HR 4387 Introduced - Ag Cybersecurity
In June, Rep Nunn (R,IA) introduced H 4387, the Cybersecurity in Agriculture Act of 2023. The bill would require the National Institute of Food and Agriculture (NIFA) to establish five Regional Agriculture Cybersecurity Centers (RACC) to carry out research, development, and education on agriculture cybersecurity. The bill would authorize $25 million in annual spending to support the Centers through 2028.
Definitions
A single term is defined in §2(c); ‘eligible entity’.
Cybersecurity Centers
The RACC’s would be required to:
Conduct research on cybersecurity systems for the agriculture sector, including developing cybersecurity situational awareness systems to monitor cybersecurity threats, intrusions, and anomalies,
Develop a security operations center for the agriculture sector to analyze cybersecurity threats, intrusions, and anomalies and to recommend mitigation actions,
Develop cybersecurity technologies and tools for the agricultural sector, including domain-specific intrusion and anomaly detection systems, domain-specific intrusion prevention systems, domain specific role-based access control and user authentication systems, lightweight device authentication protocols, and secure network architectures,
Build live cybersecurity testbeds to assess and refine cybersecurity technologies, tools, and systems developed, and conduct training for the agricultural sector,
Conduct attack/defense exercises to validate and evaluate cybersecurity solutions for field deployment and agriculture industry adoption,
Develop cybersecurity education and training programs for agricultural stakeholders, and
Build a regional research and development collaboration network.
Moving Forward
Both Dunn and his sole cosponsor {Rep Davis (D,NC)} are members of the House Agriculture Committee to which this bill was assigned for consideration. This means that their may be sufficient influence to see the bill considered in Committee. I suspect that there would be some level of bipartisan support for the bill in Committee, but the new spending will run afoul of efforts of the Republican 11 to radically reduce spending. The bill might be able to clear the Committee, but I doubt that there would be enough influence to see the bill overcome that objection and move to the floor of the House. I suspect that the bill could pass with bipartisan support if it were considered by the full House.
Commentary
There is one major deficiency in this bill, it lacks any mention of cybersecurity vulnerabilities in agricultural systems. The RACCs should be conducting vulnerability research, act as vulnerability disclosure coordinators for agricultural systems, and coordinate with CISA’s NCCIC in publishing advisories about reported vulnerabilities.
To support those vulnerability related efforts, I would add a new §2(b)(9):
“(9) conduct vulnerability research on agricultural control system, act as a coordinator between researchers and vendors, and, in coordination with CISA’s National Cybersecurity and Communications Integration Center, publish advisories describing discovered cybersecurity vulnerabilities in agricultural control systems.