Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

CISA Updates Infrastructure Resilience Planning Framework

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).

Initially released in 2021, the IRPF (PDF) is meant for state, local, tribal, and territorial (SLTT) entities looking to include critical infrastructure security and resilience in their planning, in the face of evolving threats. IRPF can be used by any organization to improve resilience planning.

The framework can help understand and communicate on how the community benefits from infrastructure resilience; identify the impact of threats and hazards; prepare relevant entities for evolving threats and hazards; integrate critical infrastructure security and resilience into planning and investment decisions; and recover faster from disruptions.

The updated IRPF, CISA explains, now includes new tools for identifying critical infrastructure, in the form of the Datasets for Critical Infrastructure Identification guide.

“This dataset provides users with guidance on how and where to find publicly accessible geospatial information system (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site, as well as several other GIS sites,” CISA explains.

The updated IRPF also provides guidance on the challenges of receiving diverse opinions during planning. The guidance explains how the right stakeholders can be brought together, to ensure that diverse opinions and interests are taken into consideration.

As part of the updated framework, CISA’s National Drought Resilience Partnership provides new drought resilience information, including a new guide with an overview of the drought hazard, examples of impacts on infrastructure systems, and federal resources available for assessing and mitigating drought risk.

The IRPF also includes revised resilience concepts, incorporating CISA’s Methodology for Assessing Regional Infrastructure Resilience to offer more details on analytic methods that can help planners better understand the infrastructure systems in their community.

Advertisement. Scroll to continue reading.

“The updates to the IRPF will help planners better understand how to approach future threats and hazards so they can be prepared to meet and recover from an incident. Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience,” CISA infrastructure security director David Mussington said.

Related: CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching

Related: CISA Urges Organizations to Implement Phishing-Resistant MFA

Related: CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.