On April 30th, the White House unveiled National Security Memorandum-22 (NSM-22) on Critical Infrastructure Security and Resilience, updating how the U.S. protects and secures critical infrastructure from cyber and all-hazard threats. This memorandum recognizes the evolved risk landscape and leverages enhanced federal authorities to implement a new risk management cycle.
Introducing the 2025 National Infrastructure Risk Management Plan
The 2025 National Infrastructure Risk Management Plan (National Plan) will replace the 2013 National Infrastructure Protection Plan. This forward-looking document will guide federal efforts to secure critical infrastructure over the coming years, addressing pervasive vulnerabilities and elevated threats that could lead to cascading regional and national consequences.
Key Components of the National Plan
- Collaborative Approach:
- As the National Coordinator, the Cybersecurity and Infrastructure Security Agency (CISA) will develop this plan in collaboration with Sector Risk Management Agencies (SRMAs) and other partners, incorporating a whole-of-society approach to national risk management.
- New Risk Management Cycle:
- SRMAs will identify, assess, and prioritize risks within their sectors and develop sector-specific risk management plans.
- These plans will feed into CISA’s cross-sector risk assessment, enabling the prioritization of systemic risk reduction efforts detailed in the National Plan. This effort will involve federal, state, local, private, and international partners.
- Resilience Over Immunity:
- The plan acknowledges that complete immunity from threats is unattainable. Instead, it focuses on making critical infrastructure resilient against prioritized risks based on sector-specific and cross-sector assessments.
The Role of Partnerships
Effective risk management requires a coordinated national effort. Federal agencies, State, Local, Tribal, and Territorial (SLTT) governments, infrastructure owners, and operators must work together. Trusted partnerships are essential for addressing emergent risks from technological advancements, global volatility, and longstanding threats like terrorism and natural disasters.
Call to Action
The success of the 2025 National Plan hinges on collaboration with our partners. We encourage all stakeholders to work with their respective SRMAs in developing sector risk assessments and management plans. These assessments will be core inputs for the National Plan’s development and implementation.
For more information: National Security Memorandum on Critical Infrastructure Security and Resilience
CISA – A Plan to Protect Critical Infrastructure from 21st Century Threats
Source: CISA
