Food and Agriculture Sector
National Infrastructure Protection Plan
Food and Agriculture Sector Specific Plans
Food and Agriculture Sector Annual Reports 
Food and Agriculture Sector Actions and Continued Efforts

Food and Agriculture Sector

The Food and Agriculture (FA) Sector is one of 16 critical infrastructures sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. 

The FA Sector is almost entirely under private ownership and is composed of farms, manufacturers, processors, storage and warehousing facilities, restaurants, retail establishments, and more.  This sector accounts for roughly one-fifth of the nation's economic activity. The FA Sector has critical dependencies with many other critical infrastructure sectors, such as water, transportation, energy, chemicals, and information technology. 

The FDA has a leading role as part of the Sector, and is the co-Sector Risk Management Agency (SRMA), along with USDA.  FDA and USDA are also the Co-Chairs of the Government Coordinating Council (GCC). The GCC works jointly with the Sector Coordinating Council (SCC), which is comprised of representatives from private industry, in developing goals, priorities, and activities to help protect the sector.  The FA Sector has taken significant steps to reduce sector risk, improve coordination, and strengthen security and resilience capabilities. The Sector has successfully built public-private partnerships that improved information sharing, created forums to share best practices, and developed tools and exercises to improve incident response and recovery. 

Food and Agriculture Sector efforts to enhance the security and resilience of the Nation’s critical infrastructure assets are guided through shared purpose and in support of foundational documents, including, but not limited to, Presidential Policy Directive 21: Critical Infrastructure Security and Resilience (PPD-21), the National Infrastructure Protection Plan (NIPP), and the Food and Agriculture Sector Specific Plan.  The following sections highlight important FA Sector plans, actions, and activities.

---

National Infrastructure Protection Plan (NIPP)

The critical infrastructure of the United States, which includes assets, systems, and networks that provide vital services to the Nation, is essential to the Nation’s security, economic vitality, and way of life. The protection of the Nation’s critical infrastructure, therefore, is an essential part of the homeland security mission of making America safer, more secure, and more resilient from terrorist attacks and other natural and manmade hazards. In the context of the National Infrastructure Protection Plan (NIPP) 2013, this includes actions to deter, mitigate, or neutralize the consequence, vulnerability, or threat associated with a terrorist attack or other incident. Protection can include a wide range of activities: safeguarding or shielding critical infrastructure assets, systems, networks, or their interconnecting links from exposure, injury, destruction, incapacitation, or exploitation; hardening facilities; building resilience and redundancy; and implementing cybersecurity measures. The NIPP 2013 provides the framework for the cooperation that is needed to develop, execute, and maintain a coordinated national effort that brings together all levels of government, the private sector, and international organizations.

The NIPP and its complementary Sector Specific Plans (SSPs) provide a consistent, unified structure for integrating both existing and future critical infrastructure security and resilience efforts. It also provides the core processes and mechanisms to enable government and private sector partners to work together to implement critical infrastructure security and resilience initiatives.

For more information on how the NIPP and the SPPs have historically worked together to protect critical infrastructure, see the Agriculture and Food Sector Brochure and Protection Program Specific Sector Plan.

---

Food and Agriculture Sector Specific Plans

Sector Specific Plans represent a collaborative effort among the private sector; Federal, State, local, tribal, and territorial (SLTT) governments; and nongovernmental organizations to reduce critical infrastructure risk and increase universal sector resilience. The purpose of the FA SSP is to guide and integrate the FA Sector’s efforts to improve security and resilience, and to describe how the FA Sector contributes to national critical infrastructure security and resilience as set forth in PPD-21. As an annex to the NIPP 2013, this SSP tailors the strategic guidance provided in the NIPP 2013 to the unique operating conditions and risk landscape of the FA Sector. 

The Food and Agriculture SCC and GCC jointly developed the goals, priorities, and activities included in this SSP to reflect the overall strategic direction for the Food and Agriculture Sector. In this section, we provide information on the Sector Specific Plan.

• 2015 Food and Agriculture Sector Specific Plan (SSP) (PDF - 1.1MB)  This SSP illustrates the continued maturation of the Food and Agriculture Sector partnership and the progress made to address the sector’s evolving risk, operating, and policy environments. These efforts include, but are not limited to: 
  • Development of the Food Related Emergency Exercise Bundle (FREE-B), a compilation of scenarios based on both intentional and unintentional food contamination events.
  • Development of the Fall 2015 HPAI Preparedness and Response Plan;
  • Conducted the Cybersecurity Assessment & Risk Management Approach (CARMA) to critically examined cyber threats, consequences, and vulnerabilities from farm-to-fork to better identify and manage cyber risks.
• 2010 Food and Agriculture Sector Specific Plan (PDF - 3.16MB)
• Critical Infrastructure and Key Resources Sector-Specific Plan, May 2007 (PDF - 3.2MB)

---

Food and Agriculture Sector Annual Reports

The Annual Reports include updates on protective and resilience programs and initiatives being conducted or planned by the SRMAs and other sector partners (e.g., Federal, SLTT, and private industry) and highlight many protection and resilience efforts. In this section, we provide, information on Annual Reports.

• 2020 Food and Agriculture Sector Annual Report (PDF - 641KB)
• 2011 Sector Annual Report June 2011 (PDF - 11.9MB)
  • Attachment A – Coordinating Council Project Summary and Select 2010/2011 Accomplishments (PDF - 716KB)
  • Attachment B – Government and Sector Coordinating Council Membership (PDF - 375KB)
  • Attachment C – National Center for Biomedical Research and Training (PDF - 375KB) 

---

Food and Agriculture Sector Actions and Continued Efforts

Enhancing the security and resilience of the FA Sector requires continued efforts in order to implement National Security Memoranda, Executive Orders, National Plans, and Sector Plans, as well as to prepare for and respond to continually changing circumstances.  In this section, we provide information on ongoing, selected, or updated activities. 

• Cybersecurity Activities

Incidents of malicious cyber activity are increasing. Every U.S. critical infrastructure sector, including some entities in the FA Sector, have been targets of cyber attacks. Adequately protecting FA Sector critical infrastructure against major threats, including cyber threats, is a responsibility shared by the private sector and government. Safeguarding this infrastructure includes prevention, protection, mitigation, response, and recovery activities. While this framework is familiar to many in the FA Sector, incorporating cyber-specific information may be new to some stakeholders.

The Federal government has published extensively on cybersecurity, with important information stemming from Presidential Directives, Executive Orders, National Security Memoranda, and Departments and Agencies. For more on how to protect critical infrastructure from cyber threats, please see the following examples:

Presidential Directives, Executive Orders, National Security Memoranda 

• National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems 
• Executive Order 14028 - Improving the Nation’s Cybersecurity 
• Executive Order 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure 
• Presidential Policy Directive 21 – Critical Infrastructure Security and Resilience

Information from Federal Departments and Agencies

• Department of Commerce National Institute of Standards and Technology (NIST) Cybersecurity
  • NIST: Framework for Improving Critical Infrastructure Cybersecurity 
• Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) Cybersecurity 
  • CISA: A Guide to Critical Infrastructure Security and Resilience 
  • CISA: Protecting Critical Infrastructure 
• Federal Bureau of Investigation Cybersecurity