On April 30th, the President signed a National Security Memorandum (NSM) to secure and enhance the resilience of U.S. critical infrastructure from the rapidly evolving threat environment. The NSM will replace a decade-old presidential policy document on critical infrastructure protection and launch a whole-of-government effort, led by the National Security Council, to protect U.S. infrastructure against all threats and hazards, current and future. The NSM also builds upon the $50 billion investment made in infrastructure resilience in the President’s Bipartisan Infrastructure Law, which includes $8.7 billion for the PROTECT program to improve the resilience of transportation infrastructure. The NSM will help ensure U.S. critical infrastructure can provide the Nation a strong and innovative economy, protect American families, and enhance our collective resilience to disasters before they happen - strengthening the nation for generations to come.
What this NSM does:
- Empowers the Department of Homeland Security to lead a whole-of-government effort to secure U.S. critical infrastructure, with the Cybersecurity & Infrastructure Security Agency (CISA) acting as the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure. The Secretary of Homeland Security will be required to submit to the President a biennial National Risk Management Plan that summarizes U.S. government efforts to mitigate risk to the Nation's critical infrastructure.
- Directs the U.S. Intelligence Community, consistent with the goals outlined in the 2023 National Intelligence Strategy, to collect, produce and share intelligence and information at scale with federal departments and agencies, state and local partners, and the owners and operators of critical infrastructure. The NSM recognizes private sector owners and operators of critical infrastructure are often our first line of defense against adversaries who target the Nation's most critical assets and systems.
- Reaffirms the designation of 16 critical infrastructure sectors and establishes a federal department or agency responsible for managing risk within each of these sectors. The contact information for each of these respective entities can be found below.
- Elevates the importance of minimum security and resilience requirements within and across critical infrastructure sectors, consistent with the National Cyber Strategy, which recognizes the limits of a voluntary approach to risk management in the current threat environment.
Through a series of Directives, the Transportation Systems Co-Sector Risk Management Agency (SRMA) made up of the Department of Transportation, Transportation Security Administration, and United States Coast Guard will identify a group of senior leaders within 30 days to lead day-to-day work of the SRMA, develop a plan for how to executive this role within 180 days, and deliver draft risk assessments within 180 days and sector-specific risk management plans to the DHS Secretary within 270 days, while the DHS Secretary issues strategic guidance and risk assessment/sector-specific plan guidance within 45 days. Within one year, the DHS Secretary will deliver to the president the first National Risk Management Plan and establish the Office of the National Coordinator, the latter of which will work with the SRMAs to deliver a one-time report and legislative proposal on the additional authorities needed for critical infrastructure protection at the sector and cross sector levels within 270 days.
NSM-22 Fact Sheet