Just a little over a year ago, a series of natural gas fires and explosions shook the neighborhoods of Merrimack Valley in Massachusetts. Dozens lost their homes, and thousands more had to find temporary shelter or go without gas and heating for months. The supplier reported the incident was caused by human error. The impact of incidents that interrupt our critical infrastructure is not often at the forefront of our minds, although it is precisely these systems that enable our daily life – from heating and cooling to food refrigeration, transportation, electricity, water, finance or healthcare.
But there are people, who – day in and day out – work relentlessly to keep our lights on. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s efforts to protect critical infrastructure in the United States.
“Our way of life relies on a complex network of physical and cyber systems, all working together in harmony, to defend against critical infrastructure threats, both natural and man-made. Our job is to make sure we stay ahead of the threat curve and provide solutions,” said CISA Assistant Director for Infrastructure Security Brian Harrell.
There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. “As our world grows more interconnected, and our infrastructure grows more interdependent with other systems and functions, we must look at our risks from both a cyber and a physical perspective,” Harrell said. “We must always ask the question: Are we prepared to be overwhelmed?”
Recognizing that 85 percent of critical infrastructure assets are estimated to be owned and operated by the private sector, CISA works with businesses, communities, and government partners at all levels to provide training and other tools and resources related to critical infrastructure security. Efforts focus around raising awareness among the broader community on the need for critical infrastructure security and resilience and enhancing their current efforts. Public-private partnerships are key to this effort as everyone has a role in securing the nation’s critical infrastructure. “We, at CISA, consider ourselves the nation’s risk advisors. The private-sector stakeholders are the risk managers. We are here to support the efforts of the private sector with all the resources the federal government can provide, and this is a priority,” Harrell said.
Both the government and private sectors have formed partnerships under a sector coordinating council structure to work on preventing and reducing the risks of disruptions to critical infrastructure. Additionally, as part of the National Infrastructure Protection Plan, the public- and private-sector partners in each of the 16 critical infrastructure sectors and the state, local, tribal, and territorial government community have developed a Sector-Specific Plan that focuses on the unique operating conditions and risk landscape within that sector. Developed in close collaboration with federal agencies and private-sector partners, the Sector-Specific Plans are updated every four years to ensure that each sector is adjusting to the ever-evolving risk landscape. “Managing risks to critical infrastructure involves preparing for all hazards, reinforcing the resilience of our assets and networks, and remaining vigilant and informed. It really takes a whole community to keep the lights on,” said Harrell.
CISA delivers its infrastructure security services and capabilities to public- and private-sector stakeholders at both the national level through its headquarters and nationwide through its 10 regional offices. From providing risk and vulnerability assessments to training and exercises on a range of topics, CISA’s field staff works with partners across the country to ensure everyone gets involved.
November is Critical Infrastructure Security and Resilience (CISR) Month, a time to raise awareness on the vital role that critical infrastructure – cyber and physical – plays in keeping the nation and our communities safe, secure, and prosperous. “Everyone plays a role in the nation’s security and resilience,” Harrell said. “This is why we ask every organization to enhance resilience through preparedness and exercises and promote smart, secure investment in resilient national infrastructure.”
To learn more about critical infrastructure and available resources, training and tips start by visiting www.CISA.gov. You can also download the Infrastructure Security Month toolkit, or follow CISA on Twitter @CISAgov and @CISA Harrell and join the conversation at #infrastructuresecurity.