The Cybersecurity and Infrastructure Security Agency (CISA) has published an updated version of its Infrastructure Resilience Planning Framework (IRPF).
The guidelines, first created last year, are designed to better help state, local, tribal and territorial (SLTT) planners protect their infrastructure by incorporating critical resilience considerations into planning activities.
According to CISA, the framework can be utilized to support capital improvement plans, hazard mitigation plans, other planning documents and funding requests.
The updated IRPF version, in particular, expands the framework's scope by adding new resources and tools to support SLTT partners better as they face an evolving threat environment.
These include CISA's new Datasets for Critical Infrastructure Identification guide, which provides users with guidance on publicly accessible geospatial information systems (GIS) on critical infrastructure assets via the Homeland Infrastructure Foundation-Level Data (HIFLD) site and other GIS sites.
The framework's latest iteration also introduces guidance on the challenges of getting diverse sets of opinions when planning, particularly about the process of gathering stakeholders.
Further, the IRPF now offers new drought resilience information via CISA's National Drought Resilience Partnership and revised analytic methods that planners can use to enhance their grasp of infrastructure systems in their community.
"Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions," explained Dr. David Mussington, CISA's executive assistant director for infrastructure security.
The executive added that the IRPF's new updates will help planners better understand how to deal with future threats and hazards so they can be prepared to meet and recover from an incident.
"Our collaborative approach with industry and interagency partners enabled CISA to improve the IRPF, which will help the SLTT planning community reduce risks and strengthen resilience," Mussington concluded.
The new guidelines come weeks after a Microsoft report suggested a "disturbing" increase in cyber-attacks perpetrated by nation-states targeting critical infrastructure.