WASHINGTON –The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) today released the inaugural set of National Critical Functions. These are functions used or supported by government and the private sector that are of such vital importance to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
Led by CISA’s National Risk Management Center (NRMC), this effort represents an evolution in thinking with respect to risk management that focuses security and resilience efforts on cross-cutting functionality, instead of more static asset, organization, or sector-specific view. This functional approach to critical infrastructure risk management is featured prominently in the National Cyber Strategy released this past fall.
“Identifying these National Critical Functions has been a collaborative process between public and private sector partners and marks a significant step forward in the way we think about and manage risk,” said CISA Director Christopher Krebs. “By moving from an individual, sector-specific lens to a more comprehensive, cross-cutting risk management framework, we can identify and manage risk in a more strategic and prioritized manner.”
As the nation’s risk advisor, CISA worked closely with its public and private sector partners to identify these National Critical Functions. The coordination included work with all 16 critical infrastructure sectors, all Sector-Specific Agencies, and the State, Local, Tribal, and Territorial (SLTT) Government Coordinating Council in an iterative process of developing and refining the National Critical Functions set.
CISA will work with partners to develop a Risk Register from this set of functions by performing risk analysis, dependency analysis, and consequence modeling. The Risk Register will assess the likelihood and consequences of a significant degradation to a National Critical Function, along with identification of government and industry readiness to work together to reduce risk.
To learn more about these efforts and to view the set of the National Critical Functions visit http://www.cisa.gov/.