congress must work with the Department of Agriculture to identify and defeat these cybersecurity vulnerabilities. This legislation will ensure we are prepared to protect the supply chains our farmers and all Americans rely on."
The increasing digitization of agricultural operations and the food supply chain has introduced new cybersecurity vulnerabilities. Notable incidents, such as the 2021 ransomware attack on JBS Foods, which disrupted meat processing operations, highlight the potential impact of cyber threats on food security and the economy. The Farm and Food Cybersecurity Act of 2025 represents a proactive approach to safeguarding these critical sectors against evolving cyber threats.
Erika Voss, SVP and Chief Security Officer at Blue Yonder, posted this on LinkedIn:
"Here's some good news:
The Farm and Food Cybersecurity Act has been reintroduced to safeguard the U.S. food supply chain from rising cyber threats. This bipartisan legislation, supported by a wide range of industry leaders, aims to identify vulnerabilities in the agricultural sector and improve protections across both government and private entities. With growing technological advancements in agriculture, this step is crucial to ensuring that cyberattacks do not disrupt the essential services that feed our nation.
This is exactly the type of legislation we should be advocating for across the board!"
The Act has garnered bipartisan support, with co-sponsors including Reps. Jill Tokuda [D-HI], Don Bacon [R-NE], and Sharice Davids [D-KS] in the House, and Sens. Elissa Slotkin [D-MI], Pete Ricketts [R-NE], Thom Tillis [R-NC], Cynthia Lummis [R-WY], Ted Budd [R-NC], and Katie Britt [R-AL] in the Senate.
"Cyber attacks pose a threat to every facet of our daily lives, including our ability to put food on our tables," Rep. Tokuda said in a press release. "Hardworking Americans are already grappling with high food costs and too many struggle with food insecurity. Protecting our country's food supply is critical, that's why I'm proud to co-lead the Farm and Food Cybersecurity Act with my colleague Rep. Brad Finstad. We must continue to identify and address cyber vulnerabilities and threats to better protect the food supply chain that all Americans depend on."
Industry groups have also expressed strong support. Matthew Eggers, Vice President for Cybersecurity Policy at the U.S. Chamber of Commerce, stated: "The Farm and Food Cybersecurity Act is crucial to bolstering the security and resilience of our nation's food and agriculture sector. By proactively studying the cybersecurity risks to the sector and holding relevant exercises, we can help safeguard approximately 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food-related facilities that collectively contribute approximately one-fifth of the nation's economic output. The Chamber applauds the lawmakers for their leadership on this important step, and we look forward to working with them as the bill advances through the legislative process."
The Operational Technology Cybersecurity Coalition also expressed strong support, noting that the legislation will enhance the resilience of the nation's food and agriculture sector against cyber threats by requiring coordination between the USDA and CISA, and by mandating broader public-private sector collaboration on resiliency exercises.
Congressman Finstad initially introduced the Farm and Food Cybersecurity Act in January 2024. Provisions of this legislation were included in the House Agriculture Committee-passed farm bill, the Farm, Food, and National Security Act of 2024.
One cybersecurity expert pointed out, "COVID had caused major disruption in the farm and food supply chain and made everyone scramble, however, this is a major effort to plan in advance, albeit for the cybersecurity issues. It will certainly prepare the country for the next COVID-like disaster."