The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) is cataloguing significant progress it has made in developing its “National Critical Functions” (NCF) framework, and pointing to next steps in the effort.
NRMC Director Bob Kolasky provided the critical infrastructure community with an overview and update on what CISA has done so far, and where the agency would like to go moving forward to enhance the nation’s critical infrastructure risk management capabilities.
The NCFs are intended to support national-level risk prioritization and governance. In 2019, CISA began publishing the first set of NCFs. The 55 NCFs currently available “represent a foundational shift that enables identification and prioritization of systemic risk to critical infrastructure,” Kolasky wrote in a Dec. 15 memo.
The functions focus on 16 sectors that the Department of Homeland Security has traditionally used to define critical infrastructure – including the key assets, systems, and networks that support them, as well as the critical technologies and dependencies that enable them.
Over the last few years, the NRMC has attempted to understand…
