This week, DHS, CISA, and FEMA announced the launch of the new “Shields Ready” campaign to encourage the critical infrastructure community to focus on strengthening resilience. Resilience is the ability to prepare for, adapt to, withstand, and rapidly recover from disruptions caused by changing conditions. With November being Critical Infrastructure Security and Resilience Month, this campaign is designed to help all critical infrastructure stakeholders take action to enhance security and resilience by providing recommendations, products, and resources to increase individual and collective resilience for various operational risk.
Shields Ready complements CISA’s successful “Shields Up” campaign, which encourages critical infrastructure stakeholders to improve their cyber hygiene and be prepared to respond to and mitigate the impact of cyber attacks, including by taking specific, time-sensitive actions to reduce risk in response to specific threat intelligence. Shields Ready focuses more broadly on all hazards, including extreme weather and climate change and terrorism and targeted violence, and strategically on how to prepare critical infrastructure for a potential disruption and how to build more resilience into systems, facilities, and processes. This also aligns with and complements FEMA’s Ready campaign.
This focused approach highlights how critical infrastructure entities and other organizations can Resolve to be Resilient by integrating certain practices that will make themselves secure, resilient, and able to bounce back quickly and build back stronger from an incident, entities should:
- Identify Critical Assets and Map Dependencies: Determine the systems that are critical for ongoing business operations and map out their key dependencies on technology, vendors, and supply chains.
- Assess Risks: Consider the full range of threats that could disrupt these critical systems and the specific impacts such threats could pose to continuity of operations.
- Plan and Exercise: Develop incident response and recovery plans to reduce the impact of these threats to critical systems and conduct regular exercises under realistic conditions to ensure the ability to rapidly restore operations with minimal downtime.
- Adapt and Improve: Periodically evaluate and update response and recovery plans based on the results of exercises real-world incidents and an ongoing assessment of the threat environment.
