Security Experts:

Connect with us

Hi, what are you looking for?



CISA Updates Infrastructure Resilience Planning Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

Initially released in 2021, the IRPF (PDF) is meant for state, local, tribal, and territorial (SLTT) entities looking to include critical infrastructure security and resilience in their planning, in the face of evolving threats. IRPF can be used by any organization to improve resilience planning.

The framework can help understand and communicate on how the community benefits from infrastructure resilience; identify the impact of threats and hazards; prepare relevant entities for evolving threats and hazards; integrate critical infrastructure security and resilience into planning and investment decisions; and recover faster from disruptions.

The updated IRPF, CISA explains, now includes new tools for identifying critical infrastructure, in the form of the Datasets for Critical Infrastructure Identification guide.

“This dataset provides users with guidance on how and where to find publicly accessible geospatial information system (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site, as well as several other GIS sites,” CISA explains.

The updated IRPF also provides guidance on the challenges of receiving diverse opinions during planning. The guidance explains how the right stakeholders can be brought together, to ensure that diverse opinions and interests are taken into consideration.

As part of the updated framework, CISA’s National Drought Resilience Partnership provides new drought resilience information, including a new guide with an overview of the drought hazard, examples of impacts on infrastructure systems, and federal resources available for assessing and mitigating drought risk.

The IRPF also includes revised resilience concepts, incorporating CISA’s Methodology for Assessing Regional Infrastructure Resilience to offer more details on analytic methods that can help planners better understand the infrastructure systems in their community.

“The updates to the IRPF will help planners better understand how to approach future threats and hazards so they can be prepared to meet and recover from an incident. Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience,” CISA infrastructure security director David Mussington said.

Related: CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching

Related: CISA Urges Organizations to Implement Phishing-Resistant MFA

Related: CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.