In 2013, Presidential Policy Directive 21 (PPD-21) ordered the Cybersecurity Infrastructure Security Agency (CISA) to create and categorize the Critical Infrastructure Sectors of the United States. The directive emphasizes risk management, public-private partnerships, and the sharing of information to enhance the security and resilience of these vital systems.

One of those sectors identified by CISA, was the Food and Agriculture Sector, covering "an estimated 2.1 million farms; 935,000 restaurants; and more than 200,000 registered food manufacturing, processing, and storage facilities" amount to "roughly one-fifth of the nation's economic activity".

Other Critical Infrastructure sectors include the Energy Sector, Water Sector, and Transportation Sector.

Critical Infrastructure designates industries that are critical to continued operations of the United States as a nation, and arguably there is no other industry more worthy of this title than agriculture & food production. Simply put, if people stop eating, society collapses very quickly.

So, as part of PPD-21, CISA assigned a federal agency with the task of stewarding the risk for the newley created sector, with their choice ultimately being a shared responsibility between the Department of Agriculture and the Department of Health and Human Services. These agencies are responsible for identifying, mitigating and managing the cybersecurity risks to the agriculture sector.

Generally, this involves researching cybersecurity threats and proactively developing countermeasures and guidance for the sector, as the Department of Energy has done with the Energy industry.

However, both the USDA and the HHS have left this task severly undone despite the overwhelming criticality of the industry they steward. As of this date, no cybersecurity threat research in the agriculture industry has been funded by either organization. No public announcements, comments, or resources concerning digital risks and countermeasures specific to the agriculture industry has been offered. The USDA's website does not even list cyber incident response & recovery as a category on their disaster recovery resources, nor is it included as any one of their priority lists, despite being assigned that task by CISA.

Agriculture has always been essential to society, but no longer is it a industry without digital operations. In the last decade, the rapid modernization of farms, while dramatically increasing yield and productivity, has also allowed new threats to appear, and increased the risk posed by digital threat actors to the ag industry. Without more funding, resources, research, and guidance, farmers and farming manufacturers will not be equipped to handle modern cybersecurity defense, and food security will suffer as a result.