CISA Enhances Physical Security Measures for Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) is actively developing “physical security performance goals” to enhance the protection of the nation’s critical infrastructure sectors. This initiative, spearheaded by David Mussington, CISA’s executive assistant director for infrastructure security, aims to complement existing cybersecurity guidelines by addressing the growing concerns over physical threats. These threats include insider risks and external attacks, which have been on the rise, as highlighted by a 2023 assessment from the North American Electric Reliability Corporation (NERC). The assessment pointed out an increase in security incidents affecting the electric infrastructure, underscoring the urgency of establishing robust cyber and physical security standards.
In collaboration with other agencies and the private sector, CISA intends to create tailored security strategies that cater to the specific needs and risks of each critical infrastructure sector. This approach mirrors the agency’s broader role as the national coordinator for critical infrastructure security and resilience, emphasizing not just defense against threats but also the ability to recover from disruptions. Additionally, CISA has already released physical security performance goals for faith-based institutions in December, following heightened threats amid the Israel-Hamas conflict.
As part of its ongoing efforts to raise awareness about physical security risks, CISA is preparing for “National Safety Month” in June, highlighting its resources like the bomb threat guide and insider threat mitigation guidance. The focus on resilience, as noted by Mussington, underscores the importance of not only preventing incidents but also ensuring that critical services can quickly resume normal operations following any disruption. This comprehensive approach to both cyber and physical security aims to safeguard the nation’s critical infrastructure against a wide range of evolving threats.
