This is historical material “frozen in time”. The website is no longer updated and links to external websites and some internal pages may not work.

December 17, 2024

Today, the White House Office of the National Cyber Director (ONCD) and the Cybersecurity and Infrastructure Security Agency (CISA) released the Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure. The playbook advances the commitment the Administration made in the National Cybersecurity Strategy, to collaborate with “entities, the private sector, and other partners to balance cybersecurity requirements for applicants with technical assistance and other forms of support.” The playbook also advances initiative 3.4.1 of the National Cybersecurity Strategy Implementation Plan and was put together in coordination with several agencies and departments across the federal government.

Our nation’s critical infrastructure must be designed, developed, and updated by incorporating the concepts of cyber-informed engineering and secure by design. Adding cybersecurity requirements into federal funding programs for critical infrastructure and upholding them throughout the projects’ lifecycle enables grant making agencies, program managers, recipients, and subrecipients to identify, prioritize, and address key cyber risks more easily. This playbook is intended to serve as an easy-to-use resource for Agencies and grant recipients with tools to build cyber resilience into projects that include technologies that, if impacted, would affect the reliability or operability of critical infrastructure.

The playbook begins with an overview of the critical infrastructure cybersecurity guidelines. It also provides: (i) Project Cyber Risk Assessments and Project Cybersecurity Plans; (ii) recommendations for federal awarding agencies issuing grants, including pass through entities; and (iii) model language for grant programs; and (iv) grant recipient resources.

Investments to the cybersecurity of our critical infrastructure is key to preventing disruption, minimizing potential negative impacts, and enhancing our resilience. Incorporating baseline security practices is vital to protect national and economic security and ensure a safe and prosperous future for all Americans.

###

Scroll to Top Scroll to Top
Top