Secure Tomorrow Series

Secure Tomorrow Series seal - Round shaped logo with a white path leading towards the silhouette of a black and green colored city with a bridge and three wind turbines in the far back. There is an orange sun in the center between the city and the bridge and the silhouette of an airplane flying over it.In a constantly changing and complex operating environment, perfectly accurate forecasts about the future are an impossibility. Instead, exploring alternative futures and potential drivers of change is a potent technique for managing uncertainty and improving decision-making to enhance our national capacity to ensure security, economic vitality, and public health and safety. To build a more resilient and secure future, the Secure Tomorrow Series is a strategic foresight capability focused on identifying emerging and evolving risks that could significantly affect the nation’s critical infrastructure in the next 5 to 20 years in order to analyze, prioritize, and manage those drivers of risk to steer towards a preferred future.

Managed by CISA’s National Risk Management Center, the goal of the Secure Tomorrow Series is to build understanding of challenges that may affect the strategic operating environment, identify potential risk mitigation strategies, and apply this knowledge to promote methods that create more resilient critical infrastructure systems in the long-term.


Strategic foresight is one of several terms (i.e., futures studies, futurology) used to describe the study of alternative futures by anticipating how various drivers—aging infrastructure, global pandemics, climate change, emerging technologies, and more—may impact how the world is changing. The intent of strategic foresight is to identify actions that, if taken today, would steer a community or organization toward its preferred future. For CISA, this means a future in which critical infrastructure is more secure and resilient. A central premise of strategic foresight is that no one entity can successfully predict the future. Instead, the methodology treats the future as a set of plausible alternatives.

The Secure Tomorrow Series effort aligns with the National Critical Functions (NCFs) risk management framework which looks at improving resilience across the Nation’s critical infrastructure ecosystem in a more targeted, prioritized, and strategic manner. Using the NCF Framework, the NRMC is working to understand what entities come together to support/enable critical functions, and what assets, systems, networks, and technologies underpin those functions. The NCFs are those functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, and/or any combination thereof.


Central to the Secure Tomorrow Series effort is the selection of topics to explore that are likely to have highly disruptive impact across multiple National Critical Functions (NCFs) in the next 5-20 years.

Topic: Anonymity and Privacy

image of a magnifying glass

Maintaining the balance between identity verification—for purposes such as voting, disease-related contact tracing, and law enforcement—and protecting anonymity is becoming increasingly challenging. Online activity and tracking, machine learning, facial recognition, data aggregation, and third-party data brokers present evolving threats to individual control of data and privacy. Meanwhile, recent data privacy laws and regulations, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act, have redefined what constitutes personal data.

  • NCFs include: Protect Sensitive Information; Preserve Constitutional Rights; Enforce Law; Provide Information Technology Products and Services; Provide Identity Management and Associated Trust Support Services; Maintain Access to Medical Records; and Provide Internet Based Content, Information, and Communication Services.

Topic: Trust and Social Cohesion

vector image of cyber workforceSocial cohesion is commonly defined as citizens’ belief that they share a moral community or common focus on societal well-being with one another, their governing bodies, and other institutions. This belief generally leads to trust. Social cohesion provides a source of potential risk to critical infrastructure and cybersecurity as well as a tool to mitigate that risk. Numerous factors can influence the degree of social cohesion, or sense of belonging, within a community and the effect of that cohesion on individual and community behavior and overall security. For example, Americans and critical infrastructure owners look to institutions (e.g., local police department and election officials) to perform important functions such as ensuring public safety and supporting the secure and reliable delivery of NCFs.

The ability or inability—whether real or perceived—to provide these functions reliably can affect public trust, diminish faith in function, and have deleterious impacts on national security. Exploring how emerging risks to critical infrastructure and cybersecurity and potential mitigation strategies affect social cohesion, positively and negatively, provides insights into the associated individual and community responses and their impact on critical infrastructure and cybersecurity risk management. Such analysis may expose unanticipated threats and vulnerabilities caused or exacerbated by reduced social cohesion or challenges to potential response activities.

  • NCFs include: Enforce Law, Operate Government, Conduct Elections, prepare for and Manage Emergencies, Support Community Health, and Provide Public Safety.

Topic: Data Storage and Transmission

vector image of globeData creation is growing at an accelerating rate, placing increasing demands on systems to ensure secure storage and transmission. Data access, integrity, and confidentiality are critical to accomplishing national objectives, including economic growth; improvements in medicine, public health, and public safety; and dominance in key emerging technologies (e.g., artificial intelligence). The Nation must also guard against potential risks, including breaches, privacy violations, algorithmic bias, misuse of data, and loss of public trust. Approaches to data—what’s considered fair, appropriate, and desirable—can vary greatly among countries and lead to competitive advantages. Effective and efficient use of data can be a value driver.

  • NCFs include: Provide Internet Based Content, Information, and Communication Services; Provide Internet Routing, Access, and Connection Services; Protect Sensitive Information; Operate Core Network; Provide Information Technology Products and Services; and Provide Identity Management and Associated Trust Support Services


In June 2020, the NRMC began engaging with subject matter experts from academia, think tanks, the private sector, and the National Labs on three Secure Tomorrow Series topics. The knowledge gained from these engagements provided the foundation for the Secure Tomorrow Series Toolkit which empowers individuals, departments and agencies, and organizations on how to use strategic foresight in their long-term planning.

The Toolkit provide a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning. Specifically, it contains game templates; facilitator, player, and controller guides; read-ahead materials, and other materials needed for users to self-facilitate four different activities:

  • Scenarios workshop: Participants explore four different future scenarios (Life Under a Microscope, A Fragmented World, Deep Disinformation, and A New Wave of Cooperation), and identify a set of strategies that would most effectively mitigate risk across all the scenarios.

  • Threat timelines activity: Players generate fictional news headlines that describe future security threats to a particular technology or system. Through these headlines, players think about plausible futures, reflect on potential threats to critical infrastructure security and resilience; and identify corresponding mitigating actions that can be put into motion today.

  • Matrix games: Players tackle incidents and trends that could negatively affect the U.S. in the future and debate strategies to mitigate accompanying risks to critical infrastructure security and resilience.

  • Cross-impacts sessions: Participants brainstorm ideas on how key risk drivers to the three topics might affect different NCFs.

By downloading the Toolkit, users will learn how to conduct foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and proactively develop corresponding risk management strategies they can implement now.



For questions or comments about the Secure Tomorrow Series, email

Was this webpage helpful?  Yes  |  Somewhat  |  No