Security and Resilience

Presidential Policy Directive 21 (PPD-21) defines security and resilience as follows:

Security: Reducing the risk to critical infrastructure by physical means or defens[ive] cyber measures to intrusions, attacks, or the effects of natural or manmade disasters.

Some examples of protective measures to increase critical infrastructure security include:

Addressing threats and vulnerabilities
Sharing accurate information and analysis on current and future risks
Installing exterior locks and positioning bollards around an important building
Properly marking and storing sensitive information

Resilience: The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions; includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.

Some examples of preparedness efforts to increase critical infrastructure resilience include:

Having accurate information and analysis about risk
Planning for mitigation, response, and recovery activities
Performing regular back-ups of information systems
Pre-positioning emergency provisions in a separate location