The Cybersecurity and Infrastructure Security Agency (CISA) kicked off the 2023 Critical Infrastructure Security and Resilience Month Wednesday, the agency’s annual effort focused on educating and engaging all levels of government, infrastructure owners and operators, and the public about the vital role critical infrastructure plays in the nation’s security and why it is important to strengthen critical infrastructure security and resilience.

This November, CISA is asking everyone to "resolve to be resilient" by preparing and investing in resilience today, so that the nation can recover quickly in the event of an incident tomorrow. 

The agency is highlighting practices critical infrastructure organizations can implement to recover rapidly in the aftermath of any significant disruption:

•  Assess Your Risk. Organizations should identify their most critical functions and assets, define dependencies that enable the continuity of these functions, and consider the full range of threats that could undermine functional continuity.
• Make a Plan and Exercise It. Organizations should perform dedicated resilience planning, determine the maximum downtime acceptable for customers, develop recovery plans to regain functional capabilities within the maximum downtime, and test those plans under real-life conditions to ensure the ability to operate through disruption.
• Continuously Improve and Adapt. Organizations should be prepared to regularly adapt to changing conditions and threats. This starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents, and evolving cross-sector risks.

CISA encourages financial institutions to visit its Critical Infrastructure Security and Resilience Month homepage for more information, resources, and a toolkit.