FB pixel

Critical Infrastructure Protection and Resilience North America Conference

Critical Infrastructure Protection and Resilience North America Conference
 

Critical Infrastructure Protection and Resilience North America Conference
Houston, TX
March 11-13, 2025

The Critical Infrastructure Protection and Resilience North America conference will again bring together leading stakeholders from industry, operators, agencies, and governments to collaborate on securing North America.

The conference will look at developing on the theme of previous events in helping to create better understanding of the issues and the threats, to help facilitate the work to develop frameworks, good risk management, strategic planning, and implementation.

There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.

The Biden Administration rolled out a new critical infrastructure memorandum, titled National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) which is intended to set forth the role of the federal government, including responsibilities for specific federal agencies, in protecting U.S. critical infrastructure.

NSM-22 serves to supplant PPD-21, formally known as the Presidential Policy Directive – Critical Infrastructure Security and Resilience (pdf). PPD-21, a memorandum issued during the Obama Administration, designated 16 critical infrastructure sectors that will be subject to additional oversight through the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).

Pursuant to CIRCIA, entities operating in critical infrastructure sectors will be obligated to report “covered cyber incidents” within 72 hours of the entity developing a reasonable belief that a cyber incident occurred. In addition, critical infrastructure entities must report ransom payments within 24 hours after a payment is made. CIRCIA delegated rulemaking authority to the Cybersecurity and Infrastructure Security Agency (CISA). We wrote about CISA’s proposed rule containing cyber incident reporting requirements in a recent article.

We must be prepared!

The Nation’s critical infrastructure provides the essential services that underpin American society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure – including assets, networks, and systems – that are vital to public confidence and the Nation’s safety, prosperity, and well-being.

Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery.

NSM-22 directs federal agencies to set “minimum requirements and effective accountability mechanisms for the security and resilience of critical infrastructure, including through aligned and effective regulatory frameworks.” NSM-22 goes on to direct federal agencies and departments to “utilize regulation, drawing on existing voluntary consensus standards as appropriate” to establish the minimum requirements and accountability mechanisms applicable to critical infrastructure entities. In addition, NSM-22 states that “accountability mechanisms should continuously evolve to keep pace with the Nation’s risk environment.”

NSM-22 highlights a potential “accountability mechanism” through the adoption of new requirements in the federal procurement process. For example, NSM-22 encourages federal agencies and departments to utilize “grants, loans, and procurement processes, to require or encourage owners and operators to meet or exceed minimum security and resilience requirements.” In addition, NSM-22 specifically directs the General Services Administration with ensuring that government-wide contracts for critical infrastructure assets and systems contain “appropriate audit rights for the security and resilience of critical infrastructure.”

NSM-22 also directs U.S. intelligence agencies and critical infrastructure entities to strengthen collaboration and engagement. For example, NSM-22 recommends owners and operators of critical infrastructure entities be afforded the opportunity to identify sector intelligence needs and priorities that support specific security and resilience efforts.

One of the most notable modifications contained in NSM-22 is the elevation of CISA as the national coordinator for Critical Infrastructure cybersecurity efforts across the federal government and private sector. For example, NSM-22 directs CISA to specifically identify and categorize certain critical infrastructure entities as Systemically Important Entities (SIEs).

Why the need for such a discussion?

All Federal department and agency heads are responsible for the identification, prioritization, assessment, remediation, and security of their respective internal critical infrastructure that supports primary mission essential functions. Such infrastructure needs to be addressed in the plans and executed to the requirements of the National Continuity Policy.

The ever-changing nature of threats, whether natural through climate change, or man-made through terrorism activities, either physical or cyber-attacks, means the need to continually review and update policies, practices and technologies to meet these demands.

Related Posts

Article Topics

 |   |   | 

Latest Biometrics News

 

IntelliVision censured for misleading biometric accuracy and bias claims by FTC

The U.S. Federal Trade Commission has slapped IntelliVision with a consent order to halt claims about the accuracy of its…

 

DHS seeks wired interconnection for mobile devices to secure biometric data

The Department of Homeland Security (DHS) is spearheading an initiative to develop a wired interconnection cable/adapter that supports secure and…

 

BixeLab offers guidance on engaging APAC digital ID market

A series of digital identity verification frameworks, regulations and laws are taking effect across the Asia-Pacific region, presenting a sizeable…

 

Unissey first to receive Injection Attack Detection certification

Liveness detection from Unissey has become the first to achieve compliance certification under the Injection Attack Detection (IAD) program as…

 

Dominican Republic biometric passport plans advance, supplier to front costs

The Dominican Republic is preparing to launch its biometric passports with embedded electronic chips to replace the machine-readable version, with…

 

Ghana upgrades to chip-embedded passport for enhanced security

Ghana has rolled out an upgraded version of its passport which is embedded with a microprocessor chip containing the holder’s…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events