Cybersecurity concept, internet security, screen with padlock

November is Critical Infrastructure Security and Resilience Month

November not only marks the midpoint for football season, but it is also when the Cybersecurity and Infrastructure Security Agency (CISA) kicks off Critical Infrastructure Security and Resilience Month.

Author: Brian Haines

November not only marks the midpoint for football season, but it is also when the Cybersecurity and Infrastructure Security Agency (CISA) kicks off Critical Infrastructure Security and Resilience Month. Many people consider our transportation system as the fabric of the nation’s infrastructure, but those football stadiums are also considered infrastructure in the Commercial Facilities Sector. In fact, there are 16 critical infrastructure sectors considered vital to the safety and security of the nation. These include:  

1.    Chemical 9.    Financial Services
2.    Commercial Facilities 10.    Food and Agriculture
3.    Communications11.    Government Facilities
4.    Critical Manufacturing12.    Healthcare and Public Health
5.    Dams13.    Information Technology
6.    Defense Industrial Bases14.    Nuclear Reactors, Materials and Waste
7.    Emergency Services15.    Transportation Systems
8.    Energy16.    Water and Wastewater System 

In football, a strong defensive line is needed to make a strong offense line, similar to how infrastructure sectors are interdependent and failures to one may ultimately cause cascading effects that impact a host of other areas.

“We have such an interesting relationship with critical infrastructure because it touches our everyday lives,” said Rachel McGrath, Critical Infrastructure Specialist with North Carolina Emergency Management. “When infrastructure is working how it’s supposed to, we don’t see it. We expect our lights to turn on when we flick the switch, we expect water out of our taps, sewage to be properly processed, our roads to be accessible. When these things aren’t working, they have a huge impact on our lives.”

FEMA’s Threat and Hazard Identification and Risk Assessment (THIRA) allows communities to evaluate their risks and how to address them. The assessment asks three basic questions:

1.    What threats and hazards can affect our community?
2.    If they occurred, what impacts would those threats and hazards have on our community?
3.    Based on those impacts, what capabilities should our community have?

The THIRA framework talks about three categories of risk, natural, technical and human. Natural risks are things like a tropical 

storm blowing down trees onto powerlines, an earthquake, flooding, etc. Technical risks are issues such as a system failure at a water treatment plant or a hazmat tanker tipping over, essentially accidents that unintentionally impact the public. The human caused threat is essentially a nefarious actor(s) who intentionally causes harm such as damaging a sub-station that causes massive power outages, possible communication outages, leaves a nursing home in the dark and much more.

“We are all stewards of our infrastructure. If you see something that doesn’t seem right, report it to the proper authorities—whether that’s law enforcement, emergency services, or your local utility.”

Text reads, "CISA's new 'Shields Ready' campaign encourages the critical infrastructure community to focus on building more resilience into systems, facilities and processes by taking action before a crisis or incident even occurs. Click here to learn more."

CISA is asking the nation to improve its playbook by resolving to be resilient, which allows for a quicker recovery after an event. By assessing the risk of your organization, making a plan and exercising it, and to continuously improve and adapt to changing conditions and threats, you can protect your business.  

 

Here are some infrastructure resources to help keep the game on: 

###
 

Related Topics: