Food and Agriculture Cybersecurity Checklist and Resources
Food and Agriculture Cybersecurity Checklist and Resources
OVERVIEW
The U.S. Food and Agriculture Sector is almost entirely privately owned and composed of an estimated 1.9 million farms,[i] over 700,000 restaurants,[ii] and more than 220,000 registered facilities in food manufacturing, processing, and storage.[iii] Agriculture, food, and related industries represent 5.6% of U.S. gross domestic product (GDP) and 10.4% of U.S. employment.[iv]
Sector organizations run operational technology (OT) and information technology (IT) systems that are vulnerable to cyberattacks. This checklist highlights the top cyber actions that organizations can take to mitigate cyber risks and improve resilience. The following voluntary steps, services, and resources are available at no cost to you and can mitigate against costly intrusions and malware.
Secure our world: four easy ways to stay safe online
Protect your business employees, vendors, and customers from online threats by taking these four (4) simple steps to ‘Secure Our World’:
- Use Strong Passwords
- Turn on Multifactor Authentication (MFA)
- Recognize and Report Phishing
- Update Software
CISA has resources available to share the importance of these actions, including animated videos and tip sheets translated into multiple languages.
Mitigate exposure with cybersecurity tools and assessments
Conduct a cybersecurity assessment on a regular basis to identify vulnerabilities. Use cyber hygiene services to reduce exposure to the public-facing internet and contact your local cybersecurity advisor for additional services and assessments.
- Scanning: CISA’s Free Cyber Vulnerability and Web Applications Scanning program helps organizations reduce their exposure to threats. To get started, email vulnerability@cisa.dhs.gov with the subject line “Requesting Cyber Hygiene Services.”
- Ransomware: CISA has numerous resources to Stop Ransomware and respond to it.
- Protect Operational Technology (OT) systems from cyber attacks by hardening remote access, strengthening your security posture, and limiting adversarial use of common vulnerabilities.
- Prioritize patching in accordance with CISA’s Known Exploited Vulnerabilities catalog.
- CISA’s Cybersecurity Performance Goals (CPGs) provide a set of baseline cyber protections. A free CPG assessment can be administered by a CISA cybersecurity advisor (CISA Regions) or through a self-assessment.
Backup your data
Regularly backup OT/IT systems to recover to a known and safe state in the event of a compromise. More guidance can be found with CISA’s Cyber Essentials Toolkit Chapter 5: Your Data and NIST’s Protecting Data From Ransomware and Other Data Loss Events.
Cybersecurity Incident response and recovery plans
Develop: Use CISA’s Incident Response Plan Basics to develop cyber incident response plans before a cyber incident occurs.
Exercise: CISA has a Tabletop Exercise Scenario tailored for the Food and Agriculture Sector as well as other general cybersecurity training and exercise resources to test your incident response plan and ensure all operators are familiar with roles and responsibilities.
Reporting
Organizations can share information about unusual cyber activity and/or cyber incidents to www.cisa.gov/report, report@cisa.gov or 1-844-Say-CISA (1-844-729-2472). To guide incident reporters through the reporting process, CISA also released a voluntary cyber incident reporting resource. It helps entities understand “who” should report an incident, “why and when” they should report, as well as “what and how to report.”
[i] National Agricultural Statistics Service. (2022). Census of Agriculture. U.S. Department of Agriculture. www.nass.usda.gov/AgCensus
[ii] U.S. Bureau of Labor Statistics. (2023; 4th Quarter). Quarterly Census of Employment and Wages. Series Title: Number of Establishments in Private NAICS 722 Food services and drinking places. https://www.bls.gov/cew/
[iii] U.S. Food and Drug Administration. (2024). Food and Facility Registration Statistics. https://www.fda.gov/food/registration-food-facilities-and-other-submissions/food-facility-registration-statistics
- [U.S. Department of Agriculture Food Safety and Inspection Service (FSIS) also has over 7,000 establishments which produce meat, poultry and/or egg products regulated by FSIS; some of which may also be registered with Food and Drug Administration. https://www.fsis.usda.gov/inspection/establishments/meat-poultry-and-egg-product-inspection-directory]
[iv] Economic Research Service. (2024). Ag and Food Sectors and the Economy. U.S. Department of Agriculture. https://www.ers.usda.gov/data-products/ag-and-food-statistics-charting-the-essentials/ag-and-food-sectors-and-the-economy/?topicId=b7a1aba0-7059-4feb-a84c-b2fd1f0db6a3#:~:text=Agriculture%2C%20food%2C%20and%20related%20industries%20contributed%20roughly%20%241.530,of%20this%20sum%E2%80%94about%200.7%20percent%20of%20U.S.%20GDP.