Forging National Resilience for an Era of Disruption

Resilience has defined our Nation since our founding. From weathering the Great Depression and mobilizing to support the Allied victory in World War II, to enhancing homeland security after 9/11 and the unprecedented response to COVID-19, the U.S. has repeatedly demonstrated its capacity to adapt, to change, to endure moments of crisis, and to respond and recover. 

We must again embrace national resilience as we navigate a new era of disruptive change and risk posed by People’s Republic of China (PRC) and Russian nation state actors, climate change-induced extreme weather, and technological revolutions. These dynamics threaten the reliable operation of critical infrastructure that businesses, our national security, and local communities rely upon every day. How fast, decisively, and collectively we adapt to and build resilience to these challenges will have an outsized impact on American prosperity for the remainder of the 21^st Century. 

As the National Coordinator for Critical Infrastructure Security and Resilience, CISA has played a central role in forging resilience—from COVID-19 to incidents of domestic terrorism and targeted violence to unrelenting criminal cyberattacks against businesses across the nation to the full-scale Russian invasion of Ukraine. The Ukraine war in particular not only demonstrates how adversaries increasingly use “gray zone” and “hybrid” warfare to target critical infrastructure and sow chaos, but also how democratic nations and alliances can successfully be resilient against disruptive aggression. CISA’s ongoing operational collaboration with Ukraine and other partners on the front lines of these attacks, including technical exchanges focused on resilience, provide lessons learned and inspiration that strengthen our resolve to achieve the Agency’s vision of “Secure and Resilient Critical Infrastructure for the American People.” 

PRC cyber aggression most acutely demonstrates why we must embrace national resilience with more urgency. The stakes could not be higher, because the PRC and other actors no longer just spy and steal business, defense, and consumer data; they now deploy sophisticated campaigns to infiltrate, hijack, or destroy key critical infrastructures like ports, energy grids, water systems, and communications that would disrupt our ability – civilian and military – to respond to crises and simultaneously sow chaos throughout society. We all rely on these key systems, whether senior government officials, business executives, school and hospital administrators, or individuals and families. But in this era of disruptive change, the increasing interconnectedness of our cyber and physical systems means infrastructure systems that served as a highly reliable backbone for American power and prosperity suddenly feel like an Achilles heel. Disruptive cyber or physical incidents in one system or location, like the Colonial Pipeline or SolarWinds incidents, a major hurricane or geopolitical crisis, or the current PRC campaigns CISA is working to stop, can trigger cascading failures across multiple systems, infrastructure sectors, and regions, magnifying the impact and delaying recovery efforts. When there is no stopping Mother Nature and until we strengthen our defense against malicious cyber infiltrators, expecting disruption and building resilience is a national imperative at all levels of society. Resilience is not optional. 

In that context, CISA took a strategic approach through national calls-to-action in Stop Passing the Buck on Cybersecurity: Why Companies Must Build Safety Into Tech Products, The Power of Resilience: What America Can Learn from our Partners in Ukraine, and Artificial Intelligence’s Threat to Democracy: How to Safeguard U.S. Elections From AI-Powered Misinformation and Cyberattacks. The implication: critical infrastructure owner/operators, and society as a whole, must anticipate disruption from one or more of the threats in this era as the “new normal” and take preparatory action up front to enhance resilience, operate in a degraded state, and ultimately reduce or eliminate downtime when disruption occurs.  Resilience was elevated as an agency priority and, following the success of the Shields Up campaign, CISA launched the Shields Ready resilience awareness campaign alongside the Federal Emergency Management Agency (FEMA) to further empower the critical infrastructure community to prepare for, withstand, and recover from potential disruption. Shields Ready promotes four key steps to build resilience that will help individuals and organizations enhance their resilience postures, each aligned to free CISA guidance, tools, and technical assistance available to help achieve their goals. 

Over the last several years, CISA has doubled down on building resilience at all levels of critical infrastructure and society and will continue to launch and deliver customer-focused products and services that empower critical infrastructure and national resilience in the era of disruption. Other highlights of CISA’s resilience-building efforts since 2021 include:   

Resilience-building Guidance, Tools, and Assistance

• Launched our flagship portfolio of resilience resources, centered on the Infrastructure Resilience Planning Framework (IRPF) and including the supplemental IRPF Launchpoint and IRPF Playbook guides, as well as the Infrastructure Dependency Primer (IDP), an interactive tool to understand critical infrastructure, dependencies.
• Released Planning Considerations for Cyber Incidents: Guidance for Emergency Managers, co-developed with FEMA, a first-of-its-kind resource to prepare emergency managers for the disruptive, wide-scale cyber incidents common today.
• Increased the delivery of free resilience-building assessments by 80% since Shields Ready was launched to help stakeholders understand and mitigate their vulnerabilities.
• Co-led unprecedented DHS industry engagement on the resilience of critical underseas cables, resulting in the release of Priorities for DHS Engagement on Subsea Cable Security & Resilience.

Community-Level Safety and Resilience

• Led the DHS efforts to strengthen operational resilience of K-12 schools and school systems against disruptive cyber, physical, and anonymized threats. 
• Launched the Be Air Aware™ program to increase awareness of cyber and physical risks posed by increasingly common unmanned aircraft systems (UAS or drones).  
• Launched the Operation Flashpoint national awareness campaign with the FBI to help businesses safeguard relevant products that could be used to make homemade bombs.  

Partnerships

• Expanded civil-military collaboration with the Department of Defense to build resilience in critical infrastructure that enables defense missions.
• Strengthened resilience-building partnerships with FEMA and the emergency management community, including significant contributions to the first National Resilience Guidance and updated National Disaster Recovery Framework (NDRF) that further integrate critical infrastructure with national preparedness activities. 
• Led the “Critical Five” allied critical infrastructure-focused partnership in 2024 with Canada, the UK, Australia, and New Zealand and implementation of the “Strengthening Integrated Resilience” annual workplan that resulted in the first shared framework for resilience.

CISA is committed to expanding and building on this important work, but we can’t do it alone. Business and government entities that own or operate critical infrastructure have a responsibility to enhance resilience because, no matter the line of work or location, critical infrastructure connects us all. In this era of infrastructure disruption, it’s imperative that all critical infrastructure entities work to build resilience by anticipating the potential causes of disruption, understanding vulnerabilities and interdependencies, adopting good cyber hygiene and replacing risky technologies, and developing and exercising incident response plans to sustain operations. It takes adaptation and discipline, but the reward is reduced risk of disruptive downtime and contributing to national resilience, overall. CISA can help. To get started or to level-up your resilience journey, visit our Shields Ready website and take advantage of CISA’s extensive list of free programs and resources.