S. 754 — Farm and Food Cybersecurity Act of 2025

This section establishes definitions for terms used in the Act, including (1) agriculture and food critical infrastructure sector, defined to encompass activities relating to the production, processing, distribution, storage, transportation, consumption, or disposal of agricultural or food products, as well as entities involved in such activities (e.g., farmers, ranchers, processors, manufacturers, distributors, retailers, consumers, and regulators); (2) cybersecurity threat, defensive measure, incident, and security vulnerability, with meanings given in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650); (3) Secretary, meaning the Secretary of Agriculture; and (4) sector-specific ISAC, meaning the Food and Agriculture-Information Sharing and Analysis Center.

This section directs the Secretary of Agriculture, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), to conduct biennial risk assessments of cybersecurity threats and vulnerabilities in the agriculture and food critical infrastructure sector—including the nature and extent of cyberattacks, their potential impacts on food safety, the economy, public health, and national security, governmental and private sector readiness, existing defensive measures, gaps and challenges, and recommendations for federal actions—and to consult private sector entities such as the sector-specific information sharing and analysis center (ISAC) and sector coordinating council. The Secretary must submit a report on each assessment to the Senate Committees on Agriculture, Nutrition, and Forestry and Homeland Security and Governmental Affairs and the House Committees on Agriculture and Homeland Security not later than one year after enactment and every two years thereafter.

This section establishes a program requiring the Secretary of Agriculture, in coordination with the Secretaries of Homeland Security and Health and Human Services, the Director of National Intelligence, and other relevant federal agencies, to conduct annual cross-sector crisis simulation exercises on food-related emergencies or disruptions over a 5-year period. The exercises are to (1) assess preparedness and response capabilities of federal, state, Tribal, local, and territorial governments and private sector entities; (2) identify gaps and vulnerabilities in the food supply chain and critical infrastructure; (3) enhance coordination and information sharing among food production, processing, distribution, and consumption stakeholders; (4) evaluate existing food security and resilience policies, programs, and resources; (5) develop and disseminate best practices and recommendations; and (6) identify missing stakeholders for future exercises. Each exercise must feature realistic scenarios affecting multiple sectors and jurisdictions; incorporate expert input from agriculture, public health, cybersecurity, and other fields, including the food and agriculture sector-specific Information Sharing and Analysis Center (ISAC); employ varied methods such as tabletop exercises or full-scale drills; and include participants from relevant governments and private sector entities, including the sector-specific ISAC and coordinating councils. The Secretary must consult private sector entities, including the sector-specific ISAC and coordinating councils; provide post-exercise feedback and evaluations to participants; and submit a report to Congress summarizing findings, lessons learned, and recommendations to enhance cybersecurity and resilience in the agriculture and food critical infrastructure sector. The section authorizes $1 million for each of FY2026 through FY2030.