Sunday, October 26, 2025

Review - S 2866 Introduced – Ag Cybersecurity

Earlier this month Sen Budd (R,NC) introduced S 2866, the Cybersecurity in Agriculture Act of 2025. The bill would require the National Institute of Food and Agriculture (NIFA) to establish five Regional Agriculture Cybersecurity Centers (RACC) to carry out research, development, and education on agriculture cybersecurity. The bill would amend the National Agricultural Research, Extension, and Teaching Policy Act of 1977, adding a new §1473I. The bill would authorize $25 million in annual spending to support the Centers through 2030.

The bill is similar to similar to HR 4387, the Cybersecurity in Agriculture Act of 2023, that was introduced in the House in June of 2023 by Rep Nunn (R,LA). No action was taken on that bill in the 118th Congress. Most of the differences are editorial (format and word changes) in nature with the exception of the addition of paragraph (b)(9) which would require that the described cybersecurity activities are specifically designed to prevent cyberattacks from the usual nation-state suspects.

Commentary

There is one major deficiency in this bill, it lacks any mention of cybersecurity vulnerabilities in agricultural systems. The RACCs should conduct vulnerability research, act as vulnerability disclosure coordinators for agricultural systems, and coordinate with CISA’s NCCIC in publishing advisories about reported vulnerabilities.

To support those vulnerability related efforts, I would add a new §1473I(b)(9):

“(9) conduct vulnerability research on agricultural control systems, act as a coordinator between researchers and vendors, and, in coordination with CISA’s National Cybersecurity and Communications Integration Center, publish advisories describing discovered cybersecurity vulnerabilities in agricultural control systems.”


For more details about the provisions of this bill, including a discussion about the lack of definitions of cybersecurity terms, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-2866-introduced-ag-cybersecurity - subscription required.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */