Political agreement on new rules to enhance the resilience of critical entities

As a key part of the EU's work to build a Security Union, the new rules will strengthen the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies like the recent COVID-19 pandemic.

Against an ever more complex risk landscape, the new Directive replaces the European Critical Infrastructure Directive of 2008. A wider sectoral scope will allow Member States and critical entities to better address interdependencies and potential cascading effects of an incident. Eleven sectors will be covered: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space, and food.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “It is essential to shield our economy and our society against physical threats that could disrupt services that are vital for people's daily lives and for the functioning of our internal market. With today's agreement, we are delivering on our commitment to enhance the resilience of critical infrastructure in the EU, complementing the recently strengthened cybersecurity legislation. Together, these new rules form a coherent and robust system to protect our infrastructure online and off”.

Commissioner for Home Affairs, Ylva Johansson, said: “In the light of the current geopolitical situation in Europe, enhancing our resilience is of key importance. The CER Directive will make us better prepared against disruptions that impact the security of our citizens and the prosperity of the internal market, following the lessons learnt from the pandemic and long-term challenges like climate change. The new Directive will ensure the provision of essential services such as energy, transport, water and healthcare while minimising the impact of natural and man-made incidents”.

The proposal introduces new rules to strengthen the resilience of critical entities:

- Member States will need to adopt a national strategy and carry out regular risk assessments to identify entities that are considered critical or vital for the society and the economy.
- Critical entities will need to carry out risk assessments of their own, take technical and organisational measures to enhance their resilience and notify incidents. They will also be able to request background checks on personnel holding sensitive roles.
- Critical entities in the EU, from the sectors covered, providing essential services in six Member States or more, will benefit from extra advice on how best to meet their obligations to assess risks and take resilience-enhancing measures.
- A Critical Entities Resilience Group will facilitate cooperation among Member States and the exchange of information and good practices.
- An enforcement mechanism will help ensure that the rules are followed: Member States will need to ensure that national authorities have the powers and means to conduct on-site inspections of critical entities. Member States will also introduce penalties in case of non-compliance.
- Member States will need to provide support to critical entities in enhancing their resilience with, for instance, guidance material. The Commission will provide complementary support to Member States and critical entities, by developing a Union-level overview of cross-border and cross-sectoral risks, best practices, methodologies, cross-border training activities and exercises to test the resilience of critical entities, among others.

Next steps

The political agreement reached by the European Parliament and the Council is now subject to formal approval by the co-legislators. Once published in the Official Journal, the Directive will enter into force 20 days after publication. Member States will then need to transpose the elements of the Directive into national law within 21 months.

New EU Regulation on Gas Storage

New storage legislation adopted will strengthen the EU's security of gas supply in view of the upcoming and next winters. Faced with the threat of supply disruptions by Russia, the EU Gas Storage Regulation requires that Europe's gas reserves are refilled before the winter, and their management protected from outside interference. In particular, the new rules will require the EU Member States to fill storage facilities to 80% of capacity by November this year – and to 90% in the years after.

The rules were adopted in record time thanks to the Parliament and Council's readiness to examine the legislative proposal as a matter of urgency, against the backdrop of Russia's war against Ukraine.

Welcoming the adoption at the Energy Council in Luxembourg, Commissioner for Energy, Kadri Simson, said: I would like to pay tribute to the positive and constructive approach that the Parliament and Council have shown on this proposal. This is an important statement of EU unity, determination and speed of action in the face of the Kremlin's moves to weaponise their gas exports. It is now crucial that we press on with meeting the new storage targets and step up our preparedness in case the situation further deteriorates.”

Under the new legislation, the 18 Member States with underground gas storage facilities are required to fill 80% of their storage capacity by 1 November – and are encouraged to aim for 85%. In the coming years, the target will be 90%. Member States without storage infrastructure are required to agree bilateral arrangements for sufficient quantities to be stored for their use in neighbouring countries, in a spirit of solidarity. Gas storage facilities will now be considered critical infrastructure and all storage operators in the EU will have to go through a new certification process to reduce the risks of outside interference.

EC adopts Contingency Plan for Transport

The European Commission adopted a Contingency Plan for Transport to strengthen the resilience of EU transport in times of crisis. The plan draws lessons from the COVID-19 pandemic as well as taking into account the challenges the EU transport sector has been facing since the beginning of Russia's military aggression against Ukraine. Both crises have severely affected the transport of goods and people, but the resilience of this sector and the improved coordination between member states were key to the EU's response to these challenges.

Commissioner for Transport Adina Vălean said: “These challenging and difficult times remind us of the importance of our EU transport sector and the need to work on our preparedness and resilience. The COVID-19 pandemic was not the first crisis with consequences for the transport sector, and Russia's illegal invasion of Ukraine shows us that it will definitely not be the last. This is why we need to be ready. Today's Contingency Plan, notably based on lessons learnt and initiatives taken during the COVID-19 pandemic, creates a strong framework for a crisis-proof and resilient EU transport sector. I firmly believe that this plan will be a key driver for transport resilience since many of its tools have already proven essential when supporting Ukraine – including the EU-Ukraine Solidarity Lanes, which are now helping Ukraine export its grain.”

10 actions to draw lessons from recent crises

The plan proposes a toolbox of 10 actions to guide the EU and its Member States when introducing such emergency crisis-response measures. Among other actions, it highlights the importance of ensuring minimum connectivity and passenger protection, building resilience to cyberattacks, and resilience testing. It also stresses the relevance of the Green Lanes principles, which ensure that land freight can cross borders in less than 15 minutes, and reinforces the role of the Network of Contact Points in national transport authoritiesBoth have proved crucial during the COVID-19 pandemic, as well as in the current crisis caused by Russian aggression against Ukraine.

The 10 areas of action are:

1 Making EU transport laws fit for crisis situations
2 Ensuring adequate support for the transport sector
3 Ensuring free movement of goods, services and people
4 Managing refugee flows and repatriating stranded passengers and transport workers
5 Ensuring minimum connectivity and passenger protection
6 Sharing transport information
7 Strengthening transport policy coordination
8 Strengthening cybersecurity
9 Testing transport contingency
10 Cooperation with international partners

One key lesson from the pandemic is the importance of coordinating crisis response measures – to avoid, for example, situations where lorries, their drivers and essential goods are stuck at borders, as observed during the early days of the pandemic. The Contingency Plan for Transport introduces guiding principles that ensure crisis response measures are proportionate, transparent, non-discriminatory, in line with the EU Treaties, and able to ensure the Single Market continues to function as it should.

Next steps

The Commission and the Member States will use this Contingency Plan to respond to current challenges affecting the transport sector. The Commission will support Member States and steer the process of building crisis preparedness in cooperation with the EU agencies, by coordinating the Network of National Transport Contact Points and maintaining regular discussions with international partners and stakeholders. To respond to immediate challenges and ensure Ukraine can export grain, but also import the goods it needs, from humanitarian aid, to animal feed and fertilisers, the Commission will coordinate the Solidarity Lanes contact points network and the Solidarity Lanes matchmaking platform.

ESA-backed project supports oil and gas safety by keeping an eye on the ground

Oil and gas supplies are dependent on multiple factors, including the stability of the ground wherever oil or gas is being stored or transported. In March 2021, LiveEO started assessment and development of an end-to-end solution for monitoring ground deformation for the entire value chain of the industry, based on interferometric synthetic aperture radar (InSAR) satellite data combined with artificial intelligence (AI). The aim was to help the industry ensure safety across its assets by providing an early warning system that could inform maintenance or safety actions.
Providing actionable insights

Founded in 2017, LiveEO has a background in using Earth observation (EO) data to provide a range of services to operators of large-scale infrastructure, such as railways, electricity grids and pipelines. It combines data analysis with risk analysis to create actionable insights on aspects such as vegetation management, detection of construction activity and ground deformation monitoring — all of which present challenges for reasons that include climate change and environmental factors.

With this Kick-Start activity, co-funded by ESA, LiveEO’s team used its experience in servicing pipeline customers to explore the feasibility of a holistic, end-to-end solution for ground deformation monitoring. The investigation included risk models that quantify the risk to specific assets resulting from ground deformation and how the insights could be delivered to customers and integrated into their processes to create automatic triggers.

The LiveEO team analysed the opportunities through surveys of more than 50 companies and countries, including existing clients in the pipeline industry, as well as researching the broader landscape. Initial data came from Sentinel-1 synthetic aperture radar (SAR) imagery, which will be enriched by higher resolution StripMap and SpotLight SAR imagery from Capella Space or ICEYE satellites to investigate any anomalies that have been detected.

Sven Przywarra, the Co-CEO and co-founder of LiveEO said: “The Kick-Start activity enabled LiveEO to validate a business case in a unique setting, and also created an environment that allowed our business development team to take the right steps from a business idea to product development. The combination of guidance, support and clear goal setting from ESA was greatly appreciated, because it gave us the entrepreneurial freedom necessary for the exploration of new ideas paired with acquiring a depth of knowledge similar to a classic research project."
The increasing need for ground deformation insights

The requirement for such insights results from an increasing number of oil wells, pipelines, storage facilities and other oil and gas related infrastructure exceeding their original lifespans. This is leading to more complex maintenance for operators and increased risks that impact both the industry itself and the surrounding environment and communities. One of the major sources of risk is ground deformation due to industrial operations or natural seismic activity. Where infrastructure and assets span large areas, these risks can be very difficult to measure and dangerous trends can go undetected.

Traditional monitoring methods, such as land surveying or sensors and drones, can only give a partial picture. Satellites enable monitoring of deformation trends across entire countries with weekly update intervals — something that would be prohibitively expensive or even impossible via other means. InSAR data delivers deformation values at individual pixel levels, allowing the identification of trends over long periods of time; this can be supplemented with historical data.

The company is currently developing the AI side of the project, with the aim of completing development by the end of 2022. The plan is then to undertake a demonstration project and have a marketable subscription service ready by the end of the following year.

Experts Assess Implementation of International Conventions on Nuclear Emergency Response

 

Countries need to work closely together in the event of a nuclear emergency, so sharing experience and improving emergency preparedness are key tasks stemming from the IAEA’s mandate. Those responsible for emergency preparedness at the national level – officially referred to as Competent Authorities – met in Vienna last week at the 11th Meeting of the Representatives of Competent Authorities identified under the Early Notification Convention and the Assistance Convention, and discussed ways to ensure that the necessary expertise, services and equipment are available promptly upon request by any government in the event of a nuclear or radiological emergency.

In his remarks, IAEA Director General Rafael Mariano Grossi referred to the role of the two conventions in relation to nuclear facilities in Ukraine. “Everything we have done to assist Ukraine in maintaining nuclear safety, security and an adequate level of safeguards; everything we have done to inform the wider world of the situation during this first military conflict fought in the direct proximity of a major nuclear power programme, we have done through the framework that many of you have built and improved in the years leading up to today…this framework is being tested like never before,” he said.

A strong and integrated international framework for notification and assistance in the event of a nuclear emergency is essential to protect people and the environment from the harmful effects of ionizing radiation, said the meeting’s Chair, Faizan Mansoor, Head of the Pakistan Nuclear Regulatory Authority. “This meeting is essential, since it gathers the world’s experts in nuclear emergency preparedness and response to determine if our arrangements remain effective when emergencies occur under increasingly complex conditions,” he said.

Competent Authorities are the entities designated by their governments to carry out specific duties with respect to issuing and receiving information relating to nuclear and radiological emergencies under these conventions. They meet every two years to evaluate and strengthen the implementation of the Early Notification Convention and the Assistance Convention. Both conventions were concluded in 1986, in the immediate aftermath of the accident at the Chornobyl Nuclear Power Plant, and establish the international framework for the exchange of information and the prompt provision of assistance in the event of a nuclear or radiological emergency, with the aim of minimising the consequences.

“Radiation does not recognize borders, and countries need to work together swiftly to prevent people from coming to harm in the wake of a transboundary radioactive release,” said Carlos Torres Vidal, Director of the IAEA’s Incident and Emergency Centre.
Preparing to Respond to a Rare Event

The IAEA has created a number of platforms and mechanisms, such as the Unified System for Information Exchange in Incidents and Emergencies (USIE), the International Radiation Monitoring Information System (IRMIS) and the Assessment and Prognosis Tools and the Response and Assistance Network to help countries work with each other, and with the IAEA and other international organizations, during a response. For example, USIE is a secure platform for information sharing that allows countries to fulfil their obligations under the Early Notification Convention; the same function is performed for the Assistance Convention by the Response and Assistance Network, or RANET, which allows countries to offer, and receive, assistance and expertise; and IRMIS collects and maps large quantities of environmental radiation monitoring data during nuclear or radiological emergencies.

The IAEA supports countries in setting up robust preparedness mechanisms, through the development of safety guides and publications, and the provision of trainings and other capacity-building initiatives.

Although most people associate nuclear emergencies with accidents at nuclear power plants, such as those at Chornobyl (1986) and Fukushima Daiichi (2011), such events are in fact very rare. At the same time, the Response and Assistance Network has been mobilized several times in the past decade to respond to countries dealing with the consequences of far more common radiological emergencies, such as workers becoming accidentally exposed to hazardous levels of radiation from contact with radiation sources used in industry or medicine.

“These past two years have demonstrated that emergencies come in diverse forms such as earthquakes, floods and fires, and that we need to pay more attention than ever before to our motto: Prepare. Respond. Improve,” said Lydie Evrard, Deputy Director General and Head of the Department of Nuclear Safety and Security.

DOE Should Address Lessons Learned from Previous Disasters to Enhance Resilience

Natural disasters, such as cyclones, earthquakes, hurricanes, wildfires, and severe storms—and the power outages resulting from these disasters—have affected millions of customers and cost billions of dollars. The growing severity of wildfires and extreme weather events in recent years has been a principal contributor to an increase in the frequency and duration of power outages in the U.S. Federal agencies, such as DOE and the Federal Emergency Management Agency, play a significant role in disaster response, recovery, and resilience.

This report (1) identifies lessons learned from federal, state, and other entities' responses to selected disasters that affected the electricity grid from 2017 to 2021; and (2) examines federal agency actions to address those lessons learned. GAO selected a nongeneralizable sample of 15 of 35 disasters that affected the grid from 2017 to 2021. The 15 selected were among the most severe events across a range of types, locations, and years. GAO also examined agency and industry responses; reviewed relevant reports, policies, and documents; and interviewed federal, state, and local officials, as well as selected industry stakeholders.

Power outages caused by natural disasters have affected millions of customers and cost billions of dollars. The Department of Energy plays a key role in disaster response and long-term electricity grid recovery.

DOE has taken some steps to improve its workforce and training, tools and technology, and local capacity to respond to disasters. But, DOE doesn't have a comprehensive plan for coordinating response and recovery responsibilities within the agency. In addition, DOE hasn't used lessons learned from previous disasters to prioritize recovery efforts.

In responding to selected disasters occurring between 2017 and 2021, federal, state, and other stakeholders identified lessons learned in the areas of planning and coordination, workforce and training, tools and technology, and local capacity. In the area of planning and coordination, agency officials and reports highlighted that disaster responses were more effective when strong working relationships existed between federal, industry, and local stakeholders. Regarding workforce and training, a Department of Energy (DOE) report emphasized the importance of having a dedicated pool of responders with expertise in grid reconstruction and recovery, especially when responding to multiple, concurrent or successive disasters.

Federal agencies have taken steps to address lessons learned by improving workforce and training, tools and technology, and local capacity. For example, to address workforce lessons, DOE began deploying a Catastrophic Incident Response Team to quickly bring responders with subject-matter expertise to affected areas. However, DOE does not have a comprehensive approach for coordinating its broader grid support mission that includes disaster response, grid recovery, and technical assistance efforts. Specifically, roles and responsibilities within DOE for transitioning from response to recovery are unclear, as are how lessons learned from previous disasters are used to prioritize recovery and technical assistance efforts. GAO's Disaster Resilience Framework states that bringing together the disparate missions and resources that support disaster risk reduction can help build resilience to natural hazards. By establishing a comprehensive approach that clearly defines roles and responsibilities, and acting on lessons learned across DOE, the department could better target resources and technical assistance. This approach, in turn, can lead to enhanced grid resilience and reduced disaster risk.

 

Breaking silos to build resilience – Multi-hazard, multi-sectoral approaches to managing disaster risks

Disasters unfold across national boundaries, involving a range of interrelated hazards and complex dynamics. To tackle disaster risks and build resilience in the face of increasing climate-related disasters, it will require a united effort to move beyond working in silos.

“Member states, the UN system, governments – whether national, local or community-level governments – will need to learn more and more how to work in an interdisciplinary manner,” said David Smith, coordinator of the Institute for Sustainable Development at the University of the West Indies, and moderator of the session Breaking the Silos – Towards multi-hazard, multi-sectoral approaches to managing risks at the 7th Global Platform for Disaster Risk Reduction.

“One ASEAN, one response”

Southeast Asia and the Pacific region are especially affected by natural hazards, and in recent years has been the site of numerous disasters – cyclones, floods, tsunami and seismic events, compounded by the COVID-19 pandemic. Susana Juangco, Director of the Philippines Office of Civil Defense, explained how ASEAN, the Association of Southeast Asian Nations, has taken steps towards better coordination in its disaster risk reduction (DRR) strategies.

“The disaster risk landscape is becoming more complex and challenging,” she said. “There is a need to strengthen and broaden cooperation, not only within the ASEAN region but also externally, including with non-traditional partners.”

One example is the ASEAN Joint Taskforce on Humanitarian Assistance, which draws in expertise from many sectors – political, defence, health, social welfare and development.

“Disaster management should be everyone’s business,” she said, “Instead of working in silos, inter-operativeness and coordination should be the essence of all our DRR initiatives.”
Understanding risk from community viewpoints

Bijay Kumar, Executive Director of the Global Network of Civil Society Organisations for Disaster Reduction (GNDR) described how an inclusive, community-based approach can strengthen DRR and resilience building by drawing on local perspectives.

“As a global network… we are trying to see how risks are understood from the perspective of the people experiencing them.”

A GNDR programme has examined how communities have been included in various governance systems, and how this inclusion has changed over a ten-year period, drawing on the experiences of representative samples of communities across 48 countries worldwide.

In Indonesia, for example, the study found that a consultative process helped to activate a penta-helix approach involving local governments, civil society, academia and the media in developing plans which were then taken up at a national level.

“It is possible to bring a comprehensive analysis to inform a sustainable way of building resilience,” he noted.

Finding the right tools for the job

Scientists have a range of tools at their disposal for assessing disaster risk. There are well-established methods for assessing primary impacts from external shocks, but in many of the places that experience disasters, data is often in short supply. However, when it comes to assessing systemic risks and the complex dynamics that cause wider impacts, there are fewer options.

Olaf Neußner, an independent expert for the German Committee for Disaster Reduction (DKKV) believes that recent global events – the pandemic and the war in Ukraine – could help to break down silos between different avenues of research, and create new opportunities for risk analysis.

“There is a lot of information available, and researchers can look into this and see what the cascading effects actually are,” he said.

In order to process the enormous volume of data, risk assessments could draw on machine learning and artificial intelligence to better understand causal relationships and connections between hazards and impacts.

Economic models could also be useful in understanding the socio-economic impacts of disasters – this requires that the two silos of economic and DRR analysis are bridged.
“Breaking silos takes time and energy, but it is worth it.”

Peter Binder, Director-General of MeteoSwiss and the Swiss Permanent Representative to the World Meteorological Organisation (WMO), offered examples of how DRR initiatives in Switzerland have deliberately set up structures to break down silos.

This entailed establishing the Steering Committee on Intervention in Natural Hazards, which brings together government and academic institutes dealing with weather, fire, civil protection, seismic events, avalanches and topography. The Committee operates on three hierarchical levels, each involving all of the parties.

A similar collaborative approach is applied by the National Centre for Climate Services, bringing together seven federal offices with academic institutions.

“Breaking silos takes time and energy, but it is worth it,” he said.

An earth system approach

At an international level, Binder noted that the WMO – with responsibility for weather, water and climate – provides another example of breaking silos.

“The three disciplines are intimately linked in nature and, therefore, should also be in our scientific and operational treatment,” he said. “This is the earth system approach, indispensable for managing multi-hazard risk.”

Switzerland is promoting an initiative to take this further, to bolster global preparedness for natural hazards.

Under the WMO Coordination Mechanism, “all available authoritative information on meteorological and hydrological threats from WMO members should be directed into the information channels of the pertinent UN and humanitarian aid organisations. This constitutes a multi-organizational and multinational effort to mitigate risk related to meteorological, hydrological and climate hazards,” he said.

[Source: UNDRR]

CREWS commits additional funding to strengthen Early Warning Systems in the Caribbean

Different and multiple hazards, such as severe weather conditions in land and at sea, droughts, hurricanes, floods, and earthquakes, pose a serious threat to the Caribbean, which is one of the most disaster-prone regions in the world. Combined, geological and hydro-meteorological hazards have affected more than 100 million people in the region, causing significant economic losses and casualties.

The development of Early Warning Systems has been identified by the Sendai Framework for Disaster Risk Reduction 2015–2030, the 2030 Agenda for Sustainable Development, and the Paris Agreement as a key pathway to prevent disasters and reduce the negative impacts of multiple hazards.

As defined by the UNDRR, Multi-hazard Early Warning Systems are "an integrated system of hazard monitoring, forecasting and prediction, disaster risk assessment, communication and preparedness activities systems and processes that enables individuals, communities, governments, businesses and others to take timely action to reduce disaster risks in advance of hazardous events".

The Climate Risk and Early Warning Systems Initiative (CREWS) is a mechanism that provides financial support to Least Developed Countries (LDCs) and Small Island Developing States (SIDS) to establish risk-informed early warning services, implemented by three partners, based on clear operational procedures. CREWS has recently donated an additional $1 million to support the project Strengthening Hydro-Meteorological and Early Warning Services in the Caribbean , which will be implemented by UNDRR in 2022.

The project aims to strengthen Early Warning Services (EWS) in the Caribbean and to articulate the response capacity of individuals, institutions, and communities through the development of a regional strategy to strengthen and streamline early warning and hydro-meteorological services. This includes developing appropriate approaches to risk-informed decision-making for EWS, identifying gaps in risk assessment at regional and national levels, and evaluating the resilience of already existing infrastructure such as forecasting centres, shelters, and National Meteorological and Hydrological Services. The project will also examine opportunities for building partnerships with the private sector and assess socio-economic benefits to ensure the sustainability of investments and activities.

This project aligns with the Sendai Framework and focuses on the implementation of target G, which aims to “substantially increase the availability of and access to multi-hazard early warning systems and disaster risk information and assessments to people by 2030”. The Sendai 7 campaign of the 2022 International Day for Disaster Risk Reduction will be focusing on this same target. Ensuring access to Multi -hazard Early Warning Systems in the Caribbean is regarded as a tool that enables individuals, communities, governments, businesses, and other stakeholders to take timely action to reduce disaster risk in advance of hazardous events.

This is also a matter of urgency, as disclosed in the Regional Assessment Report on Disaster Risk in Latin America and the Caribbean (RAR21), published last year: “In the short and medium term the occurrence of new mega-disasters in the region is almost inevitable given the extreme risk embedded there. It is therefore urgent to strengthen corrective and reactive management capabilities, especially early warning systems, preparedness and response.”

Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance

Federal agencies with a lead role to assist and protect one or more of the nation's 16 critical infrastructures are referred to as sector risk management agencies (SRMAs). The SRMAs for three of the 16 have determined the extent of their sector's adoption of the National Institute of Standards and Technology's (NIST) Framework for Improving Critical Infrastructure Cybersecurity (framework). In doing so, lead agencies took actions such as developing sector surveys and conducting technical assessments mapped to framework elements. SRMAs for four sectors have taken initial steps to determine adoption (see figure). However, lead agencies for nine sectors have not taken steps to determine framework adoption.

Status of Framework Adoption by Critical Infrastructure Sector

Regarding improvements resulting from sector-wide use, five of the 16 critical infrastructure sectors' SRMAs have identified or taken steps to identify sector-wide improvements from framework use, as GAO previously recommended. For example, the Environmental Protection Agency identified an approximately 32 percent overall increase in the use of framework-recommended cybersecurity controls among the 146 water utilities that requested and received voluntary technical assessments. In addition, SRMAs for the government facilities sector identified improvements in cybersecurity performance metrics and information standardization resulting from federal agencies' use of the framework. However, SRMAs for the remaining 11 sectors did not identify improvements and were not able to describe potential successes from their sectors' use of the framework.

SRMAs reported various challenges to determining framework adoption and identifying sector-wide improvements. For example, they noted limitations in knowledge and skills to implement the framework, the voluntary nature of the framework, other priorities that may take precedence over framework adoption, and the difficulty of developing precise measurements of improvement were challenges to measuring adoption and improvements. To help address challenges, NIST launched an information security measurement program in September 2020 and the Department of Homeland Security has an information network that enables sectors to share best practices. Implementing GAO's prior recommendations on framework adoption and improvements are key factors that can lead to sectors pursuing further protection against cybersecurity threats.

The U.S. has 16 critical infrastructure sectors that provide clean water, gas, banking, and other essential services. To help protect them, in 2014 the National Institute of Standards and Technology developed cybersecurity standards and procedures that organizations within these sectors may voluntarily use. Federal agencies are charged with leading efforts to improve sector security.

The GAO have found agencies have measured the adoption of these standards and procedures for 3 of 16 sectors and have identified improvements across 2 sectors. For example, the EPA found a 32% increase in the use of recommended cybersecurity controls at 146 water utilities.

FEMA Resources for Climate Resilience

As climate change increases disaster risks across the country, emergency managers and government officials are beginning to implement strategies to build community resilience. FEMA Resources for Climate Resilience provides a roadmap of Federal Emergency Management Agency (FEMA) programs and initiatives that advance community climate resilience. FEMA Resources for Climate Resilience assists FEMA’s state, local, tribal, and territorial (SLTT) partners in navigating the FEMA resources that are available to support communities in mitigating impacts of climate change.

Building resilience is a long-term, ongoing cycle that requires multiple steps to accomplish. Each section of the FEMA Resources for Climate Resilience corresponds with a step in that cycle and provides information about FEMA services, programs, and grants available to SLTT partners. Each SLTT partner has a unique experience with FEMA and has participated in different elements of the resilience cycle. SLTT partners with limited FEMA experience may choose to start from the beginning of FEMA Resources for Climate Resilience, while other SLTT partners may navigate directly to their program of choice.

Each section of FEMA Resources for Climate Resilience provides a brief description of the program, service, or grant, an overview of who can apply, examples of the FEMA programs in action, and helpful tools and resources for learning more about the program, service, or grant. In addition, where applicable, FEMA Resources for Climate Resilience also points out areas where equity can be prioritized. FEMA Resources for Climate Resilience explains how existing tools, such as the National Risk Index (Risk Index), can assist SLTT governments and their communities, right now, in making informed planning decisions including considerations of impacts from future weather conditions.

FEMA Resources for Climate Resilience also provides a quick glance at FEMA funding sources, such as the Building Resilient Infrastructure and Communities (BRIC) program, designed to support communities in building capability and capacity to mitigate the increasing impacts of climate change.

FEMA Resources for Climate Resilience is available to download at https://www.fema.gov/sites/default/files/documents/fema_resources-climate-resilience.pdf

1 3 4 5 6 7 10