Attacks and Vulnerabilities
CISA
Critical infrastructure
Industrial Cyber Attacks
IT/OT Collaboration
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Supply Chain Security
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

US lawmakers propose Farm and Food Cybersecurity Act to boost cyber protections for agriculture, food supply chain

January 31, 2024
US lawmakers propose Farm and Food Cybersecurity Act to boost cyber protections for agriculture, food supply chain

Lawmakers from the U.S. Senate and House of Representatives have introduced legislation aimed at addressing cybersecurity threats in the agriculture sector and enhancing protections for the food supply chain. The proposed Farm and Food Cybersecurity bill focuses on strengthening cybersecurity measures within the food and agriculture critical infrastructure sector by identifying vulnerabilities and improving the protective measures of both government and private entities against potential cyber threats to America’s food supply chain.

The bipartisan, bicameral legislation directs the Secretary of Agriculture to conduct a study every two years on cybersecurity threats and vulnerabilities within the agriculture and food sectors and submit a report to Congress. It also requires the Secretary of Agriculture, in coordination with the Secretaries of Homeland Security and Health and Human Services, as well as the Director of National Intelligence, to conduct an annual cross-sector crisis simulation exercise for food-related cyber emergencies or disruptions.

Senator Tom Cotton, a Republican from Arkansas, and Senator Kirsten Gillibrand, a New York Democrat, introduced the Farm and Food Cybersecurity legislation that would strengthen cybersecurity protecting the agriculture and food critical infrastructure sectors. The bill will identify vulnerabilities and improve protective measures of both the government and private groups against cyber threats.

Co-sponsoring the legislation are Senators Pete Ricketts, a Republican from Nebraska, Katie Britt, a Republican from Alabama, John Barrasso, a Republican from Wyoming, Cynthia Lummis, a Republican from Wyoming, Jerry Moran, a Republican from Kansas, and Mike Rounds, a Republican from South Dakota. 

Also, supporting the legislation are the American Farm Bureau Federation, North American Millers Association, National Grain and Feed Association, National Council of Farmer Cooperatives, National Cattlemen’s Beef Association, National Pork Producers Council, USA Rice, Agricultural Retailers Association, American Sugar Alliance, and the U.S. Chamber of Commerce.

Congressman Brad Finstad from Minnesota and Congresswoman Elissa Slotkin from Michigan have introduced companion legislation in the House.

The proposed Farm and Food Cybersecurity Act calls upon the Secretary, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study, on a biennial basis, on the cybersecurity threats to, and security vulnerabilities in, the agriculture and food critical infrastructure sector. This includes the nature and extent of cyberattacks and incidents that affect the agriculture and food critical infrastructure sector; and the potential impacts of a cyberattack or incident on the safety, security, and availability of food products, as well as on the economy, public health, and national security of the U.S. 

It also takes into consideration the current capability and readiness of the federal government, state and local governments and private sector entities to prevent, detect, respond to, and recover from cyberattacks and incidents. Also, the existing policies, standards, guidelines, best practices, and initiatives applicable to the agriculture and food critical infrastructure sector to enhance defensive measures in that sector.

The proposed Farm and Food Cybersecurity Act will also address gaps, challenges, barriers, or opportunities for improving defensive measures in the agriculture and food critical infrastructure sector; and any recommendations for Federal legislative or administrative actions to address the cybersecurity threats to, and security vulnerabilities in, the agriculture and food critical infrastructure sector. 

The legislation identified that not later than one year after the date of enactment of this Act, and every two years thereafter, the Secretary shall submit a report on each study conducted to the Committee on Agriculture, Nutrition, and Forestry of the Senate; the Committee on Homeland Security and Governmental Affairs of the Senate; the Committee on Agriculture of the House of Representatives; and the Committee on Homeland Security of the House of Representatives.

“America’s adversaries are seeking to gain any advantage they can against us—including targeting critical industries like agriculture,” Senator Cotton said in a recent media statement. “Congress must work with the Department of Agriculture to identify and defeat these cybersecurity vulnerabilities. This legislation will ensure we are prepared to protect the supply chains our farmers and all Americans rely on.”

“Protecting our nation’s farms and food security against cyberattacks is a vital component of our national security,” said Senator Gillibrand. “The Farm and Food Cybersecurity Act is a crucial step toward preparing our nation’s agriculture sector to respond to potential cyberattacks. I am committed to ensuring our American agriculture sector is ready to defend against these cyber threats and look forward to working with my colleagues to get this important bill passed.”

“Food and farm security is national security,” Rep. Finstad identified in a media statement. “With growing threats at home and abroad, it is increasingly important that we ensure our nation’s agriculture sector and food supply chain remain secure. I am proud to join Rep. Slotkin and Senator Cotton in introducing the Farm and Food Cybersecurity Act, which will provide us with a greater understanding of the susceptibility of our country’s food supply to cyber-attacks, and more importantly, help us prevent these attacks from occurring in the future.”

“Food security is national security, so it’s critical that American agriculture is protected from cyber threats,” said Rep. Slotkin. “No longer just some tech issue, cyber attacks have the potential to upend folks’ daily lives and threaten our food supply – like we saw a couple of years ago when the meat-packing company JBS was taken offline by a ransomware attack. This legislation will require the Department of Agriculture to work closely with our national security agencies to ensure that adversaries like China can’t threaten our ability to feed ourselves by ourselves.”

Last February, food giant Dole plc said that it experienced a cybersecurity incident that was determined to be ransomware. The cyber attack has caused the company’s operations to be disrupted, resulting in the temporary shutdown of production plants and the disruption of food supplies to U.S. grocery stores.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation