The following resources provide further information on how to include infrastructure, dependencies, and resilience into your planning efforts. They provide additional guidance for identifying and analyzing dependencies as well as information regarding hazards and mitigation measures.
Infrastructure Resilience Planning Framework
This planning framework was developed by the Cybersecurity and Infrastructure Security Agency (CISA) to provide an approach for localities, regions, and the private sector to work together to plan for the security and resilience of critical infrastructure services in the face of multiple threats and changes. The IRPF provides tools and resources for integrating critical infrastructure into planning, as well as a framework for working regionally and across systems and jurisdictions.
- Infrastructure Resilience Planning Framework (.pdf, 7.5MB)
Tools within the IRPF that are particularly useful in identifying and planning for infrastructure dependencies include:
Community Systems Dependency Discussion Guide
This guide can be used to facilitate a dependency discussion with the planning team, other participants, or stakeholder groups. The guide includes a list of questions to spark conversation and lead to identification of critical community function and/or facility dependencies on infrastructure systems.
System Owner/Operator Dependency Interview Guide
This guide contains a series of questions that can be used to conduct individual interviews with owners and/or operators of critical infrastructure systems. The questions will help identify and understand the system’s dependencies and capabilities to provide service during a disruptive event.
Meeting Facilitation Guide
This guide can be used to facilitate a meeting with planning participants to identify community functions, facilities, infrastructure systems, and interdependencies that are most critical to the resilience of the community.
Methodology for Assessing Regional Infrastructure Resilience
Based upon lessons learned from a decade of Regional Resiliency Assessment Program (RRAP) projects, this CISA document outlines a repeatable methodology for conducting voluntary regional infrastructure resilience assessments that both public and private stakeholders can tailor to their own needs. The principles and techniques are intended to help communities and organizations understand, assess, and improve the resilience of critical infrastructure systems across the nation. The document includes two parts:
Foundational Concepts of Resilience, which describes what resilience means in the context of critical infrastructure and why studying resilience at a regional level is an important activity for public and private partners.
Methodology for Assessing Regional Infrastructure Resilience, which lays out core elements for assessing the resilience of critical infrastructure, defining key processes and analytical techniques that can yield tangible and actionable options for enhancing resilience through voluntary, collaborative partnerships.
Regional Resilience Assessment Program Dependency Analysis Framework
This report outlines a consistent analytic approach used by CISA for evaluating critical infrastructure dependencies. The report presents a "system of systems" view of dependencies supported by examples of dependency analyses from recent Regional Resiliency Assessment Program (RRAP) projects to illustrate practical applications of concepts in support of infrastructure resilience
CISA Regional Office Services
The Cybersecurity and Infrastructure Security Agency (CISA) delivers services to support the security and resilience of critical infrastructure through 10 regions, inclusive of all states and territories. Regional personnel work with critical infrastructure partners and communities at the regional, state, county, tribal, and local levels to:
- Conduct and integrate infrastructure assessments and analysis, including dependencies and cascading effects, on critical infrastructure to influence decision-making at all phases of emergency management
- Facilitate information sharing between public and private sector critical infrastructure partners
- Improve situational awareness of cybersecurity risks and incidents
- Enhance critical infrastructure cyber systems
- Support preparation, response, and recovery efforts for hazards impacting critical infrastructure
- Safeguard soft targets and crowded places
Community Resilience Planning Guide
This planning guide published by the National Institute of Standards and Technology (NIST) is a two-volume guide for buildings and infrastructure systems that helps communities improve resilience by setting priorities and allocating resources to manage risks. Volume I of the Guide describes the six-step planning process and provides a worked example to illustrate the process. Volume II is a resource that describes how to characterize the social and economic dimensions of the community, dependencies and cascading consequences, and building and infrastructure performance.
NIST has also published supplemental guide briefs and other resources with additional information on supporting methods and best practices. These can be found at:
This framework can help an organization align and prioritize its cybersecurity activities with its business/mission requirements, risk tolerances, and resources. It provides a list of cybersecurity standards, guidelines, and practices that are working effectively today. The framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience.
Additional NIST resources associated with the framework can be found at:
Hazard Mitigation Planning Resources
FEMA has various mitigation and resilience planning resources.
The Resources for Mitigation Activities provides links to examples of mitigation actions to enhance the resilience of a community’s infrastructure, as well as best practices and case studies from communities that have taken actions to mitigate against disasters. The linked Building Science Branch publications also provide multi-hazard mitigation implementation guidance and ideas for mitigation activities.
The Integrating Mitigation with Related Planning Objectives section contains a fact sheet on Protecting Community Infrastructure, amongst other tools for community officials.
The FEMA’s mitigation resources webpage also provides links to various reports from the American Planning Association on topics such as resilient disaster recovery and design.
Regional Resilience Toolkit: 5 Steps to Build Large-Scale Resilience to Natural Disasters
FEMA, EPA, and the Metropolitan Transportation Commission/Association of Bay Area Governments partnered to create this planning toolkit, which is set up to allow multiple jurisdictions to work together for regional-scale resilience actions in partnership with nongovernmental groups/organizations. Rather than solely identifying community assets, this process described in the toolkit encourages a more in-depth approach to conducting a vulnerability assessment and selecting hazard mitigation actions.
U.S. Climate Resilience Toolkit
The U.S. Climate Resilience Toolkit provides guidance, tools, and resources for planners and the general public to help understand impacts of climate change for their communities. This includes both case studies of approaches for enhancing climate resilience as well as mapping products and information about the potential impacts of climate change. The Climate Resilience Toolkit serves as a clearinghouse for several tools and resources from multiple Federal agencies.
American Society of Civil Engineers, Infrastructure Resilience Division*
ASCE provides a number of resources for engineering approaches to enhancing resilience. This includes reports and published standards for enhancing the resilience of infrastructure systems.
American Planning Association Climate Change and Resiliency Library*
The APA maintains a series of books and reports developed for planners on resilience and climate change issues. These range from general planning approaches to incorporating resilience into planning to reviews of how to make individual sectors or systems more resilient.
*The information you have accessed or received is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding this information. DHS does not endorse any entity, product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by DHS.