CISA Launches FY2025-2026 International Strategic Plan

Agency News, Cyber Security CII sector, Power/Energy/Oil & Gas sector, Telecomms sector
The Cybersecurity & Infrastructure Security Agency (CISA) published their 2025-2026 International Strategic Plan with a commitment to reducing risk to the globally interconnected and interdependent cyber and physical infrastructure.
In today’s interdependent and interconnected world, the protection and security of our cyber and physical infrastructure requires the concerted efforts of public and private partners around the globe. The Cybersecurity and Infrastructure Security Agency (CISA) is a globally recognized leader in shaping and implementing proactive approaches to reduce risk and increase the resilience of critical infrastructure on which the United States (U.S.) and its partners depend.
To effectively marshal its resources and guide operations, CISA issued the 2023-2025 CISA Strategic Plan, the agency’s first comprehensive strategic plan since CISA’s establishment in 2018. In recognition of the reality that today’s threats do not respect borders, CISA developed this CISA International Strategic Plan as a complementary guide for CISA’s international activities and outcomes.
This CISA International Strategic Plan acknowledges that the risks we face are complex and geographically dispersed, and that we cannot achieve our objectives in a vacuum. It is imperative that we expand visibility into internationally shared systemic risks. The maturity and security practices of global owners and operators of both cyber and physical infrastructure, technology, supply chains, and systems vary widely. Sharing timely, relevant, and accurate threat information and risk reduction advice with international partners provides the foundation for a more secure cyber-physical environment for all of us.
The CISA International Strategic Plan goals are to:
1. Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends.
2. Strengthen Integrated Cyber Defense.
3. Unify Agency Coordination of International Activities.
Through the goals and objectives outlined in this CISA International Strategic Plan – in coordination with the Department of Homeland Security (DHS), the Department of State, and partners across the interagency, and in accordance with U.S. national security, economic, and foreign policy priorities – CISA will assess and prioritize critical infrastructure dependencies and partner with foreign entities to advance CISA’s homeland security mission.
Strategic Intent
The CISA International Strategic Plan will focus and guide the agency’s international efforts over the 2025–2026 period. It highlights the agency’s commitment to reducing risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day. Our aim is to shape the international environment to reduce risk to critical dependencies and set conditions for success in cooperation, competition, and conflict. The CISA International Strategic Plan lays out three goals CISA must achieve to address the ever-changing and dynamic challenges facing America and our international partners. The first two goals focus on “what” the agency will work on in the international environment to achieve our “why” – 1) to reduce risk to and build resilience of foreign assets, systems, and networks that impact U.S. critical infrastructure, 2) understand shared global threats to critical infrastructure, and 3) support collective defense. The third goal focuses internally to promote unified action, working as One CISA to conduct international activities.
Strategic Approach
The approach laid out in this CISA International Strategic Plan aligns with guidance set forth in the National Security Strategy, National Cybersecurity Strategy, U.S. International Cyberspace and Digital Policy Strategy, CISA Strategic Plan 2023–2025, CISA Stakeholder Engagement Strategic Plan FY2023-2025, and CISA Cybersecurity Strategic Plan 2024–2026, as well as the identified priorities of the Secretary of Homeland Security. The CISA International Strategic Plan and the U.S. International Cyberspace and Digital Policy Strategy firmly align to bolster and broaden international alliances to mature cyber defense efforts, both domestically and internationally. This involves fostering collaborative relationships with global partners; sharing expertise, technical resources, and best practices; and collectively fortifying cyber resilience to address emerging threats in an interconnected world. Our strategic approach will not only advance the resilience of critical infrastructure dependencies at home and abroad, but it will also ensure a long-term commitment in strengthening international partnerships that are essential for CISA’s mission success. As part of coordinated U.S. government efforts, CISA will proactively engage and support international partners to assess, influence, and assist with reducing risk and strengthen the security and resilience of foreign assets, systems, and networks on which our nation’s critical infrastructure depends. As threats evolve across the spectrum of competition with state and non-state actors, no single organization or entity has all the answers for how to address cyber and physical threats to critical infrastructure. Therefore, CISA will prioritize operational collaboration and international activities to achieve mutual interests and goals with our partners. This plan centralizes CISA’s focus and coordination on goals and objectives that increase homeland and national security. More importantly, it positions CISA to support the internal coordination of international activities through the execution of annual planning cycles. This CISA International Strategic Plan seeks to streamline or eliminate overlapping and redundant systems to synchronize complex international issues that cut across our agency.
Overall, our aim is to build, strengthen, and sustain international relationships to:
1. Advance homeland and national security objectives.
2. Prevent incidents and increase resilience of physical and cyber critical infrastructure at home and abroad.
3. Increase awareness to detect, deter, and disrupt emerging threats and hazards.
4. Manage and reduce systemic risks.
5. Increase understanding of international critical infrastructure interdependencies and anticipate cascading impacts.
6. Influence international policy, standards, and best practices.
7. Assist key partners to address their capability shortfalls.
8. Expand bilateral/multilateral exchanges of expertise, in tandem with increased federal inter- and intra-agency coordination, to improve risk management and incident response capacity.
9. Mature and strengthen CISA’s international partnerships, arrangements, and policies.
Goal 1: Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends
Interconnected Critical Infrastructure Graphic
Recognizing that much of U.S. critical infrastructure interconnects and/or is interdependent with foreign assets, systems, or networks, CISA will work closely with domestic and international partners to bolster the security and resilience of the international critical infrastructure on which the U.S. depends. These interconnections and interdependencies span the full range of critical infrastructure sectors: pipelines, telecommunications, and essential supply chains, among others. Malicious cyber actors continue to exploit vulnerabilities across these sectors to target critical infrastructure through ransomware and other cyberattacks. The threat from global terrorism remains a persistent concern and a significant threat to U.S. and international facilities. Thus, it is essential for CISA to work with partners to assess and reduce risk from foreign critical dependencies impacting U.S. critical infrastructure resilience. In doing so, CISA must strengthen exchanges with international partners that promote our priorities abroad as well as influence standards, regulations, and policies to advance homeland and national security objectives. A collaborative approach to understanding interconnected critical infrastructure systems will set conditions for the U.S. and our international partners to proactively develop strategies, policies, and programs that integrate risk reduction efforts and reflect mutual and multi-stakeholder security interests at home and abroad.
1.1. Identify and prioritize foreign critical infrastructure on which the nation depends and bolster its security and resilience.
The U.S. depends on foreign-owned systems that support our critical infrastructure sectors such as communications, transportation, information technology, energy, financial services, and critical manufacturing. CISA will work with interagency and international partners to identify and understand which international systems and assets are truly critical to the nation’s critical infrastructure and assess how they are vulnerable to create strategies to manage shared risks. CISA will also work with interagency and international partners to promote a shared understanding of global threats to critical infrastructure security and resilience, such as cyberattacks, chemical and improvised explosive devices, threats to supply chain interdependencies, foreign malign investments, and climate change. Managing risk and bolstering resilience will require long-term, strategic collaboration between public and private sectors at home and abroad.
Enabling Measure: In coordination with the Department of State and relevant U.S. government partners, we will broaden our understanding of systemic risk by expanding our visibility into infrastructure and supply chain vulnerabilities for priority foreign critical infrastructure upon which the U.S. depends.
Measure of Effectiveness:
1. Increase the number of U.S. government activities coordinated by CISA to advance the security and resilience of prioritized foreign critical infrastructure and supply chains.
2. Increase the number of global partner actions taken to address risks to prioritized foreign critical infrastructure.
3. Increase the number of domestic partner actions taken to mitigate potential disruptions of U.S. critical infrastructure operations resulting from dependencies with foreign assets, systems, and supply chains.
1.2. Strengthen international partnerships that promote U.S. critical infrastructure priorities and interests abroad.
CISA seeks to expand visibility into internationally shared threats and systemic risks. To improve situational awareness for both CISA and our international stakeholders, we must mature multidirectional communications with external partners, including timely incident reporting and the systematic sharing of threat and vulnerability information. Strengthening includes accelerating the speed, improving the accuracy, and enabling the effectiveness of critical information sharing, while using CISA as a hub for multi-stakeholder initiatives. We will use CISA’s cross-functional expertise to foster communication and information sharing with global partners at scale, which will advance the resiliency of our critical infrastructure against shared challenges and preserve our ability to communicate in the event of an emergency. This will create a foundation for advancing international efforts that mature our collective ability to plan for, detect, deter, and disrupt emerging threats and hazards to cyber and physical infrastructure and interoperable emergency communications. Deepening the understanding of shared and systemic risk with our partners will strengthen the protection and resilience of critical infrastructure on which the nation relies.
Enabling Measure: We will expand our ability to execute joint operational activities, capacity development efforts, and shared policy frameworks that advance U.S. priorities for defending cyberspace and protecting U.S. critical infrastructure.
Measure of Effectiveness:
1. Increase the number of joint operational activities conducted with global partners to build public and private capacity to deter, prevent, protect, and respond to incidents to critical infrastructure.
2. Increase information sharing exchanges with global partners to promote U.S. security and resilience priorities and to enhance CISA’s programs, services, and products.
1.3. Shape operational and technical global standards, regulations, policies, guidelines, and best practices to advance security.
CISA will work with interagency partners to support standards activities—in coordination with the DHS Science and Technology Directorate—through standard development organizations that can advance U.S. interests. Within CISA’s authorities, our aim is to promote and support a wide array of portfolios, including but not limited to cyber and physical critical infrastructure, emerging technology, chemical security, emergency communications, school safety, bombing prevention, and more to ensure that systems, infrastructure, government, business, and the public can withstand and recover from deliberate attacks, accidents, and natural hazards. Where appropriate, we will advance and contribute to the development and adoption of operational and technical international standards and regulations to strengthen cybersecurity, fortify critical infrastructure security and resilience, and improve emergency communication. CISA holds a shared approach to international standards, regulations, guidelines, and best practices for critical infrastructure security and critical emerging technologies, to include artificial intelligence (AI). This will help accelerate standards that contribute to interoperability and promote U.S. competitiveness and innovation with our partners.
Enabling Measure:
1. We will advance open, transparent, and rules-based standards processes to ensure that globally relevant standards meet U.S. national security requirements for critical infrastructure.
2. We will work with partners to counter the influence of adversaries attempting to unduly shape standards in a manner which would represent a threat to national security.
Measure of Effectiveness:
1. In coordination with government, industry, and academic partners, increase the development and publication of technical standards for adoption by international standards and policy setting bodies that advance the protection, interoperability, and resilience of U.S. critical infrastructure.
Goal 2: Strengthen Integrated Cyber Defense
Integrated Cyber Defense graphic
Cybersecurity threats extend beyond national borders. Strong international cyber defense partnerships set conditions that reduce risk and minimize the impact of attempts to infiltrate, exploit, disrupt, or destroy critical infrastructure systems that support our national critical functions (NCFs). Engaging international partners allows CISA to build trust, illuminate threats, and facilitate the free flow of cybersecurity defense information. We will work with partners, international organizations, and nongovernmental organizations to influence global cybersecurity practices and standards that promulgate cyber safety and security at scale. Bolstering the capabilities of key partners improves our collective cyber defense abroad against state and non-state actors.
2.1. Enable cyber defense with partners to reduce collective risk.
International partners contribute essential information to support CISA’s cybersecurity mission. A network of trusted partners provides increased visibility into—and ability to mitigate—cybersecurity threats, vulnerabilities, and campaigns. Our aim is to increase and mature our network of trusted partners through our bilateral and multilateral Computer Security Incident Response Team (CSIRT)-CSIRT engagements. Through these engagements, we seek to strengthen CSIRT-CSIRT relationships that enable the exchange of actionable operational information, which includes product sharing, vulnerability alerts, victim notifications, tactics, techniques, and procedures as well as evaluating unique international inputs to reduce risk. This effort will facilitate a collective response and provide a vehicle for partners to share information that builds trust and global cyber situational awareness—especially for those foreign systems, networks, and assets truly vital to the nation’s critical infrastructure. We will strive to set an example as the premier CSIRT organization and work with international partners to understand how incidents occur, how to prevent them, and to provide technical resources that alleviate critical operational gaps. Beyond immediate threat information, these operational partnerships help inform international exercises that will enable us to better understand risks and provide additional ways and means to better manage threats and risk abroad.
Enabling Measure: We will increase trust and strengthen operational collaboration through bilateral and multilateral engagements with international partners by expanding participation in CSIRT-CSIRT engagements.
Measure of Effectiveness:
1. Increase the number of trusted international CSIRT partners.
2. Increase the percent of bilateral and multilateral CSIRT engagements that reduce combined risk.
3. Increase the number of CSIRT partners that apply recommended risk mitigations prior to exploitation.
2.2. Drive standards and security at scale to increase cyber safety.
For decades, the U.S. has worked through international institutions to define and advance responsible state behavior in cyberspace, steering partners toward developing secure technology from inception. As part of the broader national effort, CISA will encourage international partners to define, adopt, and implement global cybersecurity standards, norms, and best practices that promote U.S. cybersecurity interests. The agency will also provide guidance, advice, and expertise to help define and implement safe global standards, norms, and best practices that support U.S. domestic cybersecurity interests. Our aim is to set the bar high for global standards and prioritize them to reflect CISA interests and implement them as a critical element to protect citizens. As some of the most visible examples, CISA’s international focus is to encourage the widespread adoption of Secure by Design practices, including adoption of software bills of materials, secure AI systems, open-source security, and coordinated vulnerability disclosures.
Enabling Measure: In collaboration with international public and private sector partners, we will advance a global commitment to safe and secure software development and deployment.
Measure of Effectiveness:
1. Increase in international standards that recommend frameworks for secure software development at the onset of the software development lifecycle.
2. Increase the number of partner states, international organizations, and industries that adopt and implement the principles of Secure by Design.
2.3. Increase cyber and physical resilience capabilities of key partners.
The breadth and depth of the international cybersecurity challenge exceeds the capacity of any one organization. It is paramount that key partners possess the fundamental capabilities to safeguard and defend their connected critical infrastructure that impact our NCFs. Our aim is to establish an environment where our partners can organically detect threats, assess potential impacts, and receive and exchange real-time risk reduction actions that increase collective security and resilience and support the rapid establishment of consistent, secure, and effective interoperable emergency communications. CISA possesses capabilities that can uniquely contribute to homeland and national security objectives—especially as part of larger U.S. government efforts to improve the cybersecurity capabilities of priority international partners. As the U.S. strengthens relationships with key partners, CISA can provide training, exercises, and information sharing capabilities. These activities can assist international partners in developing and growing organic risk reduction capabilities, while setting supporting priorities for the investment and divestment of limited resources to fill collective capability shortfalls.
Enabling Measure: In collaboration with the Department of State, we will advance shared cybersecurity priorities and strengthen international partner capacity to support these priorities through the focused delivery of CISA services that proactively and collaboratively bolster our international cybersecurity and resilience.
Measure of Effectiveness:
1. Increase the number of CISA services delivered to international partners that address identified security and resilience gaps.
2. Increase in the percent of program participants equipped with required competencies in cyber or physical security and resilience.
3. Expand the network of foreign train-the-trainer partners capable and approved to provide CISA-based training within their regions.
4. Increase the percent of partners reporting strengthened capabilities to manage their own risk.
Goal 3: Unify Agency Coordination of International Activities
Connecting lines
An effective international plan depends on unity of effort across the agency’s divisions and mission enabling offices (offices). Accomplishing unity of effort will require that CISA internally prioritizes, coordinates, deconflicts, and aligns international activities through improved organization and governance, integrated functions, and a well-trained workforce.
3.1. Strengthen and institutionalize CISA’s governance of international activities.
The CISA Stakeholder Engagement Division (SED) will establish a governance structure to advise on international matters and provide a clear articulation of the agency’s international priorities. Taking into account inputs from divisions and offices, these priorities will provide clear guidance that is consistent with CISA’s authorities and domestic requirements as well as broader DHS and national security policies.
Enabling Measure: We will establish internal agency processes and procedures for governing the agency’s international activities using the One CISA approach.
Measure of Effectiveness:
1. Increase the number of governance documents and processes that improve standardization and transparency of agency international activities.
3.2. Align and synchronize CISA’s international functions, capabilities, and resources.
CISA will support systematic information sharing across the agency through policy coordination and the collection and dissemination of international lessons learned to effectively realize the full range of specialized expertise and capabilities across the agency. SED will coordinate CISA’s international communications and activities across CISA to provide the agency with situational awareness of current and projected international activities. This coordination will address gaps and eliminate duplication of effort while ensuring timely execution of operational priorities and alignment of CISA’s international activities with this strategic plan and national security priorities.
Enabling Measure: We will optimize internal business operations to ensure the coordinated delivery of products and services to international partners that effectively advance cyberspace defense and U.S. critical infrastructure security and resilience.
Measure of Effectiveness:
1. Increase the percent of cross-cutting activities coordinated through CISA International Affairs.
2. Increase in internal products and services that improve widespread awareness of key international cybersecurity and critical infrastructure security and resilience issues.
3.3. Equip CISA’s workforce through training and education to promote CISA’s capabilities on the global stage.
With an inherent domestic focus, we recognize that there are skills CISA needs to provide the workforce to influence the international system. CISA will develop and provide training opportunities for employees who will deploy overseas as well as those engaged in deliberate international activities. SED will aim to facilitate DHS and State Department pre-deployment training for Attachés, Liaison Officers, and Technical Advisors deploying overseas, including a CISA familiarization program to ensure a baseline understanding of CISA’s organization, role, responsibilities, authorities, and strategic objectives. SED will provide international affairs etiquette guidance to all travelers as part of the travel preparation process. For CISA leadership and travelers conducting potentially sensitive engagements, SED will provide a tailored pre-departure briefing encompassing cultural norms and U.S. foreign policy goals with recommended talking points.
Enabling Measure: CISA, through its workforce, is prepared to actively and effectively engage in international efforts to advance cyberspace defense, safe and secure technology development and deployment, and critical infrastructure security and resilience.
Measure of Effectiveness:
1. Increase the percent of CISA personnel trained and provided with resources to deliver international services.
2. Increase in the percent of CISA personnel who report that specialized training improved their capability to represent the agency effectively while performing international activities.
Conclusion
Robust and trusted international partnerships serve as a force multiplier across the spectrum of global competition. Successful partnerships require commitment, dedication, and time to build trust. In coordination with DHS and the State Department, CISA will develop, strengthen, and sustain these relationships. This CISA International Strategic Plan provides a framework to build and maintain an agency posture with international partners to enable the U.S. to compete with and prevail against current and future threats. Importantly, this plan addresses multiple challenges under different conditions and creates the framework to prioritize agency efforts.
These goals position CISA strategically with a posture that reinforces critical partnerships abroad to overcome complex and interconnected challenges. The strategic approach aligns CISA with the broader U.S. government as well as our international partners to enable access, develop capacity, and ensure the flexibility to support national efforts to compete globally against state and non-state actors.
This CISA International Strategic Plan creates opportunities for shared success and is a process, not simply a publication; therefore, CISA will review progress quarterly. Unpredictability in the international security environment, or obstacles to our progress, may drive us to change course. We will remain agile and shift our focus to ensure we are integrating the right people, processes, technology, and partners at the right time, place, and space for mission success. Just as our threats and adversaries adapt to and shape the cyber and physical security environment, CISA will continue to evolve to fulfill the vision of a secure and resilient infrastructure for the American people—this CISA International Strategic Plan establishes a proactive path to achieve that vision.
Leave a comment

Future of Cybersecurity: Leadership Needed to Fully Define Quantum Threat Mitigation Strategy

Agency News, Cyber Security CII sector, Industry News
Cryptography is a set of mathematical processes that can "lock," "unlock," or authenticate information. Agencies, banks, utilities, and others rely on cryptography—e.g., data encryption algorithms—to secure systems and data.
Experts predict that a quantum computer capable of breaking such cryptography may exist within 10-20 years.
Various federal entities have developed documents that inform a national strategy for addressing this threat. But the strategy lacks details and nobody's in charge of implementing it. We recommended the National Cyber Director coordinate the national strategy and use our guidelines for effective national strategies.
GAO was asked to examine the federal government’s strategy to address the threat that quantum computers pose to our nation’s cryptography. This report provides information on, among other things, how cryptographic methods protect systems and data, the threat quantum computers pose, and the extent to which the U.S. national quantum computing cybersecurity strategy addresses the desirable characteristics of a national strategy.
Federal agencies and the nation's critical infrastructure—such as energy, transportation systems, communications, and financial services—rely on cryptography (e.g., encryption) to protect sensitive data and systems. However, some experts predict that a quantum computer capable of breaking certain cryptography—referred to as a cryptographically relevant quantum computer (CRQC)—may be developed in the next 10 to 20 years, putting agency and critical infrastructure systems at risk. Quantum computers leverage the properties of a qubit (the quantum equivalent of classical computer bits) to solve selected problems significantly faster than classical computers.
To address this threat, various documents developed over the past eight years have contributed to an emerging U.S. national strategy. Based on its review of these documents, GAO identified three central goals.
The strategy partially addresses the desirable characteristics of a national strategy identified in prior GAO work. For example:
- Problem definition and risk assessment. Several documents defined the problem as the threat of a CRQC to cryptography, but did not fully define a CRQC. In addition, although the executive branch conducted a comprehensive risk assessment on systems with vulnerable cryptography supporting critical infrastructure, it has not conducted such an assessment for systems used by federal agencies.
- Purpose, scope, and methodology. Several documents identified purpose and scope. With regard to methodology, three post-quantum cryptography standards documents provided information on how they were developed. However, the remaining documents did not describe the methodology or process used to develop them for the other two goals.
- Objectives, activities, milestones, and performance measures. The strategy documents identified objectives and activities for the first two goals but did not do so for the third. In addition, the strategy documents did not fully identify milestones for the second and third goals and did not identify performance measures for any of the three goals.
These desirable characteristics have not been fully addressed, in part, because no single federal organization is responsible for coordinating the strategy. In January 2021, Congress established an organization that is well-positioned to lead these efforts: the Office of the National Cyber Director. If the office embraces this role and ensures that the strategy fully addresses the desirable characteristics, the nation will have a better-defined roadmap for allocating resources and holding participants accountable.
Leave a comment

Weather Ready Pacific charts the way on Early Warnings for All

Agency News, Industry News, Water sector

Weather Ready Pacific - a major ten-year programme – aims at reducing the human and economic cost of severe weather events, protecting Pacific Island communities and livelihoods on the frontline of climate change.

WMO Deputy Secretary-General Ko Barrett stressed WMO’s commitment to the initiative in a high-level event at COO29 on “Early Warnings For All in the Pacific: Starting our journey to navigate through the challenges of a climate change world.”

Ministers and their representatives from Tonga, Fiji and Samoa highlighted the importance of the programme in building resilience to hazards such as tropical cyclones and coastal inundation in an era of rising sea levels and more extreme events.

Tiofilusi Tiuete, Minister for Finance and National Planning of Tonga, said there were already tangible improvements in forecasts thanks to a new weather radar which will increase the accuracy of advance warnings of high-impact events.

The Weather Ready Pacific Program was developed with the support of the Secretariat of the Pacific Regional Environment Programme (SPREP), WMO and the Government of Australia through the Australian Bureau of Meteorology (BOM). It is administered by SPREP and has a target to raise US $ 191 million over 10 years to strengthen the capacity of National Meteorological and Hydrological Services in the Pacific.

“We are committed to supporting sustainable capacity enhancement efforts wherever they occur and we stand ready to support with technical tools and guidance. National Meteorological and Hydrological Services are at the centre of all these efforts,” Ko Barrett told the high-level event.

“We are happy to leverage funding through the Systematic Observations Financing Facility (SOFF) and the Climate Risk and Early Warning Systems Initiative (CREWS) and other investment instruments to support the aims of the Weather Ready Pacific Programme and more generally of the Early Warnings for All initiative.”

Climate change ambassadors from Australia and New Zealand, two of the main financial backers, stressed how the programme is intended to foster long-term investment in sustainability. The aim is to bring different funding initiatives from a variety of partners under one roof and within a 10-year time frame, thus easing the administrative burden on Small Island Developing States.

“We have had so many projects that stop and start, stop and start. We spent more time writing reports than we do forecasting the weather,” said ‘Ofa Fa’ Anunu, the coordinator of the Weather Ready Pacific Programme. He was formerly the head of Tonga’s NMHS and president of WMO’s Regional Association for Asia-Pacific.

Systematic Observation Financing Facility (SOFF)
The Pacific represents 15 % of the world surface, but it has only six upper air stations which are compliant with the Global Basic Observing Network. This is a major gap that needs to be filled, given that a chain is only as strong as its weakest link.

SOFF seeks to fill this gap through long-term, grant based investments in infrastructure and enhancing the capacity of National Meteorological and Hydrological Services (NMHS).

Within the Pacific, Kiribati and the Solomon Islands have been approved for an amount of USD 20 million. Nauru and Samoa have been provisionally approved for an amount of USD 12 million.

Climate Risk and Early Warning Systems Initiative
Climate Risk and Early Warning Systems initiative seeks to bridge the early warnings capacity gap. Ko Barrett said CREWS is a textbook example of people-centred, community-based projects that are making a tangible difference to people’s lives.

WRP and CREWS share common programming frame and principles of country/regional driven programmes, people-centered approaches, and gender-responsiveness, said Gerard Howe, Head of Energy, Climate and Environment Directorate, UK Foreign, Commonwealth and Development Office (FCDO) and Chair of CREWS.

“CREWS is committed to support Weather Ready Pacific as a vehicle for more effective programming and financing,” he said.

Pacific Island countries benefited from one of the very first CREWS financing decisions in 2017. The CREWS Steering Committee recently initiated the consultations for a third phase of this regional project bringing the total contribution to the region to USD 25 million.

In Papua New Guinea, with the support of the Australian meteorological services, a new drought early warning system was established. In PNG, nearly eight in ten people rely on subsistence farming. Food insecurity is mostly due to crop failures from drought and frost.

Support to develop similar drought advisories has been received from 5 additional Island States and an additional US$ 5 million committed to support these.

Two countries (Tonga and Vanuatu) have accessed financing through the CREWS Accelerated Support Window a fast-track provider of technical assistance. This has led to the development of a smart weather app.

Leave a comment

Groundbreaking Framework for the Safe and Secure Deployment of AI in Critical Infrastructure Unveiled by Department of Homeland Security

Agency News, Industry News
The Department of Homeland Security (DHS) released a set of recommendations for the safe and secure development and deployment of Artificial Intelligence (AI) in critical infrastructure, the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” (“Framework”). This first-of-its kind resource was developed by and for entities at each layer of the AI supply chain: cloud and compute providers, AI developers, and critical infrastructure owners and operators – as well as the civil society and public sector entities that protect and advocate for consumers. The Artificial Intelligence Safety and Security Board (“Board”), a public-private advisory committee established by DHS Secretary Alejandro N. Mayorkas, identified the need for clear guidance on how each layer of the AI supply chain can do their part to ensure that AI is deployed safely and securely in U.S. critical infrastructure. This product is the culmination of considerable dialogue and debate among the Board, composed of AI leaders representing industry, academia, civil society, and the public sector. The report complements other work carried out by the Administration on AI safety, such as the guidance from the AI Safety Institute, on managing a wide range of misuse and accident risks.
America’s critical infrastructure – the systems that power our homes and businesses, deliver clean water, allow us to travel safely, facilitate the digital networks that connect us, and much more – is vital to domestic and global safety and stability. These sectors are increasingly deploying AI to improve the services they provide, build resilience, and counter threats. AI is, for example, helping to quickly detect earthquakes and predict aftershocks, prevent blackouts and other electric-service interruptions, and sort and distribute mail to American households. These uses do not come without risk, and vulnerabilities introduced by the implementation of this technology may expose critical systems to failures or manipulation by nefarious actors. Given the increasingly interconnected nature of these systems, their disruption can have devastating consequences for homeland security.
“AI offers a once-in-a-generation opportunity to improve the strength and resilience of U.S. critical infrastructure, and we must seize it while minimizing its potential harms. The Framework, if widely adopted, will go a long way to better ensure the safety and security of critical services that deliver clean water, consistent power, internet access, and more,” said Secretary Alejandro N. Mayorkas. “The choices organizations and individuals involved in creating AI make today will determine the impact this technology will have in our critical infrastructure tomorrow. I am grateful for the diverse expertise of the Artificial Intelligence Safety and Security Board and its members, each of whom informed these guidelines with their own real-world experiences developing, deploying, and promoting the responsible use of this extraordinary technology. I urge every executive, developer, and elected official to adopt and use this Framework to help build a safer future for all.”
If adopted and implemented by the stakeholders involved in the development, use, and deployment of AI in U.S. critical infrastructure, this voluntary Framework will enhance the harmonization of and help operationalize safety and security practices, improve the delivery of critical services, enhance trust and transparency among entities, protect civil rights and civil liberties, and advance AI safety and security research that will further enable critical infrastructure to deploy emerging technology responsibly. Despite the growing importance of this technology to critical infrastructure, no comprehensive regulation currently exists.
DHS identified three primary categories of AI safety and security vulnerabilities in critical infrastructure: attacks using AI, attacks targeting AI systems, and design and implementation failures. To address these vulnerabilities, the Framework recommends actions directed to each of the key stakeholders supporting the development and deployment of AI in U.S. critical infrastructure as follows:
- Cloud and compute infrastructure providers play an important role in securing the environments used to develop and deploy AI in critical infrastructure, from vetting hardware and software suppliers to instituting strong access management and protecting the physical security of data centers powering AI systems. The Framework encourages them to support customers and processes further downstream of AI development by monitoring for anomalous activity and establishing clear pathways to report suspicious and harmful activities.
- AI developers develop, train, and/or enable critical infrastructure to access AI models, often through software tools or specific applications. The Framework recommends that AI developers adopt a Secure by Design approach, evaluate dangerous capabilities of AI models, and ensure model alignment with human-centric values. The Framework further encourages AI developers to implement strong privacy practices; conduct evaluations that test for possible biases, failure modes, and vulnerabilities; and support independent assessments for models that present heightened risks to critical infrastructure systems and their consumers.
- Critical infrastructure owners and operators manage the secure operations and maintenance of key systems, which increasingly rely on AI to reduce costs, improve reliability and boost efficiency. They are looking to procure, configure, and deploy AI in a manner that protects the safety and security of their systems. The Framework recommends a number of practices focused on the deployment-level of AI systems, to include maintaining strong cybersecurity practices that account for AI-related risks, protecting customer data when fine-tuning AI products, and providing meaningful transparency regarding their use of AI to provide goods, services, or benefits to the public. The Framework encourages critical infrastructure entities to play an active role in monitoring the performance of these AI systems and share results with AI developers and researchers to help them better understand the relationship between model behavior and real-world outcomes.
- Civil society, including universities, research institutions, and consumer advocates engaged on issues of AI safety and security, are critical to measuring and improving the impact of AI on individuals and communities. The Framework encourages civil society’s continued engagement on standards development alongside government and industry, as well as research on AI evaluations that considers critical infrastructure use cases. The Framework envisions an active role for civil society in informing the values and safeguards that will shape AI system development and deployment in essential services.
- Public sector entities, including federal, state, local, tribal, and territorial governments, are essential to the responsible adoption of AI in critical infrastructure, from supporting the use of this technology to improve public services to advancing standards of practice for AI safety and security through statutory and regulatory action. The United States is a world leader in AI; accordingly, the Framework encourages continued cooperation between the federal government and international partners to protect all global citizens, as well as collaboration across all levels of government to fund and support efforts to advance foundational research on AI safety and security.
President Biden directed Secretary Mayorkas to establish the Board to advise the Secretary, the critical infrastructure community, other private sector stakeholders, and the broader public on the safe and secure development and deployment of AI technology in our nation’s critical infrastructure. Secretary Mayorkas convened the Board for the first time in May 2024, and Board Members identified a number of issues impacting the safe use and deployment of this technology, including: the lack of common approaches for the deployment of AI, physical security flaws, and a reluctance to share information within industries.
The Framework is designed to help address these concerns and complements and advances existing guidance and analysis from the White House, the AI Safety Institute, the Cybersecurity and Infrastructure Security Agency, and other federal partners.
Leave a comment

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

Agency News, Industry News
The Cybersecurity & Infrastructure Security Agency (CISA) has released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity.
This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human machine interface (HMI), which serves as a dashboard for operational technology (OT).
CISA encourages all critical infrastructure organizations, network defenders, and software manufacturers to review and implement the recommendations and practices to mitigate the threat posed by malicious cyber actors and to improve their cybersecurity posture.
For more information on the most common and impactful threats, tactics, techniques, and procedures, see CISA’s Cross-Sector Cybersecurity Performance Goals.
Leave a comment

TSA announces proposed rule that would require the establishment of pipeline and railroad cyber risk management programs

Agency News, Cyber Security CII sector, Industry News
The Transportation Security Administration (TSA) has published a Notice of Proposed Rulemaking that proposes to mandate cyber risk management and reporting requirements for certain surface transportation owners and operators.
“TSA has collaborated closely with its industry partners to increase the cybersecurity resilience of the nation’s critical transportation infrastructure,” said TSA Administrator David Pekoske. “The requirements in the proposed rule seek to build on this collaborative effort and further strengthen the cybersecurity posture of surface transportation stakeholders. We look forward to industry and public input on this proposed regulation.”
This rule proposes to continue TSA’s commitment to performance-based requirements. Building on the performance-based cybersecurity requirements TSA previously issued via annual Security Directives since 2021, the proposed rule leverages the cybersecurity framework developed by the National Institute of Standards and Technology and the cross-sector cybersecurity performance goals developed by the Cybersecurity and Infrastructure Security Agency (CISA).
Consistent with these requirements and standards, this rule proposes:
- To require that certain pipeline, freight railroad, passenger railroad and rail transit owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive cyber risk management program;
- To require these owner/operators, and higher-risk bus-only public transportation and over-the-road bus owner/operators, currently required to report significant physical security concerns to TSA to report cybersecurity incidents to CISA; and
- To extend to higher-risk pipeline owner/operators TSA’s current requirements for rail and higher-risk bus operations to designate a physical security coordinator and report significant physical security concerns to TSA.
TSA asserts that maintaining an effective cybersecurity posture is critically important to ensuring that the surface transportation sector is prepared for, and able to manage, cyber risks. The requirements contained in this proposed rule would strengthen cybersecurity resilience across the surface transportation systems sector.
Leave a comment ,

2 WEEKS TO ‘CIP WEEK’ IN EUROPE - 12th-14th November 2024, Madrid, Spain

Association News, Cyber Security CII sector
The International Association of Critical Infrastructure Protection Professionals (IACIPP) is delighted to announced preparations for the inaugural ‘Critical Infrastructure Protection Week’ in Europe are progressing well, as part of an initiative focused towards enhancing collaboration and cooperation amongst the industry.
The recent implementation of The Critical Entities Resilience Directive (CER Directive), which lays down obligations on EU Member States to take specific measures to ensure that essential services and infrastructures, for the maintenance of vital societal functions or economic activities, are provided in an unobstructed manner in the internal market. The passing of the deadline of 17th October 2024 for when Member States should have adopt and publish the measures necessary to comply with this Directive appears to have been met with challenges.
The NIS2 Directive, also known as the Network and Information Security Directive, is also a significant piece of legislation that was also being implemented on 17th October 2024, aimed at improving cyber security and protecting critical infrastructure across the European Union (EU).
It has built on the previous NIS Directive, addressing its shortcomings and expanding its scope to enhance security requirements, reporting obligations, and crisis management capabilities.
Compliance with the CER Directive and NIS2 Directive are crucial for businesses operating in the EU to safeguard their systems, mitigate threats, and ensure resilience. Penalties are enforceable on agencies and operators for non-compliance.
The implementation of these Directives has proven challenging, and in some instances compliance is still some way off.
The first ‘Critical Infrastructure Protection Week’ will take place in Madrid Spain and will see IACIPP host the ‘Critical Infrastructure Protection & Resilience Europe’ conference and exhibition and ‘EU-CIP Horizon Project’ conference as the first two events as part of the initiative.
IACIPP has lined up an excellent Keynote Session for the Opening of the event, including:
- Jose Luis Perez Pajuelo, Director General, National Center for Critical Infrastructure Protection (Ministry of Interior)
- Dr. Enrique Belda Esplugues, Director General, Port of Valencia, Spain
- Juan Diez Gonzalez, Head of Cybersecurity for Strategic Healthcare, Food and Research sectors, Spanish National Cybersecurity Institute (INCIBE)
- John Donlon, Chairman, International Association of CIP Professionals
John Donlon QPM, Chairman of The International Association of Critical Infrastructure Protection Professionals, said, “IACIPP is delighted the CIP Week in Europe initiative is gathering pace, with the important aim of encouraging greater information sharing, collaboration and co-operation within the industry.”
“The CER and NIS2 Directives are two of the most important pieces of legislation to arrive in Europe in recent years, and IACIPP along with other professional bodies concerns over the lack of preparation of some of the operators and agencies in meeting the deadline has been proven, and believe more needs to be done to ensure these minimum standards are met, and indeed exceeded in subsequent years. We are delighted to welcome such an esteemed set of keynote speakers to open the event, providing wisdom and insight into the challenges for the industry.”
“We are delighted the ‘Critical Infrastructure Protection & Resilience Europe’ conference and exhibition and ‘EU-CIP Horizon Europe Project’ conference are the first two events to contribute towards CIP Week, and highlight many of the challenges facing the industry. Madrid is an excellent location for the launch of this program, with the CN-PIC driving Spain’s efforts to meet the Directives’ and be prepared.” Added Mr Donlon.
With just two weeks to go to CIP Week in Europe, IACIPP is inviting the industry to join the discussions in Madrid on 12th-14th November 2024.
Further details and registration can be found at www.cipre-expo.com and www.cip-association.org.
Leave a comment

CISA Launches #PROTECT2024 Election Threat Updates Webpage

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new one-stop shop website for election threat updates from CISA and its federal government partners. As foreign actors continue their efforts to influence and interfere with the 2024 elections, CISA is ensuring that information about the election threat environment is readily accessible.
Part of the larger #Protect2024 site launched in January, the page aims to make it easier to find specific threat related products that the American public can use to stay informed and the election community can use to prepare, including:
- Joint Statements from CISA, ODNI and FBI on threats to the 2024 election
- ODNI Election Threat Updates
- FBI and CISA “Just So You Know” Joint PSA Series
Since its initial launch, #Protect2024 has quickly grown and serves as the central point for critical resources, training lists and security services to support more than 8,000 election jurisdictions for the 2024 election cycle.
Leave a comment

Plurilock and CrowdStrike Partner to Secure Critical Infrastructure and Organizations

Cyber Security CII sector, Industry News
Plurilock Security Inc., a global cybersecurity services and solutions provider, and CrowdStrike are pleased to announce a new partnership to secure critical infrastructure in democratic nations and economies against modern threats. Plurilock will provide sales and support of the AI-native CrowdStrike Falcon® cybersecurity platform to help power Plurilock’s Critical Services business unit.
Through the partnership, Plurilock will collaborate with CrowdStrike to deploy the Falcon platform and related Plurilock Critical Services to key Plurilock customers that are seeking to modernize or optimize their security operations for today’s surging threat environment. Both companies have deep expertise in AI and cybersecurity, with Plurilock having been founded on AI as a cybersecurity research spin-out, and CrowdStrike providing the world’s most advanced AI-native cybersecurity platform.
“Plurilock Critical Services secures enterprise customers that are of key importance to the world’s democracies—and that are increasingly targeted by sophisticated attacks,” said Ian L. Paterson, CEO of Plurilock. “The CrowdStrike Falcon platform enables our Critical Services team to consolidate point products, remove complexity, and deliver comprehensive visibility and real-time protection across the enterprise. This partnership enables us to provide some of the most demanding customers in existence with the solution best able to address the threats they currently face.”
“Collaborating with innovative partners like Plurilock is core to CrowdStrike’s mission of stopping breaches,” said Daniel Bernard, chief business officer, CrowdStrike. “Plurilock customers are targeted by the world’s most sophisticated adversaries, and require the most advanced technology and elite services to safeguard their critical assets. We look forward to leveraging the power of the Falcon platform to achieve our shared objectives and stop advanced threats.”
Leave a comment

2nd E.DSO Digital Award

Cyber Security CII sector, Industry News
Are you the creator of a pioneering solution or technological innovation that will facilitate the energy transition and leave a significant impact for society?
E.DSO, the Association of Distribution System Operators (DSOs), is launching the ‘2nd E.DSO Digital Award’ in recognition of the most meaningful and relevant digital innovations contributing to the shaping of DSOs roles. This award wants to highlight the importance of digitalisation in the energy sector and to acknowledge those who are leading the way in creating a more efficient, resilient, and consumer-centric energy system.
This opportunity is reserved for start-ups that have developed an innovative, revolutionary and relevant technological tool and digital solution for a future energy system.
Candidates are invited to send a brief description plus a video of their invention and its contribution by 21 October 2024.
The Award will be announced during E.DSO 1st FutureGrid Innovation Summit scheduled in Brussels on 6 February 2025.
Leave a comment
1 2 3 4 5 6 61