As part of Critical Infrastructure Security and Resilience Month, WaterISAC is highlighting CISA’s four recommended best practices/strategies that infrastructure organizations can implement to help make them more secure and resilient. Today’s best practice is Assess Your Risks.

Having an awareness of the all-hazards threat landscape and the associated risks that could disrupt an organization’s infrastructure operations is a foundational requirement for every security program. After understanding the all-hazards threat landscape, the next step is to evaluate specific vulnerabilities and consequences the threats and hazards could pose. To help critical infrastructure organizations with this effort, EPA, CISA, and FEMA have produced a large collection of free resources.

Understand the Threat Landscape

• DHS - Homeland Threat Assessment
• FEMA - Know Your Hazards
• FEMA - Protective Actions Research
• NOAA - National Weather Service

Assess Your Risks

• EPA - Vulnerability Self-Assessment Tool: Assess risk to human-made threats and natural hazards (recommended for large systems).
• EPA - Small System Risk and Resilience Assessment Checklist: Assess risk to human-made threats and natural hazards (recommended for small systems).  
• EPA - Climate Resilience Evaluation and Awareness Tool: Assess risk to climate change impacts and build resilience through adaptation. 
• EPA - Resilient Strategies Guide: Identify assets that are vulnerable to climate impacts and learn about strategies and funding options for adaptation. 
• CISA - Infrastructure Survey Tool (IST): A voluntary, web-based assessment to identify and document the overall security and resilience of a facility.
• CISA - Protective Security Advisors: PSAs are trained subject matter experts in critical infrastructure protection and vulnerability mitigation. They also advise and assist infrastructure owners and operators, and provide coordination and support in times of threat, disruption, or attack.
• CISA - Personal Security Considerations Action Guide: Critical Infrastructure Workers: This action guide provides actionable recommendations and resources intended to prevent and mitigate threats to a critical infrastructure worker’s personal safety.
• FEMA - Climate Risk and Resilience Portal – offers free data to stakeholders seeking to understand the risks facing their communities from natural hazards like flooding, wildfires, droughts, extreme heat, and more through the end of the century.
• FEMA - Resilience Analysis and Planning Tool – allows users to combine layers of community resilience indicators, infrastructure locations, and hazard data to prioritize preparedness and resilience strategies.

For more information on CISA’s Critical Infrastructure Security and Resilience Month, visit CISA’s dedicated website.