Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

CISA Updates Infrastructure Resilience Planning Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

Initially released in 2021, the IRPF (PDF) is meant for state, local, tribal, and territorial (SLTT) entities looking to include critical infrastructure security and resilience in their planning, in the face of evolving threats. IRPF can be used by any organization to improve resilience planning.

The framework can help understand and communicate on how the community benefits from infrastructure resilience; identify the impact of threats and hazards; prepare relevant entities for evolving threats and hazards; integrate critical infrastructure security and resilience into planning and investment decisions; and recover faster from disruptions.

The updated IRPF, CISA explains, now includes new tools for identifying critical infrastructure, in the form of the Datasets for Critical Infrastructure Identification guide.

“This dataset provides users with guidance on how and where to find publicly accessible geospatial information system (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site, as well as several other GIS sites,” CISA explains.

The updated IRPF also provides guidance on the challenges of receiving diverse opinions during planning. The guidance explains how the right stakeholders can be brought together, to ensure that diverse opinions and interests are taken into consideration.

As part of the updated framework, CISA’s National Drought Resilience Partnership provides new drought resilience information, including a new guide with an overview of the drought hazard, examples of impacts on infrastructure systems, and federal resources available for assessing and mitigating drought risk.

The IRPF also includes revised resilience concepts, incorporating CISA’s Methodology for Assessing Regional Infrastructure Resilience to offer more details on analytic methods that can help planners better understand the infrastructure systems in their community.

Advertisement. Scroll to continue reading.

“The updates to the IRPF will help planners better understand how to approach future threats and hazards so they can be prepared to meet and recover from an incident. Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience,” CISA infrastructure security director David Mussington said.

Related: CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching

Related: CISA Urges Organizations to Implement Phishing-Resistant MFA

Related: CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...