The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).
Initially released in 2021, the IRPF (PDF) is meant for state, local, tribal, and territorial (SLTT) entities looking to include critical infrastructure security and resilience in their planning, in the face of evolving threats. IRPF can be used by any organization to improve resilience planning.
The framework can help understand and communicate on how the community benefits from infrastructure resilience; identify the impact of threats and hazards; prepare relevant entities for evolving threats and hazards; integrate critical infrastructure security and resilience into planning and investment decisions; and recover faster from disruptions.
The updated IRPF, CISA explains, now includes new tools for identifying critical infrastructure, in the form of the Datasets for Critical Infrastructure Identification guide.
“This dataset provides users with guidance on how and where to find publicly accessible geospatial information system (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site, as well as several other GIS sites,” CISA explains.
The updated IRPF also provides guidance on the challenges of receiving diverse opinions during planning. The guidance explains how the right stakeholders can be brought together, to ensure that diverse opinions and interests are taken into consideration.
As part of the updated framework, CISA’s National Drought Resilience Partnership provides new drought resilience information, including a new guide with an overview of the drought hazard, examples of impacts on infrastructure systems, and federal resources available for assessing and mitigating drought risk.
The IRPF also includes revised resilience concepts, incorporating CISA’s Methodology for Assessing Regional Infrastructure Resilience to offer more details on analytic methods that can help planners better understand the infrastructure systems in their community.
“The updates to the IRPF will help planners better understand how to approach future threats and hazards so they can be prepared to meet and recover from an incident. Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience,” CISA infrastructure security director David Mussington said.
Related: CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching
Related: CISA Urges Organizations to Implement Phishing-Resistant MFA
Related: CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography