Infrastructure Security Month has something for everyone

Print Friendly, PDF & Email

Infrastructure Security Month (ISM) has entered its fourth and final week. So far, we have covered shared risk and responsibility, securing public gatherings, and building security and resilience into critical infrastructure. This week the focus is on election security and building resilience into our democratic processes.

As part of the weekly initiative, CISA is expanding outreach to election officials across the United States to remind them of the extensive security resources available through the agency. CISA offers tabletop exercise training for early voting, voting by mail, and election day voting machines and many other cybersecurity resources. CISA’s regional protective security advisors are also available to assess the security of the physical infrastructure around election activity. The Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC®) is a non-profit organization that works with CISA to support the cybersecurity needs of the elections subsector.

Infrastructure Security Month has a defined purpose, but we are free to use this month for any purpose we like. You don’t have to be a critical infrastructure stakeholder to benefit from ISM and the many resources provided by CISA. For example:

  • A recurring theme of ISM is that infrastructure is a “system of systems.” If one piece of infrastructure is insecure, the entire body of infrastructure is vulnerable. Couldn’t you say the same of your business? Your IoT, workstations, email inboxes, and connected mobile devices are all systems within a greater system. And your system can expand beyond your reach if you are connected to a supply chain or service provider that can access your network. How do you control this? CISA can help you with this, starting with the six basic steps you can begin right now.
  • Infrastructure security is more than just cybersecurity. CISA offers resources on mitigating threats around violence and acts of terrorism, but those aren’t the only physical threats to your office space or other facilities. Hurricanes, earthquakes, wildfires, and other disasters can interrupt your business operations directly or through your supply chain. CISA has resources to help plan for disasters and related interdependencies.
  • Facilitating collaboration between infrastructure sectors and stakeholders is a primary task for agencies charged with ISM. The National Risk Management Center (NRMC) leverages subject matter experts to collaboratively analyze the threats to high-risk critical functions. For the NRMC, these are industry sectors, like 5G and pipeline cybersecurity. For your business it might be email, e-commerce web applications, or a network of industrial controls. Have you identified your company’s high-risk critical functions? Do you have colleagues, vendors, or a professional network to help you understand and mitigate the associated risks?
  • All sectors and companies are at risk of insider threat incidents. CISA describes an insider threat as an act by a current or former employee, third-party contractor, or business partner. Has your company considered these risks? CISA has extensive resources to help you understand risks and warning signs. There are also fact sheets and guides on the role of HR and other departments can prevent these threats. An Insider Threat Program Maturity Framework helps you assess your company’s risk. It was written for government agencies but aligns with the needs of most businesses.
  • Tabletop exercises and vulnerability assessments are necessary to ensure the best possible mitigation and response. Tabletop exercises provide valuable opportunities to practice your response to a ransomware attack, natural disaster, prolonged power outage, etc. CISA offers templates and scenarios to help you customize threats to your unique business.

There are far too many resources, activities, and initiatives for us to cover, but here are some of our favorites:

Infrastructure Security Month is coming to an end, but the threats to our infrastructure, economy, and well-being will continue. You can learn more about these threats and how to combat them at the CISA website.


Scroll to top