CISA is the Nation's risk advisor, working with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future.
CISA's Infrastructure Security Division coordinates and collaborates across CISA regions (CISA Regions | CISA), government, and the private sector. The Division conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and state, local, tribal, and territorial government (SLTTG) partners understand and address risks to critical infrastructure. It also provides information on emerging threats and hazards so that appropriate actions can be taken, as well as tools and training to help partners in government and industry manage the risks to their assets, systems, and networks.
This Infrastructure Dependency Primer is intended to support regional planners and critical infrastructure stakeholders in their efforts to better understand infrastructure dependencies and use that knowledge to increase resilience. CISA offers several products and services that may be valuable to these stakeholders:
- Protective Security Advisors (PSA) (Protective Security Advisors | CISA): PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts who facilitate local field activities in coordination with other Department of Homeland Security offices. They also advise and assist state, local, and private sector officials and critical infrastructure facility owners and operators.
- Critical Infrastructure Vulnerability Assessments (Critical Infrastructure Vulnerability Assessments | CISA): CISA supports a number of assessment activities for state, local, and private sector partners, Including assist visits, the Infrastructure Survey Tool, the Infrastructure Visualization Platform, and the Regional Resiliency Assessment Program.
- Protected Critical Infrastructure Information (PCII Program | CISA): The PCII program can be used to protect sensitive information about infrastructure assets and systems and enhance data sharing between public and private sector partners.
- Stakeholder Engagement Division (Stakeholder Engagement Division | CISA): To help further support dependencies studies, CISA's Stakeholder Engagement Division (SED) can help SLTTGs develops partnerships, facilitates dialogue, convenes stakeholders, and promotes awareness to help achieve a secure and resilient infrastructure. SED coordinates stakeholder engagements and partnerships to support the CISA's efforts to reduce national risk.
- SLTT Toolkit (SLTT Toolkit | CISA): CISA has developed a set of resources to help recognize and address cybersecurity risks including discussion points for government leaders, steps to start evaluating a cybersecurity program, and a list of hands-on resources available to SLTT governments.
- SLTT Cybersecurity Engagement Program (SLTT Cybersecurity Engagement Program | CISA): CISA provides cybersecurity risk briefings and information on available resources to governors and other appointed and elected SLTT government officials.
- A person, structure, facility, material, or information.
- Critical Infrastructure:
- Infrastructure systems and assets that are so vital that their incapacitation or destruction would have a debilitating effect on security, the economy, public health, public safety, or any combination thereof
- One or more local jurisdictions or special districts, including a region or shared infrastructure corridor.
- Relationships of reliance within and among infrastructure assets and systems that must be maintained for those systems to operate properly or provide services.
- Natural, deliberate, or accidental threats or incidents that have the potential to disrupt or incapacitate a community's infrastructure.
- The collection of interrelated physical, cyber, and organizational assets and systems that provide a flow of products and services essential for the operation of society.
- A combination or group of components that interact with each other to perform a function. Also known as a System.
- The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions; includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.
- The potential for an adverse outcome assessed as a function of threats, vulnerabilities, and consequences associated with an incident, event, or occurrence, often measured, and used to compare different future situations.
- A combination or group of components that interact with each other to perform a function. Also known as a Network.
- Any entity, action, or occurrence, whether natural or man-made, that has or indicates the potential to pose danger to life, information, operations, and/or property.
Communities as Systems
- NIST Community Resilience Planning Guide outlines a series of basic societal functions that communities provide - from economy to education to health.
- Benefit Cost Analysis is a method that determines the future risk reduction benefits of a hazard mitigation project and compares those benefits to its costs.
The following links are various hazard mitigation best practices. These best practice compendiums can provide ideas for mitigation projects as communities seek to enhance the resilience of their infrastructure systems.
- FEMA Mitigation Best Practices Portfolio are stories, articles, or case studies about individuals, businesses or communities that undertook successful efforts to reduce or eliminate disaster risks.
- EPA Water Resilience provides resources in the stages of supporting water sector resilience
- Federal Highway Administration is an agency within the U.S. Department of Transportation that supports State and local governments in the design, construction, and maintenance of the Nation's highway system and various federally and tribal owned lands.
- Department of Energy, Office of Electricity - Electric Grid Resilience Ideas responses from industry and associations on cost-effective ways to enhance the resilience of electric infrastructure systems against severe weather events, including windstorms, floods, wildfires, etc.
The following resources provide further information on how to include infrastructure, dependencies, and resilience into your planning efforts. They provide additional guidance for identifying and analyzing dependencies as well as information regarding hazards and mitigation measures.
- Regional Resilience Assessment Program Dependency Analysis Framework outlines a consistent analytic approach used by CISA for evaluating critical infrastructure dependencies.
- CISA Regional Office Services delivers services to support the security and resilience of critical infrastructure through 10 regions, inclusive of all states and territories.
- Community Resilience Planning Guide: Volume I describes the six-step planning process for buildings and infrastructure systems that helps communities improve resilience by setting priorities and allocating resources to manage risks and provides a worked example to illustrate the process.
- Community Resilience Planning Guide: Volume II describes how to characterize the social and economic dimensions of the community, dependencies, and cascading consequences, and building and infrastructure performance.
- Cybersecurity Framework can help an organization align and prioritize its cybersecurity activities with its business/mission requirements, risk tolerances, and resources. It provides a list of cybersecurity standards, guidelines, and practices that are working effectively today.
- Hazard Mitigation Planning Resources provides links to various mitigation and resilience planning resources.
- Regional Resilience Toolkit: 5 Steps to Build Large-Scale Resilience to Natural Disasters encourages a more in-depth approach to conducting a vulnerability assessment and selecting hazard mitigation actions.
- U.S. Climate Resilience Toolkit provides guidance, tools, and resources for planners and the general public to help understand impacts of climate change for their communities.
- American Society of Civil Engineers, Infrastructure Resilience Division provides resources for engineering approaches to enhancing resilience; including reports and published standards for enhancing the resilience of infrastructure systems.
- American Planning Association Climate Change and Resiliency Library maintains a series of books and reports developed for planners on resilience and climate change issues.