Bipartisan, bicameral legislation released Thursday would bolster cybersecurity protections in the food and agriculture industry, in a bid to improve the resilience of the U.S. food supply after a 2021 ransomware incident that disrupted the availability of meat to U.S. consumers.
Introduced by Reps. Brad Finstad, R-Minn., and Elissa Slotkin, D-Mich., and Sens. Tom Cotton, R-Ark., and Kirsten Gillibrand, D-N.Y., the Farm and Food Cybersecurity Act calls on the agriculture secretary to study cybersecurity threats and vulnerabilities in the food and agriculture sectors every two years and deliver a report on the findings to Congress.
The bill also would task the secretaries of agriculture, homeland security and health and human services to team with the director of national intelligence in holding a yearly cross-sector exercise on how to handle food-related cyber disruptions and emergencies.
“Food and farm security is national security,” Finstad said in a statement. “With growing threats at home and abroad, it is increasingly important that we ensure our nation’s agriculture sector and food supply chain remain secure.”
This legislation, Finstad added, “will provide us with a greater understanding of the susceptibility of our country’s food supply to cyberattacks, and more importantly, help us prevent these attacks from occurring in the future.”
As an example of what the legislation aims to mitigate, Slotkin pointed to the 2021 ransomware attack on the Brazil-headquartered meat-packing giant JBS, which disrupted operations at the company’s facilities in Colorado, Canada and Australia. JBS later said that it paid an $11 million ransom to the hackers — more than double the amount sent to those who attacked Colonial Pipeline earlier that summer.
“Food security is national security, so it’s critical that American agriculture is protected from cyber threats,” Slotkin said in a statement. “No longer just some tech issue, cyber attacks have the potential to upend folks’ daily lives and threaten our food supply. … This legislation will require the Department of Agriculture to work closely with our national security agencies to ensure that adversaries like China can’t threaten our ability to feed ourselves by ourselves.”
The annual exercise called for in the legislation is intended to boost coordination and information-sharing among affected food and agriculture stakeholders, in addition to assessing the preparedness and response capabilities of state, local and tribal governments and private-sector teams.
The test would “involve a realistic and plausible scenario that simulates a food-related emergency or disruption affecting multiple sectors and jurisdictions,” pulling cyber defense input from experts in various critical infrastructure sectors.
“America’s adversaries are seeking to gain any advantage they can against us — including targeting critical industries like agriculture,” Cotton said in a statement. “Congress must work with the Department of Agriculture to identify and defeat these cybersecurity vulnerabilities. This legislation will ensure we are prepared to protect the supply chains our farmers and all Americans rely on.”
The bill is backed by several agricultural trade groups, including the American Farm Bureau Federation, the National Cattlemen’s Beef Association and the Agricultural Retailers Association, as well as the U.S. Chamber of Commerce, which called the legislation “a productive step” toward enhancing security and resilience in the country’s food industry.