Secure Tomorrow Series Toolkit

Overview

The Secure Tomorrow Series Toolkit is a diverse array of interactive and thought-provoking products uniquely designed to assist stakeholders across the critical infrastructure community to self-facilitate and conduct strategic foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and develop risk management strategies that, if taken today, could enhance long-term critical infrastructure security and resilience to implement now.

Central to the Secure Tomorrow Series effort is the selection of topics that are likely to have highly disruptive impact across multiple National Critical Functions. To this end, the National Risk Management Center worked with subject matter experts from academia, think tanks, the private sector, and the National Labs to help build and refine the knowledge base that underlies the Toolkit activities. 

These free voluntary resources are available to stakeholders in every critical infrastructure sector. More specifically, the Toolkit will assist users in identifying and examining risk mitigation strategies, managing uncertainty and encouraging strategic foresight methods in their long-term planning.

Topics

The Secure Tomorrow Series Toolkit currently addresses six topics:

1. Anonymity and privacy: Maintaining the balance between identity verification—for purposes such as voting, disease-related contact tracing, and law enforcement—and protecting anonymity is becoming increasingly challenging.
2. Trust and social cohesion: Exploring how emerging risks to critical infrastructure and cybersecurity and potential mitigation strategies affect social cohesion—a sense of belonging within a community.
3. Data storage and transmission: Accelerating rates of data creation and transmission places increasing importance on secure data storage and transmission.
4. Brain-computer interfaces (BCIs): BCIs provide a direct communication pathway between the brain and an external device, for the purposes of either “reading from” or “writing to” the brain.
5. Synthetic biology: The redesigning and harnessing of biological organisms to impart new or improved abilities and produce products.
6. Quantum technologies: Technologies associated with understanding and manipulating quantum phenomena (such as entanglement and superposition) for acquiring, communicating, and processing information.

Getting Started: Toolkit Activities

The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning. Specifically, it contains game templates; facilitator, player, and controller guides; read-ahead materials, and other materials needed for users to self-facilitate four* different activities:

• Scenarios workshop: Participants will explore different future scenarios to identify ways in which the operating environment for owners and operators may evolve and how this evolution may affect the security and resilience of critical infrastructure systems. Participants will learn how identify a prioritized set of risk mitigation strategies that will increase critical infrastructure resilience and security, regardless of future uncertainties.
• Matrix games: Players tackle incidents and trends that could negatively affect the U.S. in the future and debate strategies to mitigate accompanying risks to critical infrastructure security and resilience. Participants will engage and challenge each other to think strategically about critical infrastructure resilience and preparedness from multiple perspectives.
• Cross-impacts sessions:  Participants focus on how emerging and evolving risks and key drivers of change might affect different National Critical Functions in distinct ways. Participants will come away with a better understanding of the ramifications of these drivers of change for different critical functions.
• Threat timelines activity: Players generate fictional news headlines that describe future security threats to a particular technology or system. Through these headlines, players think about plausible futures, reflect on potential threats to critical infrastructure security and resilience; and identify corresponding mitigating actions that can be put into motion today.

*The Threat timelines activity is available only for the following topic areas: (1) anonymity and privacy, (2) trust and social cohesion, and (3) data storage and transmission.

By downloading the Toolkit, users will learn how to conduct foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and proactively develop corresponding risk management strategies they can implement now. As a starting point, please review the Scenarios Workshop Synopses about future risks, and then move on to explore the Matrix Games and Cross-Impacts depending on time and participant needs and interest.

Toolkit Next Steps

CISA’s National Risk Management Center is working on the next iteration of the Toolkit focused on the following topics: (1) advanced manufacturing; (2) information and communications technology (ICT) supply chain resilience; and (3) water availability.