Farm and Food Cybersecurity Act of 2025: Protecting the Nation's Food Supply Chain, from Farm to Table

The Farm and Food Cybersecurity Act of 2025 is all about boosting the security of the nation's food supply. It recognizes that everything from the farm to your dinner table is now connected, and that makes it a target for cyberattacks. This bill sets up a system for regularly checking our defenses and making sure we're ready for anything that might threaten our food supply.

Digital Defenses on the Farm

The bill kicks off by requiring a thorough risk assessment every two years, starting one year after the bill becomes law. Think of it as a regular checkup for the entire food and agriculture sector, looking at where we're vulnerable to cyber threats. This isn't just about hackers stealing data; it's about protecting against attacks that could disrupt food production, mess with safety, or even cause economic chaos. The Secretary of Agriculture, working with the Cybersecurity and Infrastructure Security Agency, will lead this effort, consulting with folks in the private sector—farmers, food processors, distributors, and others—to get a real-world view. The findings of the risk assessment will be reported to the Senate and House Committees on Agriculture, Homeland Security, and Governmental Affairs.

For example, imagine a dairy farm that relies on automated systems for milking and feeding. A cyberattack could shut down those systems, harming the animals and disrupting the milk supply. Or consider a large food processor: a ransomware attack could halt production, leading to empty shelves in the grocery store. This bill aims to identify and address those kinds of vulnerabilities before they become crises. The bill defines "Agriculture and food critical infrastructure sector" to include practically every part of the food chain, from growing and processing to distributing and even disposing of food products (Section 2).

War Games for Food Security

Beyond the risk assessments, the bill mandates annual "crisis simulation exercises" for five years, starting in 2026. These aren't just tabletop discussions; they're full-scale simulations of food-related emergencies, with a special focus on cybersecurity. The goal is to test how well government agencies and private companies can work together to handle a crisis, whether it's a widespread contamination, a supply chain breakdown, or a cyberattack that cripples food production. The bill specifically requires these exercises to include input from folks across the agriculture, public health, and cybersecurity sectors (Section 4). The Secretary must consult with private sector entities, and feedback from the exercise participants will be reported to Congress.

These simulations are like fire drills for the food system, making sure everyone knows their role and can respond quickly and effectively. It ensures that if a food emergency happens, the government and private sector can work together. The bill sets aside $1,000,000 each year from 2026 to 2030 to pay for these exercises (Section 4).

Real-World Readiness

Overall, the Farm and Food Cybersecurity Act of 2025 is about making sure the food on our plates is safe and secure, no matter what kind of cyber threats emerge. It's a proactive approach that recognizes the growing importance of cybersecurity in every aspect of our lives, including the food we eat. By regularly assessing risks and running realistic simulations, the bill aims to build a more resilient food system that can withstand whatever challenges come its way.