CISA releases updated infrastructure guide for local gov’t, tribal defenders
Image: The Record
Jonathan Greig November 22, 2022

CISA releases updated infrastructure guide for local gov’t, tribal defenders

Jonathan Greig

November 22, 2022

CISA releases updated infrastructure guide for local gov’t, tribal defenders

The Cybersecurity and Infrastructure Security Agency has published updates to its guide for state, local, tribal, and territorial cybersecurity defenders protecting infrastructure across the U.S. 

The Infrastructure Resilience Planning Framework (IRPF) was created in 2021 to help cybersecurity experts create a plan of attack for protecting critical infrastructure and beefing up resilience.

The updated framework, which was published on Tuesday, includes the Datasets for Critical Infrastructure Identification guide, a new tool that provides information on how to find publicly accessible information on critical infrastructure assets.

CISA also provides defenders tips around drought resilience, including advice on gathering a range of opinions for planning purposes.

Included is a new guide with an overview of the drought hazard, examples of direct and indirect impacts it can have on infrastructure systems, and federal resources for assessing and mitigating drought risk.

David Mussington, executive assistant director for infrastructure security at CISA, said the updates “will help planners better understand how to approach future threats and hazards so they can be prepared to meet and recover from an incident.”

“Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions,” he said.

CISA said it believes the plan could be used to support capital improvement, hazard mitigation, and other planning measures, as well as funding requests.

The updated guide is part of a larger push by CISA to address cybersecurity issues affecting critical infrastructure. Three weeks ago, CISA released the voluntary Cybersecurity Performance Goals (CPGs) intended to help establish a common set of fundamental cybersecurity practices for critical infrastructure, and help small- and medium-sized organizations like local governments better organize their cybersecurity efforts.

Experts have lauded CISA’s efforts to increase awareness around the need for better cybersecurity around critical infrastructure among government agencies and private companies. 

Robert M. Lee, CEO and co-founder of Dragos, noted that CISA has taken extensive input and feedback from industry stakeholders before providing guidance. 

“This guidance can help lift industrial cybersecurity standards across the board to better protect our nation’s critical infrastructure. CISA’s continued focus on OT [operational technology] cybersecurity as foundational to national security, and distinct from IT cybersecurity, is an important contribution to the community’s advancement,” Lee said. 

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.