The Cybersecurity and Infrastructure Security Agency (CISA) has announced the kickoff of Critical Infrastructure Security and Resilience Month and the White House issued a Presidential Proclamation to commemorate November as Critical Infrastructure Security and Resilience Month and called on Americans to recognize the importance of this month to enhance our collective national security and resilience.
This November, CISA is asking to Resolve to be Resilient by preparing and investing in resilience today, so the nation can recover quickly in the event of an incident tomorrow. CISA is highlighting practices critical infrastructure organizations can implement to recover rapidly in the aftermath of any significant disruption:
- Assess your risk. Organizations should identify their most critical functions and assets, define dependencies that enable the continuity of these functions, and consider the full range of threats that could undermine functional continuity.
- Make a plan and exercise it. Organizations should perform dedicated resilience planning, determine the maximum downtime acceptable for customers, develop recovery plans to regain functional capabilities within the maximum downtime and test those plans under real-life conditions to ensure the ability to operate through disruption.
- Continuously improve and adapt. Organizations should be prepared to regularly adapt to changing conditions and threats. This starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents and evolving cross-sector risks.