CFSN Detailed Analysis

Share this post

CFSN Detailed Analysis
HR 1219 Introduced
Copy link
Facebook
Email
Notes
More

HR 1219 Introduced

Food and Agriculture Cybersecurity

Patrick Coyle
Mar 21, 2023

Share this post

CFSN Detailed Analysis
HR 1219 Introduced
Copy link
Facebook
Email
Notes
More
Share

Last month, Rep Pfluger (R,TX) introduced HR 1219, the Food and Agriculture Industry Cybersecurity Support Act. The bill would require National Telecommunications and Information Administration (NTIA) to establish a food and agriculture cybersecurity clearinghouse which would include direct support by NTIA to the food and agriculture industry. It also includes an obligatory report to Congress by the GAO. No funding is authorized by this bill.

Definitions

Section 2(c) provides 10 key definitions of terms used in this legislation. Seven of the definitions rely on existing statutory definitions. The definition of the term ‘food and agriculture industry’ provides a targeted definition that will be of little use outside of this bill or resulting regulations as it specifically targets technology issues in the definition.

Clearinghouse

Section 2(a)(1) establishes the requirement for NTIA to establish the clearinghouse. It would require the clearinghouse to:

  • Be publicly available online,

  • Contain current, relevant, and publicly available food and agriculture industry focused cybersecurity resources and any other appropriate materials for reference by entities that develop products with potential security vulnerabilities for the food and agriculture industry,

  • Contain a mechanism for individuals or entities in the food and agriculture industry to request in-person or virtual support from the NTIA or, if appropriate, a cooperating agency for cybersecurity related issues,

  • Contain a Frequently Asked Questions (FAQ) section, updated at least annually, with answers to the top 20 most frequently asked questions relevant to the cybersecurity of the food and agriculture industry, and

  • Include materials specifically aimed at assisting small business concerns and non-technical users in the food and agriculture industry with critical cybersecurity protections related to the food and agriculture industry, including recommendations on how to respond to a ransomware attack and resources for additional information.

Paragraph (2) would require NTIA to include in that clearinghouse a consolidated list of best practices that would form a “a set of voluntary cybersecurity recommendations relating to the development, maintenance, and operation of the food and agriculture industry.” Those best practices would include:

  • Risk-based, cybersecurity-informed engineering, including continuous monitoring and resiliency.

  • Planning for retention or recovery of positive control of systems in the food and agriculture industry in the event of a cybersecurity incident.

  • Protection against unauthorized access to critical functions of the food and agriculture industry.

  • Cybersecurity against threats to products of the food and agriculture industry throughout the lifetimes of such products.

  • How businesses in the food and agriculture industry should respond to ransomware attacks, including details on the legal obligations of such businesses in the event of such an attack, including reporting requirements and Federal resources for support.

  • Any other recommendations to ensure the confidentiality, availability, and integrity of data residing on or in transit through systems in the food and agriculture industry.

GAO Study

Section 2(b) would require the Government Accountability Office to conduct a study “on the actions the Federal Government has taken or may take to improve the cybersecurity of the food and agriculture industry.” The report to Congress on the results of that study would include information on:

  • The effectiveness of efforts of the Federal Government to improve the cybersecurity of the food and agriculture industry.

  • The resources made available to the public, as of the date of such submission, by Federal agencies to improve the cybersecurity of the food and agriculture industry, including to address cybersecurity risks and cybersecurity threats to the food and agriculture industry.

  • The extent to which Federal agencies coordinate or duplicate authorities and take other actions for the improvement of the cybersecurity of the food and agriculture industry.

  • Whether there is an appropriate plan in place to prevent or adequately mitigate the risks of a coordinated attack on the food and agriculture industry.

  • The advantages and disadvantages of creating a food and agriculture industry specific Information Sharing and Analysis Center (ISAC), including required actions by the Federal Government and expected costs to the Federal Government to create such an organization and potential industry and civil society partners who could operate such an organization.

  • The advantages and disadvantages of the creation by the Assistant Secretary of a database containing a software bill of materials (SBOM) for the most common internet-connected hardware and software applications used in the food and agriculture industry and recommendations for how the Assistant Secretary can maintain and update such database.

Moving Forward

Pfluger and his three cosponsors {Rep Veasey (D,TX), Rep Curtis (R,UT), Rep Matsui (D,CA)} are all members of the House Energy and Commerce Committee to which this bill was assigned for primary consideration. This means that their should be adequate influence to see this bill considered in Committee. Since no spending is being authorized in this bill, I see nothing that would engender any organized opposition to the bill. I suspect that it would receive substantial bipartisan support in Committee and would probably be able to move to the floor of the House under the suspension of the rules process.

The big problem facing this bill is the potential lack of support on the House Agriculture Committee which has been assigned secondary consideration responsibility. With no cosponsors of the bill on that Committee, there is no one arguing for the support of that Committee. Lack of support from the Ag Committee will kill any chances of this bill being considered on the floor of the House.

Pfluger could attempt to get this bill considered as a floor amendment to the Farm Bill which should be coming up for consideration this year. But the same lack of an ag cosponsor or a cosponsor on the House Rules Committee would make it difficult to clear the amendment process hurdle.

Commentary

The definition of the term ‘food and agriculture industry’ used in the bill is very technology oriented and it specifically mentions ‘information technology’ without reference to an existing definition, but it lacks any specific mention of operational or control system technology other than a reference to “computer vision algorithms for precision agriculture” which is sensor technology, not control system tech. This could be rectified by making a relatively simple change to §2(c)(4)(A):

(A) equipment and control systems utilized in the food and agriculture supply chain, such as computer vision algorithms for precision agriculture, grain silos, and related food and agriculture storage infrastructure;

Share this post

CFSN Detailed Analysis
HR 1219 Introduced
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Patrick Coyle
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More