The 2024 Update to Critical Infrastructure Security and Resilience

More than a decade after the introduction of Presidential Policy Directive 21 (PPD-21), the White House National Security Council has issued the National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience. This memorandum replaces the previous directive, addressing contemporary threats including advanced technologies and increased cyber-attacks from nation-states.

Urgent and Strategic Updates

The updated NSM responds to an evolving international threat landscape that has expanded to include strategic competition and the challenges posed by technological advancements such as artificial intelligence. This update was prompted by the growing federal investment in U.S. critical infrastructure, highlighting the need for policies that ensure robust national security.

Core Enhancements in the NSM

• Centralized Leadership by DHS: The Department of Homeland Security (DHS), with the Cybersecurity and Infrastructure Security Agency (CISA) leading, is now the primary agency responsible for coordinating the national effort to secure and enhance the resilience of critical infrastructure across the United States.

• Strategic Risk Management: The Secretary of Homeland Security is required to present a National Risk Management Plan to the President biennially, outlining the strategies employed by the government to mitigate risks to the nation's critical infrastructure.

• Sector-specific Oversight: The memorandum reaffirms the identification of 16 critical infrastructure sectors, each managed by specific federal departments or agencies, ensuring specialized risk management tailored to the needs of each sector.

• Mandatory Security Standards: Moving beyond previous voluntary measures, the NSM mandates minimum security and resilience requirements across all sectors, aligned with the National Cyber Strategy to address the current threat environment.

• Implementation and Broader Impacts

CISA's role as the National Coordinator emphasizes a streamlined and coordinated approach to national infrastructure protection. The agency’s responsibilities include coordinating with various sector risk management agencies and reinforcing sector-specific and cross-sectoral resilience.

Furthermore, the establishment of Systemically Important Entities (SIEs) marks a strategic development, prioritizing infrastructure components whose disruption could have significant impacts on national security, economic stability, or public safety.

The 2024 National Security Memorandum redefines the United States' strategy for protecting its critical infrastructure. It introduces strict standards and a coordinated federal oversight structure designed to secure and respond to threats, ensuring that the infrastructure essential to America's security and prosperity is robust and resilient.