Today, the White House issued the National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience. This much-anticipated memorandum replaces Presidential Policy Directive 21 (PPD-21), which was issued more than a decade ago to establish national policy on critical infrastructure security and resilience. The NSM will help ensure U.S. critical infrastructure can provide the nation a strong and innovative economy, protect American families, and enhance our collective resilience to disasters before they happen.
The NSM builds on the important work CISA and agencies across the federal government have been undertaking in partnership with critical infrastructure. With PPD-21 pre-dating the establishment of CISA, the NSM formally updates the framework by which this relatively new organization works to secure and protect critical infrastructure from cyber and physical threats in collaboration with government counterparts and other partners in the public and private sectors. The NSM specifically empowers the Department of Homeland Security (DHS) to lead a whole-of-government effort to secure U.S. critical infrastructure, with CISA acting as the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure. Additionally, the NSM requires the DHS Secretary to submit to the President a biennial National Risk Management Plan that summarizes U.S. government efforts to mitigate risk to the nation’s critical infrastructure; reaffirms the designation of 16 critical infrastructure sectors and establishes a federal department or agency responsible for managing risk within each of these sectors; and elevates the importance of minimum security and resilience requirements within and across critical infrastructure sectors, consistent with the National Cyber Strategy, which recognizes the limits of a voluntary approach to risk management in the current threat environment. Access the NSM at the White House and read more about the NSM at CISA.