March 19, 2020Client Alert

Cybersecurity and Infrastructure Security Agency (CISA) (DHS) Identifies 16 Critical Infrastructure Sectors; Uncertainties Remain

The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security has identified 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

Today, CISA released official guidance intended to support State, Local, and industry partners in identifying the critical infrastructure sectors and the essential workers needed to maintain the services and functions Americans depend on daily and need to be able to operate resiliently during the COVID-19 pandemic response.

The document gives guidance to state, local, tribal, and territorial jurisdictions and the private sector on defining essential critical infrastructure workers. Promoting the ability of such workers to continue to work during periods of community restriction, access management, social distancing, or closure orders/directives is crucial to community resilience and continuity of essential functions.

You can view the list of 16 sectors via the graphic below (click to enlarge).

Michael Best | 16 Critical Infrastructure Sectors

As noted in both the guidance and a conference call announcing the publication, this document is advisory in nature. To quote from CISA Director Christopher Krebs' note at the beginning of the publication, "[the guidance] is not, nor should it be considered to be, a federal directive or standard in and of itself."

In short, state, local, tribal, and territorial governments are ultimately in charge of implementing and executing response activities in communities under their jurisdiction, while the Federal Government is in a supporting role. Businesses should be aware of state-by-state differences in these types of mandates.

During the Q&A portion of the guidance announcement conference call, it was explicitly noted by CISA participants that the agency would take feedback into consideration for potential edits and updated versions as the COVID-19 crisis continues.

You should provide that feedback via email to or reach out to our team for assistance in ensuring they receive your information.

Download and view the full guidance here

back to top