Cybersecurity threats target every industry, and food and agriculture are not exempt from this threat. This has piqued the interest of the legislature, which has recently taken steps to counter these threats.

On January 29, 2024, Senator Kirsten Gillibrand of New York and Senator Tom Cotton of Arkansas introduced, the Farm and Food Cybersecurity Act, or the Act. It's a bipartisan bill that, if enacted, would strengthen cybersecurity of agriculture and food infrastructure in government and private trade. The bill aims to identify cybersecurity vulnerabilities in the food and agriculture industry, improve cyber defenses of private and government entities involved in the industry, and overall enhance security protection within the sector.

Specifically, the Act directs the Secretary of Agriculture, along with the Cybersecurity and Infrastructure Security Agency, to periodically assess cybersecurity threats to, and vulnerabilities in, the agriculture and food critical infrastructure sector; and provide recommendations to these stakeholders to enhance their security and resilience. Furthermore, the Act requires the Secretary of Agriculture, in coordination with the Secretary of Homeland Security, the Secretary of Health and Human Services, the Director of National Intelligence, and the heads of other relevant Federal agencies, to conduct an annual cross-sector simulation exercise involving a food-related emergency or disruption, over a five-year period.

The Act explains that the purpose of the exercise is to

  1. assess the capabilities of the government and private sector entities in the event of a food related emergency;
  2. identify and address gaps and vulnerabilities in the food supply chain;
  3. improve collaboration and exchange of information among all stakeholders involved in food production, processing, distribution, and consumption;
  4. evaluate the effectiveness and efficiency of existing policies, programs, and resources relating to food security and resilience;
  5. develop and disseminate best practices and recommendations for improving food security and resilience; and
  6. identify key stakeholders and categories that were missing from the exercise to ensure the inclusion of those stakeholders and categories in future exercises.

The Act further illustrates the design of each exercise and the reporting obligations imposed on the Secretary of Agriculture after each exercise.

Given the public's ever-increasing concern and engagement with cybersecurity issues, we are likely to see more and more targeted legislation from critical infrastructure, including water and waste utilities, to now agriculture and food.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.