The National Infrastructure Simulation and Analysis Center (NISAC) is CISA’s research and development arm for risk analysis, focused on building advanced analytic tools that provide comprehensive, quantitative, and actionable information to enhance CISA’s understanding of how to manage risks from a variety of threats to the Nation’s critical infrastructure. NISAC makes significant and impactful investments across a diverse group of federal research centers to meet the analytic needs of the critical infrastructure community and address cross-sector emerging risks.
NISAC began as a collaboration between Los Alamos and Sandia National Laboratories in 1999, and was incorporated by the USA Patriot Act of 2001 into the Department of Homeland Security upon its inception in March 2003.
Today, NISAC is managed by CISA’s National Risk Management Center (NRMC) and works with organizations, including National Laboratories, Federally Funded Research and Development Centers (FFRDC), and others to develop datasets, methodologies, and analytic tools to mature NRMC’s risk analysis capabilities and empower critical infrastructure decision makers with actionable and forward-looking information.
NISAC manages projects that address analytic requirements from across the critical infrastructure community. NISAC’s multidisciplinary approach covers the full spectrum of the 55 National Critical Functions (NCF) and 16 critical infrastructure sectors while focusing on the challenges posed by interdependencies across the NCFs and the consequences of a disruption from various threats, hazards, and vulnerabilities. For example, NISAC works closely with CISA’s Cybersecurity Division to analyze cyber risks to information technology (IT) and operational technology (OT) systems and software that can have cascading impacts throughout the critical infrastructure community.
NISAC Analytic Development Priorities
Since significant potential events such as hurricanes, earthquakes, pandemics and cyber-attacks do not follow jurisdictional boundaries, impactful and robust risk analysis is important in helping decision makers in both the public and private sectors prepare for and respond to events that impact critical infrastructure. To this end, NISAC focuses research and development efforts on interdependent, cross-discipline, and cross-jurisdictional analytic capabilities, and specializes in building long-term predictive analytic capabilities in order to make transformative change to critical infrastructure risk analysis.
Strategic Focus Areas include:
Dependency and Interdependency Analysis
NISAC develops crisis action capabilities to support the U.S. Government’s crisis action activities and the coordination of cross-sector emergency response operations, including dependency, hazard, and infrastructure modeling. While NISAC’s robust portfolio of capabilities can be leveraged for crisis action analysis, many of these tools are designed to be “dual use” to also provide insights during steady-state operations, and in support of other strategic work.
Investment in cybersecurity capability development is a strategic focus area for NISAC, prioritizing the enhancement of the CISA’s understanding of cyber vulnerabilities on physical critical infrastructure systems and assets. NISAC is also developing new tools and methods for analysts to better understand and communicate cyber-related risks to supply chains.
Decomposition of the National Critical Functions
NISAC is working to enhance understanding of all the layers (sub-functions, systems, processes, technologies, assets, and components) that produce or deliver an NCF as well as the dependencies and interdependencies within and across the critical infrastructure ecosystem. This more nuanced understanding will help identify where failures might occur so that NCF resilience can be strengthened in a more targeted, prioritized, and strategic manner. The NCF decomposition will provide the core data for the Risk Architecture.
Risk Architecture and Risk Analysis: Methods, Models, Data, and Support
The NRMC is developing the Risk Architecture—an innovative analytic tool to conduct risk analysis for interdependent critical infrastructure and NCFs. Specifically, NISAC is currently establishing the analytic methodology behind the tool, as well as building out the underlying data and predictive modeling. Although still in the early stages of conceptualization and development, the goal of the Risk Architecture is to provide new, actionable risk analysis to homeland security and critical infrastructure decision makers
To effectively analyze risks to the NCFs, the NRMC must be able to easily access diverse data sources and model-based capabilities and incorporate these data into standardized, reproducible analytic frameworks. To address analytic and technologic challenges, NISAC is prioritizing the development of the Risk Architecture—an analytic tool that facilitates data integration, model coupling, and decision-support visualization towards high-priority CI risk analysis.
The Risk Architecture will utilize NCF functional and element decomposition data to analyze critical dependencies within (intra-) and between (inter-) NCFs. As such, the Risk Architecture will provide the NRMC with standardized analytic workflows to analyze risks to singular NCFs and across the NCF set at various resolutions (i.e., from functions to components). This functions-based analysis is unique within the critical infrastructure community and will provide a holistic understanding of current strategic risks from emerging threats, hazards, vulnerabilities, and their cascading consequences. The Risk Architecture will enable the NRMC to produce more robust risk analysis for risk prioritization and operational analysis to better support critical infrastructure decision makers.
NCF Decomposition – provides the core function and sub-function data for the tool. These data are paired up with the Infrastructure Data Taxonomy and additional asset and relationship data to provide a holistic dataset that is very rich and drills into the sub-functions, systems, processes, technologies, assets down to the component level, and governance that enable the delivery of each NCF. The combination of these datasets will enable CISA to identify and analyze the thousands of dependencies and interdependencies within and across the critical infrastructure ecosystem.
Graphic User Interface - allows a user to easily navigate through the tool. It will allow users to filter through the decomposition data and provide them with network visualizations, dashboards, and the ability to isolate specific nodes. For example, if an analyst clicks on a specific NCF, it will expand into its sub-functions, dependencies, and linkages to conduct more rigorous analysis.
Models and Data Integration - allows user to explore more detailed, specific user cases and simulations. This will help produce more robust risk analysis for either risk prioritization or operational analysis.
Analytic Workflows - provides tailored results to user questions based on available information in the architecture. For example, if a ransomware attack were to strike a specific type of facility, what is the likelihood that the risks from that attack can lead to a system-wide collapse and impact the delivery of a function? This enables NRMC to conduct focused risk analyses on high priority planning and operational issues.
Scenario Results Library - is a key input into the Risk Architecture that provides an evolving collection of critical infrastructure scenarios and related analysis products. Its purpose includes:
Knowledge management (repository for existing scenarios and analytical results)
Facilitate responsive analysis by providing CISA analysts with ready access to existing data
Structured data and pinch point organization to support downstream integration with the Risk Architecture
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001: Directed the establishment of NISAC “to serve as a source of national competence to address critical infrastructure protection and continuity through support for activities related to counterterrorism, threat assessment, and risk mitigation…. Modeling, simulation, and analysis provided under this subsection shall be provided, in particular, to relevant Federal, State, and local entities responsible for critical infrastructure protection and policy.”
Homeland Security Act of 2002: Established DHS and directed the Department to manage NISAC.
The Intelligence Reform and Terrorism Prevention Act of 2004: Directed the Director of National Intelligence to “establish a formal relationship, including information sharing, between the elements of the intelligence community and the National Infrastructure Simulation and Analysis Center….The purpose of the relationship…shall be to permit the intelligence community to take full advantage of the capabilities of the National Infrastructure Simulation and Analysis Center, particularly vulnerability and consequence analysis, for real time response to reported threats and long term planning for projected threats.”
For more information, contact NRMC-NISAC@hq.dhs.gov.