Quick Links

CISA’s Role in Risk Management

Critical infrastructure are those assets, systems, and networks that provide functions necessary for our way of life. From generating electricity to supplying clean water, there are 16 critical infrastructure sectors that are part of a complex, interconnected ecosystem including communications, energy, transportation, emergency services, and water. Any threat to these sectors could have potentially debilitating national security, economic, and public health or safety consequences.

Cybersecurity and Infrastructure Security Agency’s (CISA) works to ensure the security and resiliency of our critical infrastructure. However, in today’s digitizing world, as organizations are increasingly integrating cyber systems into their operations, they are also facing more diverse, sophisticated threats— cyber, physical, technological, or natural—that may have cross-sector impacts. The evolving risk landscape necessitates an evolved response.

Housed with CISA, the National Risk Management Center (NRMC) helps fulfill the Agency’s risk advisor role by leveraging sector and stakeholder expertise to identify the most significant risks to the nation, and to coordinate risk reduction activities to ensure critical infrastructure is secure and resilient both now and into the future.

In Early September, CISA released the 2023–2025 CISA Strategic Plan, our first comprehensive strategy since the agency was established in 2018. The Strategic Plan is set against a risk landscape that encompasses an increasingly interconnected, global cyberspace in which the nation faces 24/7/365 asymmetric cyber threats with largescale, real-world impacts.

National Risk Management Center (NRMC)

Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is a priority shared by industry and government. As the Agency’s planning, analysis, and collaboration center, the National Risk Management Center (NRMC) brings the private sector, government agencies, and other key stakeholders together to identify, analyze, prioritize, and manage the most significant risks to our critical infrastructure.

The NRMC’s dynamic, cross-sector risk management process transforms private-public engagement into collective action by defragmenting how the government and industry develop response and security plans, risk-reduction activities, and share information. The interconnectedness of the sectors and sophistication of threats and hazards means that the consequences of an attack or imminent threat do not impact only one sector. The NRMC creates an environment where government and industry can collaborate and share expertise to enhance critical infrastructure resiliency within and across sectors.

Top NRMC initiatives include 5G, election security, electromagnetic pulses, national critical functions, pipeline cybersecurity and more.

Contact Us

For questions or comments, email NRMC@hq.dhs.gov.