The Cybersecurity and Infrastructure Security Agency is identifying critical infrastructure organizations that should be designated as systemically important entities, or SIE, in accordance with a national security memorandum that officially designated the agency as the national coordinator for critical infrastructure, Federal News Network reported.
CISA’s National Risk Management Center is analyzing the risks facing organizations to determine whether an entity should be included in the SIE list. According to the memo, the SIE designation is for critical infrastructure entities whose operations, when disrupted, could negatively impact national security, economic security, or public health or safety.
In an interview, David Mussington, executive assistant director for infrastructure security at CISA, said the effort aims to ensure those responsible for key critical infrastructure assets are known in terms of their criticality and supported by national policy and the sector risk management agencies, or SRMAs, including the Department of Energy.
SRMAs play a role in the SIE identification. The memo required such agencies to submit draft sector risk management plans to CISA before the end of October to inform the first cross-sector risk assessment, which CISA will use to develop the SIE list.
According to Mussington, understanding how threat actors target SIEs and exploit vulnerabilities will enable CISA to create a critical infrastructure-focused risk mitigation plan.
David Mussington is a speaker at the Potomac Officers Club’s Homeland Security Summit on Nov. 13. Join the event to learn more about the country’s most significant threats and what’s being done to thwart them. Register today!