The US Cybersecurity and Infrastructure Security Agency (CISA) has designated November as Critical Infrastructure Security and Resilience Month.
To kick the month off the White House issued a Presidential Proclamation and called on Americans to recognize the importance of this month to enhance collective national security and resilience.
CISA is highlighting that critical infrastructure and other organizations should:
- Assess Your Risk. Organizations should identify their most critical functions and assets, define dependencies that enable the continuity of these functions, and consider the full range of threats that could undermine functional continuity.
- Make a Plan and Exercise It. Organizations should perform dedicated resilience planning, determine the maximum downtime acceptable for customers, develop recovery plans to regain functional capabilities within the maximum downtime, and test those plans under real-life conditions to ensure the ability to operate through disruption.
- Continuously Improve and Adapt. Organizations should be prepared to regularly adapt to changing conditions and threats. This starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents, and evolving cross-sector risks.
Visit CISA’s Critical Infrastructure Security and Resilience Month webpage for more information, resources and a toolkit: cisa.gov/CISR.