Biden administration releases National Security Memorandum to build security, resilience of food and agriculture sector

The U.S. administration released a National Security Memorandum that works on strengthening the security and resilience of the nation’s food and agriculture sector, in response to the possibility of high-consequence and catastrophic incidents. The federal government is set to identify and assess threats, vulnerabilities, and impacts from these high-consequence and catastrophic incidents. It will also work on prioritizing resources to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk.

To bring about greater coordination, the memorandum proposes that the assistant to the President for National Security Affairs (APNSA) or the APNSA’s designee shall coordinate the executive branch actions necessary to implement this memorandum.  Furthermore, the APNSA or the APNSA’s designee shall, within one year of the date of this memorandum and on a biennial basis thereafter, submit a report to the U.S. President summarizing progress on the implementation of this memorandum, identifying gaps in capabilities, and recommending how to address those gaps.

The federal risk mitigation strategy laid down in the memorandum said that “within 60 days of the date of this memorandum and annually thereafter, or more frequently as warranted, the Attorney General and the Secretary of Homeland Security, in coordination with the Secretary of Defense and the heads of other relevant agencies, shall provide to the Secretary of Agriculture, the Secretary of Commerce, the Secretary of Health and Human Services, and the heads of other relevant agencies a threat assessment on potential actors and threats, delivery systems, and methods that could be directed against or affect the food and agriculture sector.”

The document also identified that within 180 days of the date of the memorandum, the Secretary of Agriculture, the Secretary of Health and Human Services, and the heads of other relevant agencies shall assess the vulnerabilities of the food and agriculture sector to the threats identified, in consultation with private sector and federal, state, local, tribal, and territorial (SLTT) partners, as appropriate.  

These vulnerability assessments shall be updated when there are emergent, credible, and actionable threats or events necessitating reassessment; agencies determine that it is appropriate to do so, such as when significant changes have been made to assessment-specific food production or processing steps; or required by statute. 

The memorandum also lays down that within one year of the date of this memorandum, the Secretary of Homeland Security, in coordination with the Attorney General, the Secretary of Agriculture, the Secretary of Health and Human Services, and the heads of other relevant agencies, shall produce a comprehensive risk assessment for the food and agriculture sector. 

The risk assessment is guided by the threat and vulnerability assessments, data-driven, sector-specific, and founded on interagency coordination; and is inclusive of the chemical, biological, radiological, and nuclear (CBRN) and cyber threats, and in later iterations other threats that may result in high-consequence and catastrophic incidents such as energy disruption, pandemics impacting the food and agriculture sector’s critical infrastructure and essential workforce, catastrophic weather events, and consequences of climate change. It also prioritized the highest risks for the food and agriculture sector; and reviewed and updated on an annual basis. 

Lastly, the federal risk mitigation strategy identifies that within six months of the completion of the risk assessment, the Secretary of Agriculture and the Secretary of Health and Human Services, in coordination with the heads of relevant agencies, shall submit to the President, through the APNSA or the APNSA’s designee, a strategy and action plan that will leverage results from the risk assessment, as well as information on security and resilience capabilities, costs, and benefits; and include a risk mitigation analysis.

As part of an interim risk review, the memorandum sought to ensure risk to the food and agriculture sector is appropriately managed while the federal risk mitigation strategy is developed, the Secretary of Agriculture, the Secretary of Health and Human Services, and the Secretary of Homeland Security, in coordination with the heads of other relevant agencies, shall submit to the APNSA or the APNSA’s designee, within 120 days of the date of this memorandum, an interim review of critical and emergent risks to the food and agriculture sector.  

The review shall leverage existing information and ongoing work to identify risks to the food and agriculture sector from all hazards; identify activities underway to mitigate those risks categorized as high-consequence and catastrophic; identify and initiate steps for improved coordination and integration across the broader preparedness and response community to enhance the nation’s ability to prevent and respond to threats against the food and agriculture sector; and inform the ongoing development of the federal risk mitigation strategy, as appropriate. 

The memorandum said that the Attorney General, the Secretary of Agriculture, the Secretary of Health and Human Services, the Secretary of Homeland Security, and the heads of other relevant agencies shall request budget requirements for the continued implementation of this memorandum in their respective annual budget submissions to the director of the Office of Management and Budget (OMB).

The memorandum supersedes and rescinds Homeland Security Presidential Directive 9 of Jan. 30, 2004 (Defense of United States Agriculture and Food). Furthermore, nothing in the memorandum shall be construed to impair or otherwise affect the authority granted by law to an executive department or agency, or the head thereof; or the functions of the director of the OMB relating to budgetary, administrative, or legislative proposals. 

It shall be implemented consistent with applicable law and subject to the availability of appropriations. The memorandum is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the U.S., its departments, agencies, or entities, its officers, employees, or agents, or any other person.

Data released by industrial cybersecurity firm Dragos shows that nine percent of attacks in the third quarter of this year targeted the food and beverage sector at 12 incidents, compared to eight percent in the last quarter. The Hanover, Maryland-headquartered firm disclosed last month that Lockbit 3.0 maintained the same level of operation as Lockbit 2.0 last quarter. Ransomware attacks against manufacturing entities also impact other sectors that depend on manufacturers in their operations or supply chain, such as aerospace, food and beverage, and automotive organizations. 

The food and agriculture sector accounts for roughly one-fifth of the nation’s economic activity. It has critical dependencies across many other sectors, especially water and wastewater systems for clean irrigation and processed water, transportation systems for the movement of products and livestock, energy to power the equipment needed for agriculture production and food processing, and the chemical sector for fertilizers and pesticides used in the production of crops.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.