The Cybersecurity and Infrastructure Security Agency (CISA) is putting more focus on identifying critical infrastructure entities that if they fail could pose the most risk to the U.S., and it plans to establish a program office by the end of September 2023 to conduct this work, the agency’s top official said on Tuesday.
CISA plans to work with the Sector Risk Management Agencies, which serve as the routine interface between federal agencies and 16 critical infrastructures such as the chemical, communications and defense industrial sectors, to “identify initial systemically important entities and develop a program for enhanced engagement with those previously identified entities,” Jen Easterly said during a quarterly meeting of the CISA Cybersecurity Advisory Committee that was held virtually.
How the program office for systemically important critical infrastructures goes about its work will be based on feedback CISA gets from various national councils, working groups and relationships that the agency is part of, Easterly said. The office will support “national resiliency goals,” she said.
“We are stressing and continue to stress the importance of identifying systemically important entities is that essential first step to managing and really reducing risk,” Easterly said. “We’re not just managing risk. We made that purposeful change in our mission statement to lead the national effort to understand manage and adjust risk to the cyber and physical infrastructure that Americans rely on every hour of every day.”