As the National Coordinator for critical infrastructure security and resilience, CISA stands ready to help America prepare for and adapt to changing risk conditions and withstand and recover rapidly from potential disruptions, regardless of cause.
CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur. As a companion to CISA’s Shields Up initiative, Shields Ready drives action at the intersection of critical infrastructure resilience and national preparedness. This campaign is designed to help all critical infrastructure stakeholders to take action to enhance security and resilience—from industry and businesses to government entities at all levels, and even individuals by providing recommendations, products, and resources to increase individual and collective resilience for different risk contexts and conditions. By taking steps in advance of an incident, organizations, individuals, and communities are better positioned to quickly adjust their posture for heightened risk conditions, in turn helping to prevent incidents, to reduce impact, and get things back to normal—or better—as quickly as possible. Being part of the resilience journey makes for more resilient people, organizations, and communities.
Key Steps to Building Resilience
- Identify Critical Assets and Map Dependencies: Determine the systems that are critical for ongoing business operations and map out their key dependencies on technology, vendors, and supply chains.
- Assess Risks: Consider the full range of threats that could disrupt these critical systems and the specific impacts such threats could pose to continuity of operations.
- Plan and Exercise: Develop incident response and recovery plans to reduce the impact of these threats to critical systems and conduct regular exercises under realistic conditions to ensure the ability to rapidly restore operations with minimal downtime.
- Adapt and Improve: Periodically evaluate and update response and recovery plans based on the results of exercises real-world incidents and an ongoing assessment of the threat environment.
Adapting to Changing Risk Conditions
The threats and hazards facing America’s critical infrastructure are changing, through more frequent, severe natural disasters; relentless criminal and foreign sponsored cyberattacks; continued threats of terrorism and targeted violence; pandemics and changing migration and labor patterns; and growing international competition and potential conflict. The interconnectivity of critical infrastructure also creates risks because a disruption in one place can ripple near and far. We can and must be more resilient to the range of changing risk conditions that threaten critical infrastructure and the communities, and nation, it supports.
Extreme Weather and Climate Change
Natural hazard shocks and stressors like floods, hurricanes, winter storms, wildfires, earthquakes, extreme heat, sea level rise, drought, and geomagnetic disturbances drive significant risk to our critical infrastructure.
Sophisticated, ever-evolving criminal and nation-state cyber threat actors exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.
Terrorism and Targeted Violence
Critical infrastructure systems and assets, and related publicly accessible facilities like businesses, schools, and houses of worship, are common targets of terrorists and other violent criminals.
Take advantage of the free resources available to strengthen and improve the resilience of critical infrastructure systems and services.
Discover how to get involved in Critical Infrastructure Security and Resilience Month using the one-stop-shop toolkit of CISA resources.
This guide, produced by FEMA and CISA, is intended to help state, local, tribal, and territorial emergency management personnel collaboratively prepare for cyber events.
This planning framework provides processes and a series of tools and resources for incorporating critical infrastructure resilience considerations into planning activities.
A guide to help Small and Medium-Sized Businesses establish an actionable Supply Chain Risk Management (SCRM) plan that will support the mitigation of risks and disruptions to their supply chains.
Guidance on responding to and recovering from a cyber attack, including developing an incident response plan and disaster recovery plan; and using business impact assessments to prioritize resources and identify systems to be recovered and more.
The toolkit assists public safety agencies and others responsible for communications networks in evaluating current resiliency capabilities, identifying ways to improve resiliency, and developing plans for mitigating the impact of potential threats.
The Secure Tomorrow Series is a strategic foresight capability focused on identifying emerging and evolving risks that could significantly affect the nation’s critical infrastructure in the next 3 to 20 years in order to analyze, prioritize, and manage those drivers of risk to steer towards a preferred future.
Employ CISA services to collaboratively enhance your organization's or community's resilience.
Interview-based assessment to evaluate an organization’s operational resilience and cybersecurity practices, including its ability to manage cyber risk during normal operations and times of operational stress and crisis.
A comprehensive set of resources to assist stakeholders in conducting their own exercises, including templates for exercise objectives, scenarios, and how to initiate discussions within their organizations about addressing threat scenarios.
A voluntary, cooperative assessment of specific critical infrastructure that identifies a range of security and resilience issues that could have regionally or nationally significant consequences.
FEMA's Ready Campaign
Shields Ready partners with Ready, FEMA’s national public service campaigned designed to educate and empower people to prepare to prepare for, respond to and mitigate emergencies and disasters.