Week three of Infrastructure Security Month (ISM) is dedicated to raising awareness around resilience in critical infrastructure. The Cybersecurity & Infrastructure Security Agency (CISA) is asking all infrastructure stakeholders to include resilience when upgrading or building new critical infrastructure. CISA has identified 16 infrastructure sectors that are vital to national security and public health. A resilient infrastructure can recover quickly after a cyberattack, natural disaster, act of terrorism, or some other event that interrupts operations.
The National Risk Management Center (NRMC) is the agency charged with ensuring the nation’s critical infrastructure is secure and resilient both now and into the future. The NRMC operates alongside CISA and works collaboratively with other private and public sector stakeholders to identify, analyze, prioritize, and manage the most significant risks to our critical infrastructure. Because an attack on one sector can interrupt operations in others, the NRMC ensures that subject matter expertise is shared across sectors and agencies. This improves the resiliency of these interconnected systems.
CISA has summarized the challenges around infrastructure resiliency as follows:
- The critical infrastructure upon which communities rely faces an array of ever-evolving threats, from terrorist attacks and cyber intrusions to extreme weather and deferred maintenance.
- Investing in critical infrastructure that can withstand and quickly recover from all threats is essential to maintaining our nation’s economy, security, and health.
- For the private sector, this investment includes building security into your everyday business practices and decisions and helping to ensure that it becomes part of your organization’s culture. The best security planning is tailored to your operating environment and becomes part of your routine.
- Building strong security means understanding the risks you face. For example, every day, thousands of American businesses interact with chemicals that terrorists could use as weapons, with devastating consequence. For those who use, manufacture, and transport these materials, understanding the risk allows security planning to be integrated into safety and business protocols.
- Adversaries target organizations of all sizes and in every industry, so cybersecurity is not just a large business problem. It’s no longer enough for organizations to focus on securing their own data and information systems; they must also encourage enhanced cybersecurity practices of their managed service providers (MSPs).
The Infrastructure Security Month initiative has something to offer all companies, not just those in the critical infrastructure sectors. For example, the risk assessment section of the Infrastructure Resiliency Planning Framework can be used by businesses, schools, or any other organization. For more resources visit the CISA ISM page here.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.