The U.S. Food and Agriculture (FA) sector is facing significant risks that require improved communication and collaboration between industry and government agencies. On July 13, the FDA, USDA and Department of Homeland Security (DHS) released the 120 Day Food and Agriculture Interim Risk Review, which provides a review of critical and emergent risks to the FA sector, as well initial mitigation strategies, factors contributing to risk and proposed actions to address risks.
Risks identified in the review include:
Chemical, Biological, Radiological, & Nuclear (CBRN) Threats. CBRN threats are defined as “hazardous contaminants such as poisonous agents including toxic industrial compounds and materials, toxins, and chemical agents and precursors; natural or genetically engineered pests and pathogens of livestock, poultry, fish, shellfish, wildlife, plants, and insects; and physical effects of nuclear detonations or dispersion of radioactive materials.”
Initial Mitigation Strategies: Prevention of CBRN incidents may be achieved through expanding and enhancing existing physical security and administrative controls, including many food defense mitigation strategies, such as control of entry systems at critical points in production, processing, storage, and transportation, surveillance of critical points, pre-employment screening, and clear marking of employees who are authorized to be at critical points.
Cyber Threats. While these are not new risks, the review notes that as the food industry increases its dependence upon technology, including the move toward automation, precision farming and digital agriculture, the likelihood and severity of a crippling cyberattack increases.
Initial Mitigation Strategies: Some FA sector entities have assessed and mitigated cybersecurity vulnerabilities through entity-specific action, using and applying the National Institute of Standards and Technology Cybersecurity Framework or other actions. Future activities should include the reviewing and securing of interconnectivities between systems. To do this, all FA sector entities, both public and private, must improve their understanding of cyber threats and vulnerabilities and reduce their gaps in protection. Future efforts in cybersecurity in the FA sector should prioritize the sharing of information about cyberattacks, research into cybertheft of food and agriculture intellectual property, FA sector dependency on the energy sector and interdependencies within the FA supply chain. The review also highlights the need for funding for a program to assist small and medium size facilities to increase implementation of effective cyber security mitigations.
Climate Change: Natural disasters and extreme weather events, limited water resources, loss of pollinators and pollinator services, and increased exposure potential to pests and pathogens are among the threats to future agricultural productivity which may be exacerbated by climate change.
Initial Mitigation Strategies: Research on environmental hazards and degradation within the FA sector should include water use, irrigation system improvements, dryland management practices, and crop system utilization. Similarly, research targeting pollinator habitat, how climate change affects pollinators, pollinator forage, and pollination rates as it pertains to crop yield, and current and emerging pests and pathogens that negatively impact the optimal health outcomes of people, animals, plants, and their shared environments to include the health of pollinators is vital to long-term crop sustainability and food security. The use of improved monitoring systems, predictive modeling to inform surveillance, early warning systems, and better control options can help reduce the risk of pest and disease agricultural damage due to climate change.
A “potential factor contributing to risk” is defined in the review “as features or operational attributes that render an entity open to exploitation or susceptible to a given hazard.” These include:
The FDA, USDA and DHS developed a timeline of proposed actions, which includes short-, mid- and long-terms strategies to enhance strategic planning, understanding of FA sector risks, and information sharing and engagement. Next steps include:
Threat Assessment: Identify potential actors and threats, delivery systems, and methods that could be directed against or affect the FA sector. (60 days and annually thereafter)
120-Day FA Risk Review: Identify risks to the FA sector from all hazards, identify activities to mitigate risks categorized as high-consequence and catastrophic, identify steps to improve coordination and integration across the FA sector, inform ongoing development of the Federal Risk Mitigation Strategy. (120 days)
Vulnerability Assessments: Identify vulnerabilities within the FA sector in consultation with state, local, tribal, and territorial (FSLTT) agencies and private sector partners. (180 days)
Risk Assessment: Prioritize by the highest risks for the FA sector, implement benchmarking off of results generated from the CBRN Strategic Risk Assessment Summary. The first draft would focus on CBRN and cyber threats with later iterations to include other threats (e.g., energy disruption, pandemics, catastrophic weather events, consequences of climate change). (365 days)
Risk Mitigation Analysis: This will include high-level actions for mitigating threats, a proposed timeline for their completion and a plan for sharing information. The analysis will identify strategies, capabilities, and areas of research and development that prioritize mitigation of the greatest risks as described in the risk assessment, and include approaches to determine the effectiveness of national risk reduction measures. (545 days)
Recognizing the need for improved coordination and communication, and an over-arching framework to direct and maintain a consistent
approach to preparedness and response to high-consequence and catastrophic incidents within the FA sector, the review also includes a proposed “Food and Agriculture Resilience Architecture.”
The proposed Architecture represents an “integrated, whole-of-community and whole-of-government system of stakeholders and capabilities” approach to strengthening the readiness and resilience of FA sector.