Aligning Topics with the National Critical Functions

Central to the Secure Tomorrow Series effort is the selection of topics to explore that are likely to have highly disruptive impact across multiple National Critical Functions (NCFs) in the next 5-20 years.

Strategic Foresight

Strategic foresight is one of several terms (i.e., futures studies, futurology) used to describe the study of alternative futures by anticipating how various drivers—aging infrastructure, global pandemics, climate change, emerging technologies, and more—may impact how the world is changing. The intent of strategic foresight is to identify actions that, if taken today, would steer a community or organization toward its preferred future. For CISA, this means a future in which critical infrastructure is more secure and resilient. A central premise of strategic foresight is that no one entity can successfully predict the future. Instead, the methodology treats the future as a set of plausible alternatives.

Topic: Anonymity and Privacy

Maintaining the balance between identity verification—for purposes such as voting, disease-related contact tracing, and law enforcement—and protecting anonymity is becoming increasingly challenging. Online activity and tracking, machine learning, facial recognition, data aggregation, and third-party data brokers present evolving threats to individual control of data and privacy. Meanwhile, recent data privacy laws and regulations, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act, have redefined what constitutes personal data.

• NCFs include: Protect Sensitive Information; Preserve Constitutional Rights; Enforce Law; Provide Information Technology Products and Services; Provide Identity Management and Associated Trust Support Services; Maintain Access to Medical Records; and Provide Internet Based Content, Information, and Communication Services.

Topic: Trust and Social Cohesion

Social cohesion is commonly defined as citizens’ belief that they share a moral community or common focus on societal well-being with one another, their governing bodies, and other institutions. This belief generally leads to trust. Social cohesion provides a source of potential risk to critical infrastructure and cybersecurity as well as a tool to mitigate that risk. Numerous factors can influence the degree of social cohesion, or sense of belonging, within a community and the effect of that cohesion on individual and community behavior and overall security. For example, Americans and critical infrastructure owners look to institutions (e.g., local police department and election officials) to perform important functions such as ensuring public safety and supporting the secure and reliable delivery of NCFs.

The ability or inability—whether real or perceived—to provide these functions reliably can affect public trust, diminish faith in function, and have deleterious impacts on national security. Exploring how emerging risks to critical infrastructure and cybersecurity and potential mitigation strategies affect social cohesion, positively and negatively, provides insights into the associated individual and community responses and their impact on critical infrastructure and cybersecurity risk management. Such analysis may expose unanticipated threats and vulnerabilities caused or exacerbated by reduced social cohesion or challenges to potential response activities.

• NCFs include: Enforce Law, Operate Government, Conduct Elections, prepare for and Manage Emergencies, Support Community Health, and Provide Public Safety.

Topic: Data Storage and Transmission

Data creation is growing at an accelerating rate, placing increasing demands on systems to ensure secure storage and transmission. Data access, integrity, and confidentiality are critical to accomplishing national objectives, including economic growth; improvements in medicine, public health, and public safety; and dominance in key emerging technologies (e.g., artificial intelligence). The Nation must also guard against potential risks, including breaches, privacy violations, algorithmic bias, misuse of data, and loss of public trust. Approaches to data—what’s considered fair, appropriate, and desirable—can vary greatly among countries and lead to competitive advantages. Effective and efficient use of data can be a value driver.

• NCFs include: Provide Internet Based Content, Information, and Communication Services; Provide Internet Routing, Access, and Connection Services; Protect Sensitive Information; Operate Core Network; Provide Information Technology Products and Services; and Provide Identity Management and Associated Trust Support Services