H.R. 1604 — Farm and Food Cybersecurity Act of 2025

This section establishes definitions for terms used in the Act, including (1) agriculture and food critical infrastructure sector, meaning any activity relating to the production, processing, distribution, storage, transportation, consumption, or disposal of agricultural or food products and any entity involved in such activity (e.g., farmer, rancher, processor, manufacturer, distributor, retailer, consumer, or regulator); (2) cybersecurity threat, defensive measure, incident, and security vulnerability, adopting the meanings given those terms in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650); (3) Secretary, meaning the Secretary of Agriculture; and (4) sector-specific ISAC, meaning the Food and Agriculture Information Sharing and Analysis Center.

This section directs the Secretary to conduct biennial risk assessments of cybersecurity threats and vulnerabilities in the agriculture and food critical infrastructure sector (i.e., covering the nature and extent of cyberattacks; potential impacts on food safety, security, availability, economy, public health, and national security; federal, state, local, and private sector capabilities; existing policies and best practices; gaps and challenges; and recommendations for legislative or administrative actions). In conducting the assessments, the Secretary must consult private sector entities, including the sector-specific Information Sharing and Analysis Center (ISAC) and sector coordinating council. The Secretary must submit reports on the assessments to the Senate Committees on Agriculture, Nutrition, and Forestry and Homeland Security and Governmental Affairs and the House Committees on Agriculture and Homeland Security not later than one year after enactment and every two years thereafter.

This section establishes a program directing the Secretary, in coordination with the Secretaries of Homeland Security and Health and Human Services, the Director of National Intelligence, and other relevant federal agencies, to conduct annual cross-sector crisis simulation exercises on food-related emergencies or disruptions over a five-year period. The exercises must (1) use realistic scenarios affecting multiple sectors; (2) incorporate input from experts in agriculture, public health, cybersecurity, and other areas, including the sector-specific Information Sharing and Analysis Center (ISAC); (3) involve participants from federal, state, Tribal, local, territorial governments and private sector entities; and (4) culminate in participant feedback and a report to Congress on findings, lessons learned, and recommendations to enhance cybersecurity and resilience in the agriculture and food critical infrastructure sector. The section authorizes $1 million for each of FY2026 through FY2030.