CISA Releases White Paper Highlighting R&D Needs and Strategic Actions for Enhancing the Resilience of Critical Infrastructure


By Stephen Cauffman, Acting Deputy Associate Director of ISD Planning & Innovation and Vice Chair of the Resilient Investment Planning and Development Working Group

The Cybersecurity and Infrastructure Security Agency announces the release of the white paper, Research, Development, and Innovation for Enhancing Resilience of Cyber-physical Critical Infrastructure: Needs and Strategic Actions, developed by the Resilient Investment Planning and Development Working Group (RIPDWG).

As noted in the paper, federal research is often sector-specific or fragmented by discipline making it hard to apply to effectively mitigate cross-cutting and systemic infrastructure risks. RIPDWG developed the paper to help the federal research enterprise capitalize on the opportunity to make congressionally funded research more relevant, equitable, accessible, and useful to those decision-makers that must address critical infrastructure challenges, particularly at the local and regional scales.

The paper defines three major gaps that will require a more integrated, empirical, and user-informed approach to federal research, development, and innovation (RD&I): (1) An integrated analysis of consequences and risk reduction decision factors for critical services that depend on cyber-physical infrastructure systems; (2) An understanding of the societal dimensions of enhancing the resilience of cyber-physical infrastructure systems; and (3) User-engagement in cyber-physical infrastructure research to translate resilience knowledge into effective action at the local and regional level.

To address identified RD&I gaps, the paper recommends a dozen strategic actions for holistic implementation by research partners across the federal interagency in collaboration with stakeholders:

  • Develop integrated models capable of identifying systemic risks to interconnected infrastructure and cascading impacts of disruptions.
  • Establish interagency RD&I testbeds for cyber-physical infrastructure resilience.
  • Develop methods to analyze and monitor cyber and physical infrastructure interoperability to identify points of intervention to sustain operations.
  • Integrate decision theory into research to understand and account for how public versus private infrastructure entities assess and manage risk.
  • Develop metrics, methodologies, and guidance for decision-makers on integrating green and gray infrastructure solutions.
  • Analyze unanticipated vulnerabilities and implications of technology innovation on the security and resilience of critical infrastructure services.
  • Understand the impact of workforce changes on critical infrastructure security and resilience to identify gaps in what is needed to support an infrastructure workforce into the future.
  • Develop shared baseline information on how demographic, geographic, and institutional capacity stressors have resulted in vulnerabilities and inequitable impacts of critical service disruptions.
  • Identify and empirically test principles of resilient design and adaptive risk management to determine effectiveness in meeting infrastructure resilience and sustainability outcomes/metrics.
  • Work with private and public, place-based institutions to co-produce knowledge with users to improve the relevance and applicability of RD&I to infrastructure actions at the community level.
  • Examine the institutional and regulatory context of infrastructure risk management against the requirements for adaptive management of systems under a changing risk environment.
  • Conduct comparative empirical resilience case studies of both federally supported and non-federal resilience initiatives.

To download the white paper, visit (

For questions, please contact us at