The Cybersecurity and Infrastructure Security Agency (CISA) has announced the kickoff of Critical Infrastructure Security and Resilience (CISR) Month. The safety and security of the nation depends on the ability of critical infrastructure owners and operators to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. That’s why this November we are continuing with our enduring theme of Resolve to be Resilient.
“We must build resilience into our preparedness planning year-around,” said Dr. David Mussington, CISA’s Executive Assistant Director for Infrastructure Security. “It’s a whole of community responsibility to prepare and secure the nation’s critical infrastructure and protect the vital services it provides, so when something does happen, we are better able to respond to and recover from any impacts.”
Throughout November, we’ll highlight how critical infrastructure organizations can integrate the following practices to help make our critical infrastructure secure, resilient, and able to bounce back quickly and build back stronger when disruptions occur:
- Know Your Infrastructure and Dependencies. Organizations should identify their most critical systems and assets for their operations and understand potential dependencies on other infrastructure systems and assets that enable the continuity of their own operations.
- Assess Your Risks. Consider the full range of threats and hazards that could disrupt your organization’s infrastructure operations and evaluate specific vulnerabilities and consequences the threats and hazards could pose.
- Make Actionable Plans. Organizations should develop both a strategic risk management plan to reduce the risks and vulnerabilities identified and an actionable incident response and recovery plan to help withstand and rapidly restore operations within minimal downtime.
- Measure Progress to Continuously Improve. Exercise incident response and recovery plans under realistic conditions and periodically evaluate and update strategic plans. An organization’s ability to proactively prepare for and adapt to changing risk conditions starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents.
As a nation, we are grappling with continued cyber and physical threats to critical infrastructure Americans rely on every day. We have seen increasing threats of violence; extended, record-breaking heat and destructive weather and fire events; global conflicts with ripple effects around the world, including civil disturbances at home; and rapid advances in technology that enable novel cybersecurity risks.
CISR Month is CISA’s annual effort to educate and engage all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s security and why it is important to strengthen critical infrastructure resilience. Incorporating the resilience strategies above into planning helps protect lives and jobs, keeps communities connected, reduces economic disruptions to supply chains, and encourages innovative solutions to reduce harm to communities.
CISA encourages everyone to explore the resources on our Critical Infrastructure Security and Resilience (CISR) Month webpage, which includes a toolkit and social media graphics. In addition, be sure to follow us on social media and join the #BeResilient conversation.
The original announcement can be found here.