Build Security and Resilience into Critical Infrastructure

Critical Infrastructure security and resiliencyCritical infrastructure is vital to the economic and social well-being of our communities. It is therefore essential we invest in its resilience to withstand cyberattacks, natural disasters, and disruptions that threaten our nation’s economy, security, and health.

How the U.S. is Building Resilience into Critical Infrastructure:

On November 15, 2021 President Biden signed the historic Bipartisan Infrastructure bill. This bill sets aside the necessary funding to rebuild America’s roads, bridges and rails, expand access to clean drinking water, ensure every American has access to high-speed internet, tackle the climate crisis, advance environmental justice, and invest in communities that have too often been left behind. The legislation will help ease inflationary pressures and strengthen supply chains by making long overdue improvements to our nation’s ports, airports, rail, and roads. It will drive the creation of good-paying union jobs and grow the economy sustainably and equitably.

The Bipartisan Infrastructure bill is the largest investment in infrastructure within the United States, improving the lives of those across every state and territory. This investment will further strengthen our nations resiliency and improve our preparedness for future disasters. This bill also provides the Federal Emergency Management Agency (FEMA) billions of dollars for mitigation investments. FEMA will invest $6.8 billion in communitywide mitigation initiatives to reduce the hardships that come with disaster and avoid future disaster costs in the face of more frequent and severe events arising from wildfires, droughts, hurricanes, tornados, and floods. These funds are complementing previous award programs amplified by FEMA to make the nation stronger.

How CISA is Building Security and Resilience into Critical Infrastructure:

The Cyber Security and Infrastructure Security Agency (CISA) created the Infrastructure Development and Recovery (IDR), and effort that works with federal, state, local, tribal, and territorial government officials and infrastructure owners, to plan, design, and implement solutions that enhance the security and resilience of critical infrastructure against a variety of threats.

Through the program, CISA provides:

  • A holistic, long-term approach that incorporates security and resilience measures into infrastructure investment and recovery decisions
  • Community planning tools and decision guides to develop and invest in resilient solutions for new and aging infrastructure
  • Technical assistance and training from a network of subject matter experts across the fields of planning, cybersecurity, architecture, landscape architecture, engineering, and social sciences
  • Field support following disasters—such as post-incident assessments and technical assistance—that aid long-term recovery, planning, and mitigation measures for infrastructure systems in coordination with the FEMAU.S. Army Corps of Engineers, and other interagency partners
  • Coordinated programs and information for incorporating security and resilience into planning, design, construction, and maintenance of critical infrastructure
  • The IDR program recently released the Infrastructure Resilience Planning Framework.

How does the IDR Program support resilient Infrastructure?

Before resilient infrastructure can be constructed, it must first be designed to be flexible, multifunctional, and able to recover rapidly from disruption. The IDR Program is building a resilient design curriculum that connects current resilient design research and community resilience initiatives.

  • The program convenes experts from varying disciplines and professions to review facility designs that consider how to address multiple hazards and future risks across the project lifecycle, as well as dependencies on other facilities and systems, such as communications, water, and transportation.
  • In conjunction with academic institutions and professional associations, the program incorporates principles of resilient infrastructure design into existing educational and professional programs, such as urban and regional planning, architecture, landscape architecture, public administration, and engineering.

How Your Organization Can Get Involved:

State and local governments as well as critical infrastructure operators can use CISA’s Infrastructure Resilience Planning Framework (IRPF) to better identify critical infrastructure weaknesses, assess related risks, and develop and implement resilience solutions. A CISA Insights titled “Risk Considerations for Managed Service Providers” provides a framework with an actionable checklist for organizations that choose to outsource their IT services. The resource provides guidance on how to proactively manage cybersecurity risk and collaborate with managed service providers to jointly reduce overall risk.

Does your facility possess dangerous chemicals? Through CISA’s ChemLock Program, facilities can request chemical security expert assistance to develop a facility security plan, at no cost. Cyber or physical attacks amid an already dangerous environment can place lives at risk. Take the necessary steps to properly assess all potential risks to develop a tailored security plan for your facility.  If your organization works with chemicals, it is critical that you understand all associated risks. CISA will launch the program to help ensure the public understands potential Chemical security is a shared responsibility. To ensure the safety of all employees, it is essential that any Chemical Facility Anti-Terrorism Standard violations be reported to CISA.