Monday , July 13 2026
Critical Infrastructure

A Plan to Protect Critical Infrastructure from 21st Century Threats

On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, cross-sector, and nationally significant risks. It will also create the 2025 National Infrastructure Risk Management Plan (National Plan) to guide federal efforts in the coming years.

As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will create a forward-looking National Plan. It will use all available federal tools, resources, and authorities to manage and decrease risks at the national level, including risks that affect multiple critical infrastructure sectors. CISA will seek assistance from its partners and other Sector Risk Management Agencies (SRMAs) throughout the year while developing this important document.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

The National Plan Must Account for the Evolution of Threats, Vulnerabilities, and Consequences

The 2025 National Plan will outline how the U.S. government will work together with partners to identify and handle national risks. This plan is a continuation of the 2013 National Plan, which emphasized the importance of risk management in enhancing the security of critical infrastructure. However, there is a need for evolution in light of the increasing vulnerabilities and threats that could have widespread consequences. Fortunately, in the past decade, Congress and successive administrations have established new agencies, authorities, and partnerships that enable a comprehensive approach to national risk management. The primary responsibility for implementing this approach through the National Plan falls on CISA, as the National Coordinator.

The National Plan will be Informed by a New Risk Management Cycle

The NSM-22 introduces a new risk management cycle for SRMAs. They will identify, assess, and prioritize risks in their sectors and create risk management plans. CISA will use these plans to identify and prioritize risks at a systemic, cross-sector, and national level. This will help them focus on reducing risk in collaboration with federal, state, local, private, and international partners. The National Plan will acknowledge that it is not possible to protect all critical infrastructure from every threat. Instead, it will outline efforts to make critical infrastructure resilient against the highest-priority risks identified in sector and cross-sector assessments. CISA and other federal partners will also work closely with SRMAs to manage risks specific to their sectors.

We Need You for Us to be Successful:

The U.S. government is developing a new approach to manage risks in critical infrastructure due to technological advancements and global volatility. This includes systems such as energy grids, water systems, transportation networks, healthcare facilities, and communication systems, essential for public safety, economic stability, and national security. With increased interconnectivity, reliance on global technologies and supply chains, and geopolitical tensions, these systems are vulnerable to various threats. Managing these risks will need a national effort involving federal agencies, state, local, tribal, territorial governments, infrastructure owners and operators, and other stakeholders.

We are responsible for keeping the U.S. critical infrastructure secure and resilient. We need to be prepared for new risks and an uncertain future while also keeping an eye out for long-standing threats like terrorism, natural disasters, and targeted violence. Building strong partnerships between the federal government, private-sector, and SLTT partners is crucial for protecting the nation’s critical infrastructure.

In order for the 2025 National Plan to achieve success, it is essential that our partners actively collaborate with us to shape its development and eventual execution. We kindly request your support in working closely with your respective SRMAs throughout the process of creating your sector risk assessments and sector risk management plans. These crucial contributions will serve as the bedrock for the National Plan.

We also invite you to reach out to us at [email protected] to share any innovative ideas or suggestions you may have. Your inputs will truly be invaluable as we strive to formulate a comprehensive plan that enables the U.S. government to effectively prioritize our risk mitigation endeavors and enhance the resilience of the critical infrastructure that lies at the heart of American society. Together, we can create a safer and more secure future for all.

Check Also

CLI

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s …