This page contains resources and policies for businesses and agencies to help manage risk and secure critical infrastructure.

Protecting infrastructure and managing risk

The national and economic security of the U.S. depends on the reliable functioning of critical infrastructure. Executive Order 13636 directed The National Institute of Standards and Technology (NIST) to develop a plan to protect national assets.

NIST has released the latest version of the Framework for Improving Critical Infrastructure Cybersecurity.  The framework, a collaboration between industry and government, contains standards, guidelines, and practices to protect critical infrastructure. This flexible, repeatable, cost-effective approach helps owners and operators manage cybersecurity risks.

The NIST Cybersecurity site offers various resources for businesses and industries.

PA Office of Administration/Office for Information Technology (OA/OIT) Security Policies

OA/OIT established policies and procedures for agencies under the Governor’s jurisdiction to:

  • Help standardize activities among the agencies
  • Promote collaboration among the agencies
  • Increase efficiency and lower associated costs.

For information, please visit the OA/OIT Security Website and Security Policies.

Continuity Planning

Every organization should have a robust continuity of operations plan. It ensures ongoing essential functions in case of:

  • Natural disasters
  • Accidents
  • Technological emergencies
  • Terrorist attack-related incidents

Continuity Planning resources:

National Information Sharing & Analysis Centers (ISACs)

ISACs help critical infrastructure owners and operators protect their facilities, personnel and customers against cyber and physical security threats and other hazards. ISACs:

  • Collect, analyze and disseminate actionable threat information
  • Provide members with tools to reduce risks and enhance resiliency
  • Communicate critical information and maintain sector-wide situational awareness

National Information Sharing & Analysis Centers include:

  • Automotive ISAC
  • Aviation ISAC
  • Communication ISAC
  • Defense Industrial Base ISAC
  • Defense Security Information Exchange
  • Downstream National Gas ISAC
  • Electricity ISAC
  • Emergency Management & Response ISAC
  • Financial Services ISAC
  • Healthcare Ready
  • Information Technology ISAC
  • Maritime ISAC
  • Multi-State ISAC
  • National Health ISAC
  • Oil & Natural Gas ISAC
  • Real Estate ISAC
  • Research & Education ISAC
  • Retail Cyber Intelligence Sharing Center
  • Supply Chain ISAC
  • Surface Transportation, Public Transportation & Over-the-Road ISAC
  • Water ISAC

Learn about individual ISACs at the National Council of ICACs site.