The Cybersecurity and Infrastructure Security Agency (CISA) released an update of its year-old Infrastructure Resilience Planning Framework (IRPF) yesterday. The document is intended to help state, local, tribal and territorial governments incorporate critical infrastructure security and resilience considerations in their planning activities, and it details various tools, resources and advice.
“Today’s update adds important new resources and tools to better support partners as they face an evolving threat environment,” CISA posted on LinkedIn. “Regional planning and development organizations report that the IRPF helps to prioritize those projects that can best reduce risk to regional health and economies. We are working with … regional offices and federal and association partners to develop additional tools and resources to address equity, climate change and other hazards and challenges and develop training and technical assistance.”
CISA designed the IRPF to be “a flexible framework that enables users to identify critical infrastructure, assess related risks, and develop and implement resilience solutions,” it says in an FAQ. The framework “helps users to understand interconnected infrastructure systems and can be incorporated into many types of plans such as economic development, capital improvement, hazard mitigation and emergency response/recovery.”
The IRPF outlines a broad, five-step process for governments to take action:
1. Lay the groundwork for later efforts by first determining the scope of the planning efforts, creating planning teams and reviewing existing information, plans and materials.
2. Identify critical infrastructure and any dependencies among them.
3. Assess risks to critical infrastructure, including vulnerabilities and threats and potential direct and indirect consequences.
4. Identify strategies for mitigating risks to critical infrastructure and improving resilience.
5. Implement resilience efforts — particularly as part of existing planning mechanisms and, potentially, with the help of various funding and technical assistance sources — and then evaluate their effectiveness.
From The Shadows Emerges Knowledge