Saturday, December 21, 2024

CISA updates Secure Tomorrow Series Toolkit to enhance preparedness across critical infrastructure

Must read

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated the Secure Tomorrow Series Toolkit to assist in raising preparedness among critical infrastructure owners and operators. These stakeholders face several challenges because social, technological, economic, environmental, and political changes are bringing about the appearance of new and evolving risks at an increased pace. Simultaneously, the demands of operations, business, and other priorities compete for their time and attention at the expense of being able to focus on future resilience and security requirements.

“With multiple risk factors and demands on everyone’s time, asking the right questions is critical to gaining better insights,” Erin Walsh, associate director of strategic foresight at CISA, wrote in a news post. “While everyone wants to be ready for whatever’s coming on the horizon, having discussions around an uncertain future can feel daunting, and an unfocused approach can result in vague and non-actionable strategies that can leave organizations and their people less safe and less resilient.”

The Secure Tomorrow Series Toolkit is meant to help bridge the gap by structuring and facilitating these discussions. Each year, CISA selects three topics with significant potential to disrupt multiple National Critical Functions and delves into how these topics might result in emerging and evolving risks that affect critical infrastructure resilience and security. The update introduces three new topics – Information and communications technology supply chain resilience; advanced manufacturing; and water availability. 

These topics add to the existing Secure Tomorrow Series Toolkit library that covers brain-computer interfaces, synthetic biology, quantum technologies, anonymity and privacy, trust and social cohesion, and data storage and transmission.

Walsh added that CISA uses this knowledge base to build a toolkit of strategic foresight activities. The idea is to package proven methods, high-quality prompts, and extensive supporting materials together, so that critical infrastructure partners can confidently bring together participants with domain-, regional-, and sector-specific expertise and productively arrive at risk mitigation strategies that are relevant and actionable. Secure Tomorrow Series Toolkit products help distill and distinguish real concerns arising from each topic, which participants then ground in the realities of their situations.

“Each toolkit activity is carefully designed to allow whoever is sponsoring an activity to engage with their critical infrastructure community in fun, challenging, and productive ways,” Walsh detailed. “From matrix games that can be played in a single morning or afternoon session, to one-day scenarios workshops that integrate multiple topics to highlight systems and emergent risks, the toolkit has activities targeted to different levels of participation and time commitment. The hope is that these activities lead to better insights on risk mitigation that participants can bring back to their organizations while strengthening networks to engage in further planning and implementation.”

In a publication titled ‘Scenarios Workshop 3 Synopses: Scenarios Workshop – Scenario Synopses,’ CISA noted that the workshop uses hypothetical scenario narratives to help participants explore ways in which the operating environment for critical infrastructure owners and operators may evolve over the next three to seven years, and how this evolution may affect the security and resilience of critical infrastructure systems. 

The workshop’s three scenarios center on plausible future changes about three recent topics on advanced manufacturing; information and communications technology; supply chain resilience; and water availability. 

CISA detailed that different regions of the U.S. increasingly find themselves threatened by either too much or too little water. The three issues that have exacerbated the challenges that jurisdictions face with water include the growing effects of climate change; aging water infrastructure; and breakdowns in public trust. 

To date, efforts to address these issues have proven insufficient. Transitioning to clean energy, for example, to reduce greenhouse gas emissions and address climate change has been hindered by slower-than-expected adoption of electric vehicles, challenges with workforce development and reskilling, and a failure for new materials and greener processes to be incorporated at scale. A more moderate future will require an immoderate effort to address these issues moving forward. 

The second scenario centers on the 2020s, a period in which the United States engages in a renewed era of great power competition, primarily driven by the pursuit of technological leadership. Efforts to control key technologies such as semiconductors lead to partial decoupling internationally, onshoring of production for critical sectors, and tensions over supply chains. 

CISA identified that by 2030, despite achieving considerable gains in onshoring the manufacture of critical technologies, the U.S. faces an uncertain future about whether its policies and investments over the past decade will be sustainable absent permanent government subsidies and continued protectionism. Furthermore, protectionist trade and investment policies have limited U.S. access to several international markets. Meanwhile, the emergence of artificial intelligence has reshaped the landscape for both cyber offense and defense.

The third scenario examines the situation in Monroe, where the city has announced it has less than six months of water supply left, necessitating severe reductions that will significantly affect both residents and businesses. “However, Monroe is just one of many cities in the United States facing a likely water crisis. There are many stresses on water systems, but an underappreciated one is the demand from the energy sector,” CISA added. 

As the U.S. pursues the clean energy transition (i.e., investing in alternative fuels, photovoltaics, electric batteries, etc., to reduce carbon emissions), energy demand is increasing, and, at least in the short term, this is causing increased dependence on traditional sources of energy. 

“Energy production is a water-intensive process, as is the production of necessary equipment,” the CISA brief identified. “The author of the scenario’s fictitious essay advocates for approaching water resources more holistically: examining demand and exploring solutions across jurisdictions (where they draw from the same water sources) and sectors, most critically the energy and agriculture sectors.”

Last month, Secretary of Homeland Security Alejandro N. Mayorkas provided strategic guidance to bolster critical infrastructure security and resilience. Originating from President Joe Biden’s National Security Memorandum (NSM-22), the directive instructs federal agencies, critical infrastructure owners, and other stakeholders to focus on specific risk areas. Additionally, it outlines priorities for the 2024-2025 national critical infrastructure risk management cycle defined in NSM-22. This comprehensive effort, planned for the next two years, is designed to safeguard the critical infrastructure systems essential to everyday American life.

Latest article