Skip to Main Content

CISA Offers New Resources on National Critical Functions

The Cybersecurity and Infrastructure Security Agency (CISA), which is a federal agency responsible for managing both physical and cyber threats to the country’s physical infrastructure, recently published two new important items on National Critical Functions (NCF).

NCFs are those resources that we rely on to be available to us at all times – like electricity, internet, transportation systems, and clean water. Ensuring the NCFs are safe from physical and cyber threats is a key responsibility for those working in critical infrastructure.

The items released by CISA, with the assistance of CISA’s National Risk Management Center (NRMC), provide updates on the status of the country’s NCFs and why protecting those resources is so important.

According to CISA, the NCF Fact Sheet “provides an overview of the NCFs, how the NRMC has leveraged the NCF framework in response to emerging threats, and the ongoing effort to deepen the understanding of how NCFs operate.”

The two-page fact sheet provides details on the four primary categories of NCFs, encourages a focus on interdependency between various NCFs – both cyber and physical, and outlines future steps in the development of NCF Risk Architecture.

CISA’s second resource, the Status Update to the Critical Infrastructure Community, offers a more detailed look at the status of the nation’s critical infrastructure. Released in July 2020, the report provides a summary of the work of CISA and NRMC in four areas:

Definitions to help guide policy and doctrine: NRMC defined each of the 55 NCFs, with the goal of identifying the risks inherent to each function.

Policy and planning support to guide policy making around key critical infrastructure issues and priorities: Specific items addressed include executive orders related to coordinating national resilience to electromagnetic pulses (EMPs), strengthening national resilience through responsible use of positioning, navigation, and timing (PNT) services, and securing the information and communications technology and services.

Operational support to response and recovery operations: NRMC has analyzing the level of risk and impact to NCFs due to COVID-19. “[T]he NRMC used the NCF structure to create a register of risks to critical infrastructure from the pandemic,” states the report. This information was used to identify drivers that could negatively impact NCFs.

Support for development of an NCF risk architecture to enhance risk analysis capabilities. NCRM worked to create a NCF risk architecture that addresses both the hierarchy and interdependency of NCFs. “The NCF Risk Architecture leverages a scalable and extensible framework that combines dependencies within (intra-) and between (inter-) NCFs, various data structures, and analytic capabilities to provide decision support through complex cyber and physical critical infrastructure risk analysis,” states the report.

These CISA resources should be reviewed by those interested in critical infrastructure, as well as those who want a behind-the-scenes look at the complexities inherent to keeping the nation’s critical functions up and running.

Want to learn about critical infrastructure? Capitol Tech offers bachelor’s, master’s and doctorate degrees in security, intelligence, and critical infrastructure. Many courses are available both on campus and online. To learn more about Capitol Tech’s degree programs, contact