Businesses and Critical Infrastructure


Businesses and Critical InfrastructureCISA provides businesses and critical infrastructure partners with resources to identify, develop, and implement scalable security measures to build or improve capabilities across the private and public sectors. These resources allow industry partners to assess and identify vulnerabilities to critical infrastructure. They also enable businesses and critical infrastructure to prevent, protect against, respond to, and mitigate security incidents through technical assistance, training, and information sharing.

 

Everybody Businesses & Critical Infrastructure SLTT Schools Houses of Worship

 

 


 

Business Continuity and Preparedness

Workshop and Exercises   CISA Tabletop Exercise Packages
   CISA has an extensive scenario library and ready-to-use exercise packages—known as CISA Tabletop Exercise Packages (CTEPs). Each CTEP is customizable and includes template exercise objectives, scenarios, and discussion questions, as well as a collection of references and resources. Available scenarios cover a broad array of cybersecurity and physical security topics such as ransomware, election security, industrial control systems, pandemic, vehicle ramming, insider threat, active assailant, small unmanned aircraft systems (sUAS), and natural disasters.

Link: cisa.gov/critical-infrastructure-exercises

Guide   Convergence Action Guide
   CISA defines convergence as formal collaboration between previously disjointed security functions. This guide describes the risks associated with siloed security functions, benefits of convergence, a flexible framework for aligning security functions, and several case studies.

Link: cisa.gov/cybersecurity-and-physical-security-convergence

Informational Material   COVID-19 Vaccine Distribution Physical Security Measures
   Organizations involved in the development and distribution of the COVID-19 vaccine should take proactive measures to enhance their overall physical security posture. To achieve secure and resilient vaccine distribution, workers within the supply chain and vaccine recipients should use available resources to assess suggested mitigation methods against physical security attacks. To help meet this need, CISA created the COVID-19 Vaccine Distribution Physical Security Measures infographic. This product provides a list of physical security resources available to the public to help facility owners and operators enhance physical security to protect workers and individuals.

Link: cisa.gov/publication/covid-19-vaccine-distribution-physical-security-measures 

Workshop/Exercises   CISA Tabletop Exercise Packages Training Workshop
   CISA Exercises hosts monthly workshops to provide an overview of the CISA Tabletop Exercise Packages (CTEPs) and assists partners in using the CTEPs in their organizations. The workshops provide an opportunity for stakeholders to ask questions and provide feedback on the CTEPs, as well as learn more about the variety of CTEPs available.

Link: cisa.gov/critical-infrastructure-exercises

Website   Hometown Security
   DHS encourages businesses to Connect, Plan, Train, and Report. Applying these four steps in advance of an incident or attack can help business owners and their employees better prepare and proactively think about the role they play in the safety and security of their businesses and communities.

Link: cisa.gov/hometown-security

Workshop, Exercises, In Person, and Online Training   Stakeholder Exercise Planning and Conduct
   CISA Exercises uses the Homeland Security Exercise and Evaluation Program (HSEEP) methodology to design, develop, conduct, and evaluate exercises ranging from small-scale, limited-scope, discussion-based exercises (e.g., two-hour seminars) to large-scale, internationally-scoped, operations-based exercises (e.g., multi-day, full-scale exercises).   

Link: cisa.gov/critical-infrastructure-exercises

Additional DHS Resources:

Online Training   Critical Infrastructure Security and Resilience Courses
   These courses aim to train and educate the critical infrastructure community through security awareness and sector-specific courses. DHS developed these courses in conjunction with federal, state, local, tribal, and territorial government partners, critical infrastructure owners and operators, and private sector partners to support the implementation of the National Infrastructure Protection Plan (NIPP).

Link: training.fema.gov/is/cisr.aspx

In Person and Online Training   FEMA Center for Domestic Preparedness
   The FEMA Center for Domestic Preparedness (CDP) provides advanced, all-hazards training to approximately 50,000 emergency responders annually from state, local, tribal, and territorial governments, as well as the federal government, foreign governments, and private entities. The scope of training includes preparedness, protection, and response.

Link: cdp.dhs.gov

In Person and Online Training   FEMA Emergency Management Institute
   The FEMA Emergency Management Institute (EMI) is the flagship training institution for the emergency management community and provides training to federal, state, local, tribal, volunteer, public, and private sector officials to strengthen core competencies for professional, career-long training.

Link: training.fema.gov/emi.aspx

Website   Homeland Security Information Network-Critical Infrastructure
   The Homeland Security Information Network (HSIN) serves as the primary information sharing platform between critical infrastructure sector stakeholders and government. HSIN-Critical Infrastructure (HSIN-CI) enables federal, state, local, and private sector critical infrastructure owners and operators to communicate, coordinate, and share sensitive and sector-relevant information to protect critical assets, systems, functions, and networks.

Link: dhs.gov/hsin-critical-infrastructure

CISA Regional Services

Informational Materials  Assist Visits
  This service helps critical infrastructure owners and operators understand their role and function in the broader critical infrastructure sector. Protective Security Advisors (PSAs) conduct these visits with critical infrastructure facility representatives to help build relationships and enhance communication.

Link: cisa.gov/assist-visits

Fact Sheet   CISA Regional Office Fact Sheets
   CISA Regional Offices, located throughout the U.S., deliver trainings, exercises, programs, and other resources to critical infrastructure owners and operators.

Link: cisa.gov/publication/cisa-regional-office-fact-sheets

Tool  Infrastructure Survey Tool
  Protective Security Advisors (PSAs) conduct this voluntary, web-based security survey with facility owners and operators to identify and document a facility's overall security and resilience.

Link: cisa.gov/infrastructure-survey-tool

Tool   Infrastructure Visualization Platform
   This platform supports critical infrastructure security and response operations by integrating high-resolution, interactive data, as well as additional assessment information.

Link: cisa.gov/infrastructure-visualization-platform

Tool   Protective Security Advisors
   Protective Security Advisors (PSAs) engage with federal, state, local, tribal, and territorial (FSLTT) government partners, businesses, and critical infrastructure owners and operators in their regions to offer steady-state DHS risk mitigation tools, products, and services. PSAs also support National Special Security Events (NSSEs) and Special Event Assessment Rating (SEAR) events; assist with responses to all-hazard incidents through field-level coordination and information sharing; and provide expertise on reconstituting affected critical infrastructure.

Link: cisa.gov/protective-security-advisors

Tool   Security Assessment at First Entry
   The Security Assessment at First Entry (SAFE) tool is designed to help facility owners and operators evaluate current physical and operational security practices and explore opportunities to protect against threats. These assessments are conducted by Protective Security Advisors (PSAs) and provide a high-level review of the security posture and mitigation options for a facility.

Link: cisa.gov/cisa-regions

Election Security

Tool   Election Security Resource Library
   This library provides state and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks, and systems from cyber and physical threats.

Link: cisa.gov/election-security-library

Identify Suspicious Behavior

Informational Materials   Employee Vigilance – Power of Hello
   This library provides state and local governments, election officials, campaigns, vendors, and voters with voluntary tools to secure election-related assets, facilities, networks, and systems from cyber and physical threats.

Link: cisa.gov/employee-vigilance-power-hello

Fact Sheet   Fact Sheet – Insider Threat Mitigation Program
   This fact sheet provides resources to help organizations design a comprehensive program that protects against insider threats.

Link: cisa.gov/publication/fact-sheet-insider-threat-mitigation-program

Video   No Reservations: Suspicious Behavior in Hotels
   This video helps hotel employees rapidly identify and report suspicious activities and threats by highlighting suspicious activity indicators. It is also available in Spanish.

Link: cisa.gov/video/no-reservations-suspicious-behavior-hotels

Fact Sheet   Power of Hello Slick-Sheet and Placemat
   These products provide stakeholders with information to assist in identifying and effectively responding to suspicious behavior.

Link: cisa.gov/publication/power-hello-resources

Informational Materials   Recognize Suspicious Small Unmanned Aircraft Systems Poster and Postcard
   This poster and postcard explain how small unmanned aircraft systems (sUAS) are used for a range of tactical and recreational purposes, but can also be used to cause serious harm to individuals and infrastructure.

Link: cisa.gov/publication/recognize-suspicious-unmanned-aircraft-systems-uas-poster-and-postcard

Informational Materials   Suspicious Behavior Advisory Posters
   These resources help businesses, first responders, and local governments identify suspicious activities and behaviors to prevent the illicit sale of explosive precursor chemicals and components. The posters are available under the Suspicious Activities and Bomb Threats – What to Do section of the TRIPwire website.

Link: cisa.gov/tripwire

Additional DHS Resources:

Online Training   Suspicious Activity Reporting Private Sector Security Training Overview
   This Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) training module helps private sector security personnel recognize suspicious behaviors associated with terrorism activities; understand how and where to report suspicious activities; and protect privacy, civil rights, and civil liberties when documenting information.

Link: dhs.gov/publication/suspicious-activity-reporting-private-sector-security-training-overview

Prepare and Respond to Active Assailants

Video, Guide, Tool   Active Shooter Emergency Action Plan Video, Guide, and Template
   These resources describe the fundamental concepts for developing an Emergency Action Plan (EAP) to respond during an active shooter situation, including important considerations for EAP development. The video shows first-hand perspectives from active shooter survivors, first responder personnel, and other subject matter experts. The guide and template supplement the Active Shooter EAP video. Together, the guide, template, and video create a virtual training tool designed to help develop an organization’s Active Shooter EAP.

Guide & Template: cisa.gov/publication/active-shooter-emergency-action-plan-guide

Video: cisa.gov/active-shooter-emergency-action-plan-video

Video   Active Shooter Preparedness: Access & Functional Needs – What You Should Know
   This video provides information organizations can incorporate into an Emergency Action Plan (EAP) to protect individuals with access and functional needs during an active shooter incident.

Link: youtube.com/watch?v=m3-_z1Q1bFg&t=5s

Guide   Active Shooter Recovery Guide
   This guide provides information on establishing a recovery process and outlines the necessary actions for short-term and long-term recovery following an active shooter incident.

Link: cisa.gov/publication/active-shooter-recovery-guide

In Person and Online Training   Active Shooter Workshop
   These scenario-based workshops include facilitated discussions to train private sector professionals and law enforcement representatives from federal, state, and local agencies to prepare for and respond to an active shooter situation. Workshop participants evaluate current response concepts, plans, and capabilities for coordinated responses to active shooter incidents.

Link: cisa.gov/active-shooter-workshop-participant

Guide   Mass Gatherings – Security Awareness for Soft Targets and Crowded Places
   This guide identifies how businesses can prepare for and mitigate future attacks, including recommended protective measures and actions to consider.

Link: cisa.gov/publication/active-assailant-security-resources

Fact Sheet   Protecting Infrastructure During Public Demonstrations
   This fact sheet offers security recommendations for businesses during public demonstrations. The document also provides options to mitigate risk and access to CISA resources to assist with decision-making.

Link: cisa.gov/publication/public-demonstrations-and-outdoor-eating-venues

Fact Sheet   Protecting Patrons in Outdoor Eating Venues
   This fact sheet identifies security measures for restaurants conducting business outside. COVID-19 guidelines led restaurants to set up tables outside, creating  potential vulnerabilities. It identifies threats such as vehicle ramming and includes security measures to help mitigate threats.

Link: cisa.gov/publication/public-demonstrations-and-outdoor-eating-venues

Prevent and Respond to Bombings

Website   Bomb-Making Materials Awareness Program
   The Bomb-Making Materials Awareness Program (BMAP) is designed to promote bomb-making materials (BMM) awareness and reporting of suspicious activity to prevent the intentional misuse of common consumer goods to make improvised explosive devices (IEDs).

Link: cisa.gov/bmap

Informational Materials   Bombing Prevention Lanyard Cards
   These quick reference lanyard cards provide key reminders and actions related to bombing prevention, including recommended actions during a bombing incident.

Link: tripwire.dhs.gov/reports/225055

In Person and Online Training   Counter-Improvised Explosive Devices Training Courses
   These courses provide general information and strategies to prevent, protect against, respond to, and mitigate bombing incidents. To request direct delivery trainings, please contact your local Protective Security Advisor (PSA) or email OBP@cisa.dhs.gov. For more information or a full list of counter-improvised explosive devices (C-IED) and Risk Mitigation trainings, visit the C-IED Training Courses Website or the C-IED and Risk Mitigation Training Fact Sheet.

Link: cisa.gov/bombing-prevention-training-courses

Guide   DHS-Department of Justice Bomb Threat Guidance
   This quick reference guide provides information on threat preparation, threat assessment considerations, staff response guidelines, and evacuation and shelter-in-place considerations.

Link: cisa.gov/publication/dhs-doj-bomb-threat-guidance

Guide   Security and Resiliency Guide: Counter-Improvised Explosive Device Concepts, Common Goals, and Available Assistance
   This guide and corresponding annexes provide individuals, businesses, first responders, and law enforcement with guidance to enhance preparedness for potential improvised explosive device (IED) incidents in their communities. The guide includes risk information, a framework of 10 common counter-IED (C-IED) preparedness goals, planning considerations, and available federal resources. It is complemented by five annexes with additional information relevant to venues at high risk for IED-related incidents, such as lodging, outdoor events, public assembly, and sports leagues and venues.

Link: cisa.gov/publication/security-and-resiliency-guide-and-annexes

Tool   Sports and Entertainment Venues Bombing Prevention Solutions Portfolio
   This tool is a one-stop-shop for training, products, and resources that support sports and entertainment organizations and venues with building counter-improvised explosive device (C-IED) capabilities. This interactive product connects organizational leadership with C-IED resources to empower venue personnel to play an active role in security.

Link: cisa.gov/publication/sports-and-entertainment-venues-bombing-prevention-solutions-portfolio

Video and Website   TRIPwire Website
   CISA’s Office for Bombing Prevention (OBP) developed and maintains TRIPwire, the DHS Technical Resource for Incident Prevention. It serves as a 24/7 collaborative information-sharing network for bomb squads, first responders, military personnel, government officials, intelligence analysts, and security professionals. TRIPwire combines expert analyses and reports with relevant documents, images, and videos gathered directly from terrorist source materials to help users anticipate, identify, and prevent Improvised Explosive Device (IED) incidents. The site requires registration to access information or partners can log in using a HSIN account.

Link: cisa.gov/tripwire

Video   What to Do – Bomb Threat: Bomb Threat Training Video
   This video, developed in partnership with the University of Central Florida and International Association of Chiefs of Police, demonstrates what to do in the event of a phoned-in bomb threat.

Link: cisa.gov/what-to-do-bomb-threat

Video   What to Do – Training Video Series
   This training video series (TVS) communicates threats posed by and how to react to improvised explosive devices (IEDs). This includes videos on suspicious vs. unattended items, bomb searches, surviving a bombing attack, and bomb threats.

Link: tripwire.dhs.gov/training-video-series

Protect Against Small Unmanned Aircraft Systems

Guide   Cybersecurity Best Practices for Operating Commercial Small Unmanned Aircraft Systems
   This guide provides cybersecurity best practices to help commercial operators protect their networks, information, and personnel. Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating small unmanned aircraft systems (sUAS) into their operational functions. Although sUAS offer benefits to their operators, they can also pose cybersecurity risks.

Link: cisa.gov/publication/cybersecurity-best-practices-operating-commercial-unmanned-aircraft-systems

Video   Small Unmanned Aircraft Systems and Critical Infrastructure – Understanding the Risk Video
   This video provides information on critical infrastructure challenges associated with small unmanned aircraft systems (sUAS), counter-UAS security practices, actions to consider for risk mitigation, and specific preparedness efforts for facilities and organizations. It can be found under the sUAS and Critical Infrastructure – Understanding the Risk tab.

Link: cisa.gov/uas-critical-infrastructure

Informational Materials   Small Unmanned Aircraft Systems Frequently Asked Questions
   This site provides answers to common questions about small unmanned aircraft systems (sUAS) for critical infrastructure owners and operators.

Link: cisa.gov/unmanned-aircraft-systems-faq

Guide   Unauthorized Drone Activity Over Sporting Venues
   This document presents options for sporting venue owners and operators to consider to prevent, protect from, and respond to unauthorized drone activity.

Link: cisa.gov/publication/unauthorized-drone-activity-over-sporting-venues

Fact Sheet   Small Unmanned Aircraft Systems: Addressing Critical Infrastructure Security Challenges
   This fact sheet provides an overview of sUAS-related threats and actions owners and operators can take to protect their facilities.

Link: cisa.gov/publication/uas-fact-sheets

Informational Materials   Small Unmanned Aircraft Systems Critical Infrastructure Drone Pocket Card
   This card provides a quick reference guide for critical infrastructure security and operations officers and the general public on how to report small unmanned aircraft systems (sUAS) activity, including what information to share and what actions to take.

Link: cisa.gov/publication/uas-ci-drone-pocket-card

Protect, Screen, and Allow Access to Facilities and Venues

Guide   Commercial Facilities Publications: Protective Measures Guides
   These guides provide businesses with an overview of threats and offer suggestions for planning, coordinating, and training activities that contribute to a safe environment for guests and employees. They are For Official Use Only (FOUO), but businesses can request access through the Commercial Facilities page of the Homeland Security Network-Critical Infrastructure (HSIN-CI), which requires registration.

  • Protective Measures Guide for U.S. Sports Leagues
  • Protective Measures Guide for the U.S. Lodging Industry
  • Protective Measures Guide for Mountain Resorts
  • Protective Measures Guide for Outdoor Venues 
  • Protective Measures Guide for Commercial Real Estate

Link: cisa.gov/commercial-facilities-publications

Guide   Dams Sector Active and Passive Vehicle Barriers Guide
   This guide assists dam owners and operators in understanding various types of active and passive vehicle barriers and how to incorporate them into their overall security plan. It also provides technical information to assist owners and operators in properly designing protective schemes and selecting vehicle barriers and their safety and security systems.

Link: cisa.gov/publication/dams-vehicle-barriers-guide

Guide   Evacuation Planning Guide for Stadiums
   This guide helps stadium owners and operators prepare evacuation plans and determine when and how to evacuate, shelter-in-place, or relocate. It also includes a template to create a plan based on policies and procedures of state and local governments, surrounding communities, and specific stadium characteristics.

Link: cisa.gov/publication/evacuation-planning-guides

Guide   Patron Screening Best Practices Guide
   This guide provides options for businesses to develop and implement patron screening procedures for major sporting events, concerts, horse races, award ceremonies, and similar gatherings.

Link: cisa.gov/publication/patron-screening-guide

Guide   Protecting Patrons During the Holiday Shopping Season
   This resource provides potential security measures for shopping venues during the holiday season and identifies suspicious behaviors, protective measures, and resources to enhance security.

Link: cisa.gov/publication/active-assailant-security-resources

Guide   Public Venue Bag Search Procedures Guide
   This guide provides suggestions for developing and implementing bag search procedures at venues hosting major events. Venue owners, operators, and event organizers should engage local partners to implement the procedures outlined in this guide.

Link: cisa.gov/publication/public-venue-bag-search-guide

Guide   Public Venue Credentialing Guide
   This guide offers best practices for developing and implementing credentialing procedures at venues hosting a variety of public gatherings.

Link: cisa.gov/publication/public-venues-credentialing-guide

Guide and Video   Vehicle-Borne Improvised Explosive Device Identification Guide and Video
   This guide is designed for stakeholders tasked with identifying suspected vehicle-borne improvised explosive devices (VBIEDs) and provides instruction for vehicle search techniques for law enforcement, bomb squads, hazardous materials (HAZMAT) teams, and other emergency and security personnel. The Vehicle Inspection Guide, Vehicle Inspection Video, and VBIED Identification Guide are all available to registered users on TRIPwire.

Link: cisa.gov/tripwire

Safeguard and Secure Cyberspace

Tool   Assessments: Cyber Resilience Review 
   The Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization's operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by CISA cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains, including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience, as well as provide a gap analysis for improvement based on recognized best practices.

Link: us-cert.gov/resources/assessments

Informational Materials   Avoiding Social Engineering and Phishing Attacks Security Tip
   This security tip describes social engineering tactics, techniques, and procedures linked to cyber criminals. It also details common indicators related to social engineering attacks and how to avoid falling for these methods.

Link: us-cert.gov/ncas/tips/ST04-014

Informational Materials   CISA Community Webinars
   These cybersecurity webinars provide information on cyber risk management practices, tools, and procedures. Past webinars have focused on COVID-19 Response: Lessons Learned on Cybersecurity and Resilience in a Pandemic; Smart Cities; and 5G: Security and Vulnerabilities.

Link: us-cert.cisa.gov/resources/events

Guide   CISA Cyber Essentials
   This campaign is for small businesses and local government agencies to understand and address cybersecurity risk. Cyber Essentials includes two parts – guiding principles to develop security culture and specific actions for leaders and IT professionals.

Link: cisa.gov/publication/cisa-cyber-essentials

Tool   Cybersecurity Advisors
   Cybersecurity Advisors (CSAs) offer assistance to help prepare and protect private sector entities and state, local, tribal and territorial (SLTT) governments from cybersecurity threats. CSAs promote cybersecurity preparedness, risk mitigation, and incident response capabilities, working to engage stakeholders through partnership and direct assistance activities.

Link: cisa.gov/stakeholder-risk-assessment-and-mitigation

Tool   Cyber Resource Hub
   This site provides cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other elements that comprise a robust cybersecurity strategy.

Link: cisa.gov/cyber-resource-hub

Guide   Cybersecurity Resources Road Map: A Guide for Critical Infrastructure – Small and Midsize Businesses
   This guide helps businesses identify cybersecurity resources that best align with their needs.

Link: us-cert.cisa.gov/resources/smb

Website and Informational Materials   National Cyber Awareness System
   The National Cyber Awareness System (NCAS) provides cybersecurity advisories and alerts via social media, news syndication, and email.

 

Link: us-cert.cisa.gov/ncas

Tools   Telework Essentials Toolkit
   This toolkit is designed to help business leaders, IT staff, and end users transition to a secure, permanent telework environment through simple, actionable recommendations. It provides three modules tailored for executive leaders, IT professionals, and teleworkers.

Link: cisa.gov/publication/telework-essentials-toolkit

Was this webpage helpful?  Yes  |  Somewhat  |  No