CISA updates infrastructure protection guide for state and local planners

The Cybersecurity and Infrastructure Security Agency on Tuesday published an update to its Infrastructure Resilience Planning Framework, a guidebook meant to help state, local, tribal and territorial governments safeguard their critical systems and facilities.

The framework, which covers both cyber and physical security, is designed to help planners at the state and local level identify and protect against risks, ranging from malicious online actors to manmade disasters to extreme weather. Tuesday’s publication is the first major revision to the document, which was created last year.

Among the updates is a guide for finding geospatial data on critical infrastructure assets from the Department of Homeland Security’s Homeland Infrastructure Foundation-Level Data collection and other data sources. There are also revised methodologies on assessing an infrastructure asset’s resiliency, as well as a new section on how to protect critical facilities from drought conditions.

“Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions,” David Mussington, CISA’s executive assistant director for infrastructure security.

Another addition encourages state and local leaders to gather a diverse set of opinions when drawing up infrastructure protection plans. To do this, CISA recommended identifying a “project champion” — an individual organization like local agency, tribal government or regional planning group — that can take the lead on soliciting input from relevant parties.

“What is important, is that this entity is able to actively support the planning process and implementation efforts,” the framework reads.