The Cybersecurity and Infrastructure Security Agency has spent the past year fine tuning the details of a “foundational shift” in how the agency manages risks, such as cyber attacks and climate change, to key U.S. sectors.
Over the past 12 months, CISA’s National Risk Management Center made “significant progress” in developing the “National Critical Functions” framework, Bob Kolasky, assistant director for the NRMC, wrote in a Dec. 15 memo.
Since 2019, the center has been defining a set of 55 functions to guide a “national-level risk management framework,” he wrote. The functions cut across the 16 sectors that the Department of Homeland Security has traditionally used to define critical infrastructure.
“The 55 NCFs represent a foundational shift that enable the identification and prioritization of systemic risk to critical infrastructure by focusing on the functions, the key assets, systems, and networks that support them, as well as the critical technologies and dependencies that enable them,” Kolasky wrote. “The NCF Framework is based on the idea that critical infrastructure is…