Security Experts:

Connect with us

Hi, what are you looking for?



CISA Updates Infrastructure Resilience Planning Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

Initially released in 2021, the IRPF (PDF) is meant for state, local, tribal, and territorial (SLTT) entities looking to include critical infrastructure security and resilience in their planning, in the face of evolving threats. IRPF can be used by any organization to improve resilience planning.

The framework can help understand and communicate on how the community benefits from infrastructure resilience; identify the impact of threats and hazards; prepare relevant entities for evolving threats and hazards; integrate critical infrastructure security and resilience into planning and investment decisions; and recover faster from disruptions.

The updated IRPF, CISA explains, now includes new tools for identifying critical infrastructure, in the form of the Datasets for Critical Infrastructure Identification guide.

“This dataset provides users with guidance on how and where to find publicly accessible geospatial information system (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site, as well as several other GIS sites,” CISA explains.

The updated IRPF also provides guidance on the challenges of receiving diverse opinions during planning. The guidance explains how the right stakeholders can be brought together, to ensure that diverse opinions and interests are taken into consideration.

As part of the updated framework, CISA’s National Drought Resilience Partnership provides new drought resilience information, including a new guide with an overview of the drought hazard, examples of impacts on infrastructure systems, and federal resources available for assessing and mitigating drought risk.

The IRPF also includes revised resilience concepts, incorporating CISA’s Methodology for Assessing Regional Infrastructure Resilience to offer more details on analytic methods that can help planners better understand the infrastructure systems in their community.

“The updates to the IRPF will help planners better understand how to approach future threats and hazards so they can be prepared to meet and recover from an incident. Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience,” CISA infrastructure security director David Mussington said.

Related: CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching

Related: CISA Urges Organizations to Implement Phishing-Resistant MFA

Related: CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.