The Secure Tomorrow Series Toolkit is a diverse array of interactive and thought-provoking products uniquely designed to assist stakeholders across the critical infrastructure community to self-facilitate and conduct strategic foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and develop risk management strategies that, if taken today, could enhance long-term critical infrastructure security and resilience to implement now.

Central to the Secure Tomorrow Series effort is the selection of topics that are likely to have highly disruptive impact across multiple National Critical Functions. To this end, the National Risk Management Center worked with subject matter experts from academia, think tanks, the private sector, and the National Labs to help build and refine the knowledge base that underlies the Toolkit activities. This iteration of the Toolkit focuses on three topic areas: (1) anonymity and privacy, (2) trust and social cohesion, and (3) data storage and transmission.

These free voluntary resources are available to stakeholders in every critical infrastructure sector. More specifically, the Toolkit will assist users in identifying and examining risk mitigation strategies, managing uncertainty and encouraging strategic foresight methods in their long-term planning.

TOOLKIT ACTIVITIES

The Toolkit provide a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning. Specifically, it contains game templates; facilitator, player, and controller guides; read-ahead materials, and other materials needed for users to self-facilitate four different activities:

• Scenarios workshop: Participants explore four different future scenarios (Life Under a Microscope, A Fragmented World, Deep Disinformation, and A New Wave of Cooperation), and identify a set of strategies that would most effectively mitigate risk across all the scenarios.

• Threat timelines activity: Players generate fictional news headlines that describe future security threats to a particular technology or system. Through these headlines, players think about plausible futures, reflect on potential threats to critical infrastructure security and resilience; and identify corresponding mitigating actions that can be put into motion today.

• Matrix games: Players tackle incidents and trends that could negatively affect the U.S. in the future and debate strategies to mitigate accompanying risks to critical infrastructure security and resilience.

• Cross-impacts sessions: Participants brainstorm ideas on how key risk drivers to the three topics might affect different NCFs.

By downloading the Toolkit, users will learn how to conduct foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and proactively develop corresponding risk management strategies they can implement now.

GETTING STARTED WITH THE TOOLKIT

The Toolkit includes guides to facilitate each activity. The number of participants and time requirements vary for the four activities. A matrix game takes 3 hours to play with 3–5 participants, whereas a scenarios workshop is a full-day activity involving between 30–40 participants.

As a starting point, please review the Scenarios Workshop Synopses about future risks, and then consider the Threat Timelines as a warm-up activity, and then move on to explore the Matrix Games and Cross Impacts depending on time and participant needs and interest.

Scenarios Workshop

Participants will explore four different future scenarios to help participants explore ways in which the operating environment for owners and operators may evolve and how this evolution may affect the security and resilience of critical infrastructure systems. Participants will learn how identify a prioritized set of risk mitigation strategies that will increase critical infrastructure resilience and security, regardless of future uncertainties.

Minimum Number of Participants Required: 30-40 participants

Time Estimate: 8 hours

• Scenarios Workshop Synopses
• Scenarios Workshop Facilitator(s) Guide
• Scenarios Workshop: Introduction and Roadmap Slides
  • Scenarios Workshop: Introduction and Roadmap Presentation Slide Notes
• Scenario Narrative 1: Life Under a Microscope
• Scenario Narrative 2: A Fragmented World
• Scenario Narrative 3: Deep Disinformation
• Scenario Narrative 4: New Wave of Cooperation
• Scenarios Workshop: Are We There Yet Poll
• Scenarios Workshop: Are We There Yet Slides
  • Scenarios Workshop: Are We There Yet Presentation Slide Notes

Threat Timelines

Players will generate fictional news headlines that describe future security threats to a particular technology or system to think about plausible futures, reflect on emerging and evolving threats to critical infrastructure security and resilience, and identify corresponding mitigating actions that could be put into motion today.

Minimum Number of Participants Required: 4-6 participants

Time Estimate: 1-1.5 hours

• Threat Timelines Facilitator Guide
• Threat Timelines Read Ahead

Matrix Games

Players will tackle incidents and trends that could negatively affect the United states in the future, and debate strategies to mitigate accompanying risks to critical infrastructure security and resilience. Participants will engage and challenge each other to think strategically about critical infrastructure resilience and preparedness from multiple perspectives.

Minimum Number of Participants Required: 3-5 participants

Time Estimate: 2.5 hours

Matrix Game: Data Privacy, Storage, and Transmission

• Matrix Game, Alternative Futures: Data Privacy, Storage, and Transmission One-Pager
• Matrix Game, Alternative Futures: Data Privacy, Storage, and Transmission Controller Guide
• Matrix Game, Alternative Futures: Data Privacy, Storage, and Transmission Player Guide
• Matrix Game, Alternative Futures: Data Privacy, Storage, and Transmission Game Board
• Matrix Game, Alternative Futures: Data Privacy, Storage, and Transmission Placemat
• STEEP Disruptors and Odds Poster

Matrix Game: Trust and Social Cohesion

• Matrix Game, Alternative Futures: Trust and Social Cohesion One-Pager
• Matrix Game, Alternative Futures: Trust and Social Cohesion Controller Guide
• Matrix Game, Alternative Future: Trust and Social Cohesion Player Guide
• Matrix Game, Alternative Futures: Trust and Social Cohesion Game Board
• Matrix Game, Alternative Futures: Trust and Social Cohesion Placemat
• STEEP Disruptors and Odds Poster

Cross-Impacts

Participants focus on how emerging and evolving risks and key drivers of change might affect different National Critical Functions in distinct ways. Participants will come away with a better understanding of the ramifications of these drivers of change for different critical functions.

Minimum Number of Participants Required: 8-12 participants

Time Estimate: 4 hours

• Cross-Impacts Facilitator Guide
• Cross-Impacts Read Ahead: Anonymity and Privacy
• Cross-Impacts Read Ahead: Data Storage and Transmission
• Cross-Impacts Read Ahead: Trust and Social Cohesion

TOOLKIT NEXT-STEPS

CISA’s National Risk Management Center is working to develop the next iteration of the Toolkit focused on the following topics: (1) synthetic biology; (2) brain computer interface (BCI); (3) mis-, dis-, and malinformation (MDM); and (4) quantum technologies (to include computing, communications, and sensors). The next Toolkit will be available in later this year.