NISAC Performers and Projects

NISAC works with National Laboratories, Federally Funded Research and Development Centers (FFRDC), and others to develop innovative analytical capabilities that provide quantitative and actionable information that help prioritize and manage risk to critical infrastructure and the National Critical Functions (NCFs). Below are NISAC’s active projects.

The content on this webpage is provided for information purposes only and is current as of March 2022.

CURRENT NISAC PERFORMERS

ACTIVE PROJECTS

Suite of Tools for the Analysis of Risk (STAR)

The Suite of Tools for the Analysis of Risk (STAR) program is being developed by the Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) National Infrastructure Simulation and Analysis Center (NISAC) to operationalize and integrate 20+ NISAC capabilities into one web-based application for users to holistically assess risk to the Nation’s Critical Infrastructure (CI). STAR provides CISA-wide stakeholders with standardized analytic workflows to assess current strategic risks from emerging threats, hazards, vulnerabilities, and their cascading consequences. STAR will enable the NRMC to produce more robust risk analysis for risk prioritization and operational analysis to better support CI decision makers

Line of Effort

Description

Performers

Subject Matter Expertise

Engage with performers and stakeholders to obtain strategic and analytic support to the NRMC in the development of STAR. This work will further the design and the methodological development of NCF decompositions and stakeholder analysis efforts.

ANL, INL, LLNL, PNNL, RAND, SNL, SPA

Data Development and Maturation

Continue to improve the asset level dependency dataset, used to capture cross-infrastructure asset relationships associated with national critical infrastructure network.

 

Continue development and maturation of the NCF functional dataset, including:

  • buildout, merge, and conflation activities to integrate and expand existing national asset datasets;
  • identification of high value assets; and
  • data validation activities to support dependency, analytic sufficiency, taxonomy, and sector alignments.

 

Explore the use of machine learning pipelines to produce higher confidence and more reliable datasets.

ANL, INL, PNNL, SPA

Methodology Development

Facilitate the simulation of interdependent models representing NCFs to allow a broad array of data sources, subject matter expertise, and scientific methods to be integrated into STAR, to feed multiple analytic and visualization capabilities.

 

Continue the development of the stochastic multi-graph analysis of the NCF dataset to visualize it as an interdependent network to identify relationships and dependencies between all subfunctions.

 

Continue development of the consequence-focused analytic methodology to assess the potential impact of cyber-attacks on federal networks and critical infrastructure. Through the development of operational tools and scenarios, this work will estimate potential consequences on CI.  

 

Advance risk prioritization methodologies using the Systemically Important Entities (SIE) program to support the connection of national critical functions to entities and assets.

LLNL, PNNL, RAND, SNL

Modeling and Simulation

Improve our ability to model and automate the simulation of partial and complete failure propagation through the NCF Decomposition network graph, as well as provide automated methods for determining and visualizing dependencies within the NCF data.

 

Continue the development of geospatial cluster modeling of CI assets to support location density analysis.

 

Identifying infrastructure that has significant electric power dependencies. This analysis will identify the most significant disruptions to high-density civilian populations, high-value civilian assets, and NCFs if they experience power outages for extended periods.

ANL, INL, LLNL, PNNL, SNL

Analytic Tools

Further develop NRMC’s existing tools to provide new capabilities for CI risk analysis:

  • Asset dependency tool that leverages, identifies, and visualizes functional and geographic infrastructure interdependencies in an intuitive, user-friendly format.
  • Rapid simulation tool that searches and identifies high impact component vulnerabilities.
  • Scenario development tool that feeds NRMC’s Risk Register and other analytic initiatives

 

INL, LLNL, PNNL, SNL

Capability Integration

Integration of new and existing NRMC capabilities within the Modeling Capability Transition Environment (MCTE) to expand STAR capabilities for CISA users.

Asset Partners, SP

 

Emerging Risks

NISAC supports the strategic initiatives focused on identifying, assessing, and positioning the NRMC to address emerging critical infrastructure risks. These projects have targeted various threats, to include the commercialization and increasing competition in space, impacts to critical infrastructure from geomagnetic disturbances and electromagnetic pulse, climate change, mis- and disinformation campaigns, and the ever-evolving cyber risks to physical infrastructure. Through the Secure Tomorrow Series project, NISAC continues to work with the NRMC’s Risk Management Planning Branch to support the development of strategic frameworks and concepts to analyze, manage, and mitigate emerging and future risks to critical infrastructure. 

Line of Effort

Description

Performers

Subject Matter Expertise

Develop understanding of future national strategic and systemic risk and approaches to reduce this risk.

 

Provide an updated assessment of cascading impacts, dependencies, and interdependencies that climate-change induced disruptions may have on NCFs.

IDA, RAND

Methodology Development

Develop, update, and refine the risk assessment methodology that supports CISA’s role in identifying, understanding, and managing climate driven impacts to the NCFs.

RAND

Analytic Tools

Continue to expand the Secure Tomorrow Series Toolkit to give stakeholders strategic foresight methods to gain actionable insights into possible future risks. The Toolkit gives users enhanced risk awareness and mitigation options, while encouraging systems-level thinking and long-term planning.

 

Using game templates, with facilitator, player, and controller guides, as well as read-ahead self-facilitation materials. This toolkit provides improved risk management and strategic planning capabilities to enable users to stress-test current strategy against alternative futures.

ANL

 

NRMC Operational Response

NISAC’s crisis action capability suite supports operational response activities with dependency analysis as well as hazard and infrastructure modeling. As the Modeling Capability Transition Environment (MCTE) progresses and existing capabilities are refined, NISAC is actively building and migrating capabilities within STAR to support an automated enterprise workflow system for infrastructure modeling and risk analysis and near-real time response capabilities to support CISA analysts and senior-level CISA decision makers.

Line of Effort

Description

Performers

Subject Matter Expertise

Identification of potential geo-political impacts on NCFs and related mitigations. This project engages with NRMC partners in NATO, the EU, and other partners to better understand the current geo-political landscape and potential NCF risks. The goal of the project is to provide periodic updates on emerging trends, report on engagements with partners and stakeholders, and establish a conceptual operational capability framework for detection of emerging geopolitical threats to NCFs.

ANL

Data Development and Maturation

Accuracy analysis of current capacity-based thresholds and identification of new thresholds for the Infrastructure of Concern (IOC) set of prioritized infrastructure assets. New thresholds will be created to fill gaps or replace legacy thresholds if they represent an improvement to capturing realized stresses or impacts, as well as appended to the Comprehensive Asset List (CAL) to support implementation during NRMC response activities.

INL

Methodology Development

Advance risk prioritization using the Systemically Important Entities (SIE) program.

  • Develop methods to manage analytic input data;
  • Establish program governance;
  • Implement SIE Program process and procedures; and
  • Advance the Systemic Importance Analytic Platform.

RAND

Modeling and Simulation

Expand the NRMC’s flood modeling and simulation capabilities to rapidly provide spatial and temporal risk analysis for extreme floods impacting NCFs.

  • Provide datasets, real-time and scenario-based, to better understand infrastructure risk.
  • Automate portions of workflows to enable NRMC analysts to initiate their own simulations and access outputs for quick-turn CI risk analysis.

PNNL