Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesElection Threat Updates#protect2024Secure Our WorldShields UpReport A Cyber Issue

CISA logo image. America's Cyber Defense Agency, National Coordinator for Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
    CISA Central
    2023 Year In Review
    Contact Us
    Subscribe

Free Cyber ServicesElection Threat Updates#protect2024Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Topics
  3. Cyber Threats and Advisories
Share:
Blue gradient background with white CISA logo

Shields Ready

As the National Coordinator for critical infrastructure security and resilience, CISA stands ready to help America prepare for and adapt to changing risk conditions and withstand and recover rapidly from potential disruptions, regardless of cause.

A green shield with a white checkmark
Report a Cyber Issue
Organizations should report anomalous cyber activity and or cyber incidents 24/7 to report@cisa.gov or 1-844-Say-CISA.

Overview

CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur. As a companion to CISA’s Shields Up initiative, Shields Ready drives action at the intersection of critical infrastructure resilience and national preparedness. This campaign is designed to help all critical infrastructure stakeholders to take action to enhance security and resilience—from industry and businesses to government entities at all levels, and even individuals by providing recommendations, products, and resources to increase individual and collective resilience for different risk contexts and conditions. 

By taking steps in advance of an incident, organizations, individuals, and communities are better positioned to quickly adjust their posture for heightened risk conditions, in turn helping to prevent incidents, to reduce impact, and get things back to normal—or better—as quickly as possible. Being part of the resilience journey makes for more resilient people, organizations, and communities. 

Current Threat Landscape

Today’s challenges are dynamic and rapidly evolving as technology advances. State-sponsored cyber threats from nation-state cyber actors like Iran, North Korea, People's Republic of China, and Russia, the mounting risks of severe weather, and the uncertainties of artificial intelligence demand unwavering vigilance and adaptability. 

A shifting geopolitical landscape has intensified national security concerns and has shown how targeting critical infrastructure can be a primary attack vector for weakening a country’s ability to protect itself, and its citizens. This can occur both in a conflict setting, as well as through indirect, long-term foreign interference campaigns.  

Additionally, the interconnectivity of critical infrastructure also creates risks because a disruption in one place can ripple near and far. We can and must be more resilient to the range of changing risk conditions that threaten critical infrastructure and the communities, and nation, it supports. 

Complicating matters, the boundaries between the nation’s cyber and physical infrastructure are increasingly blurred. The convergence of cyber-physical technologies and systems that deliver our critical functions — from manufacturing to healthcare to transportation and beyond — means that single events can manifest in the loss or degradation of service across multiple industries. 

All of these factors demand a greater focus on resilience. 

Graphic for National Security Memorandum on Critical Infrastructure Security and Resilience with related icons

National Security Memorandum

 On April 30, 2024, the White House published the National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience. The NSM highlights CISA’s role as National Coordinator for Critical Infrastructure Security and Resilience.

Visit here for more information

Key Steps to Building Resilience

Resilience is the ability to prepare for and adapt to changing risk conditions and withstand or recover rapidly from disruptions, regardless of cause. Critical infrastructure entities and other organizations can be more resilient (or Resolve to be Resilient) by integrating certain practices that will make themselves secure, resilient, and able to bounce back quickly and build back stronger from an incident: 

1: Identify Critical Assets and Map Dependencies 

Determine the systems that are critical for ongoing business operations and map out their key dependencies on technology, vendors, and supply chains. 

cyber city

Cyber Resilience Review (CRR)

An assessment that evaluates an organization's operational resilience and cybersecurity practices.
Secure Tomorrow Series

Secure Tomorrow Series Toolkit

Free, voluntary resources to help stakeholders across the critical infrastructure community identify and examine risk mitigation strategies, manage uncertainty, and encourage strategic foresight methods in their long-term planning.

2: Assess Risks

Consider the full range of threats that could disrupt these critical systems and the specific impacts such threats could pose to continuity of operations.  

An image of the US with cyber nodes

Regional Resiliency Assessment Program

A voluntary, cooperative assessment of specific critical infrastructure that identifies a range of security and resilience issues that could have regionally or nationally significant consequences.

3: Plan and Exercise

Develop incident response and recovery plans to reduce the impact of these threats to critical systems and conduct regular exercises under realistic conditions to ensure the ability to rapidly restore operations with minimal downtime. 

An evening hour city scape with icons pointing out various infrastructure systems within the city
MARCH 25, 2024 | PUBLICATION

Infrastructure Resilience Planning Framework (IRPF)

This planning framework provides processes and a series of tools and resources for incorporating critical infrastructure resilience considerations into planning activities.
View Files
Image of a cityscape with IRPF Playbook in text overlay
PUBLICATION

Infrastructure Resilience Planning Framework (IRPF) Playbook

The IRPF Playbook assists critical infrastructure stakeholders in incorporating infrastructure resilience into planning.
Download File (PDF, 1.12 MB)
A group of people in a course sitting in seats listening to an instructor up front
INCREASE YOUR RESILIENCE

CISA Tabletop Exercise Packages

A comprehensive set of resources designed to assist stakeholders in conducting their own exercises and initiating discussions within their organizations about their ability to address a variety of threat scenarios.

4: Adapt and Improve

Periodically evaluate and update response and recovery plans based on the results of exercises real-world incidents and an ongoing assessment of the threat environment. 

A photo that says CYBER ESSENTIALS
DECEMBER 17, 2020 | PUBLICATION

Cyber Essentials Toolkits

A set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential.
View Files

PCAST Releases Report on Strategy for Cyber-Physical Resilience

The President’s Council of Advisors on Science and Technology (PCAST) released a report on fortifying the nation’s cyber-physical systems. 

Read Report

Additional Resources

Take advantage of the free resources available to strengthen and improve the resilience of critical infrastructure systems and services.

View More Resources
Critical Infrastructure Security and Resilience Month Toolkit

Critical Infrastructure Security and Resilience Month Toolkit

Discover how to get involved in Critical Infrastructure Security and Resilience Month using the one-stop-shop toolkit of CISA resources.

Cyber image with secure lock and other icons.

Planning Considerations for Cyber Incidents

This guide, produced by FEMA and CISA,  is intended to help state, local, tribal, and territorial emergency management personnel collaboratively prepare for cyber events.

Shipping containers and carriers

Resource Guide for Developing a Resilient Supply Chain Risk Management Plan

A guide to help Small and Medium-Sized Businesses establish an actionable Supply Chain Risk Management (SCRM) plan that will support the mitigation of risks and disruptions to their supply chains.

Illustration of a city with public safety communications and cyber resiliency topics

Communications and Cyber Resiliency Toolkit

The toolkit assists public safety agencies and others responsible for communications networks in evaluating current resiliency capabilities, identifying ways to improve resiliency, and developing plans for mitigating the impact of potential threats.

Secure Tomorrow Series

Secure Tomorrow Series

The Secure Tomorrow Series is a strategic foresight capability focused on identifying emerging and evolving risks that could significantly affect the nation’s critical infrastructure in the next 3 to 20 years in order to analyze, prioritize, and mana

Peoples Republic of China CYber Threat

People's Republic of China Cyber Threat

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Chinese State-Sponsored cybersecurity risks.

View More Resources
ready.gov teaser

FEMA's Ready Campaign

Shields Ready partners with Ready, FEMA’s national public service campaigned designed to educate and empower people to prepare to prepare for, respond to and mitigate emergencies and disasters.

Visit FEMA's Ready Campaign

Executive Messages

CISA and Administration leadership messages and testimony about building infrastructure resilience and preparing for incidents. 

  • President Biden's Proclamation on Critical Infrastructure Security and Resilience Month, 2023
  • CISA Director Easterly and Ukraine’s Victor Zhora on “The Power of Resilience”
  • CISA Director Easterly and Southern Company Chairman and CEO Tom Fanning reflect on “The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years”

Resilience Funding

Take advantage of grant funding available to the private sector, non-profits, and individuals as well as U.S. states, tribes, territories, and local governments.

  • Grants.gov
  • Cyber Grants
  • SAFECOM Funding and Sustainment
  • State and Local Cybersecurity Grant Program

Recent News

  • CISA Updates the Infrastructure Resilience Planning Framework

  • CISA Resources to Help Schools Strengthen Security and Build Resilience

More News

Additional Videos

CISA Director Jen Easterly and FEMA Administrator Deanne Criswell discuss the importance of resilience and the partnership between CISA and FEMA on this important issue.

CISA Director Jen Easterly and FEMA Administrator Deanne Criswell talk resilience - YouTube

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • Equal Opportunity & Accessibility
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback