Approved by the Infrastructure and Research Policy Committee on February 1, 2022
Approved by the Public Policy and Practice Committee on February 2, 2022
Adopted by the Board of Direction on March 5, 2022
The American Society of Civil Engineers (ASCE) recommends that all public and private infrastructure owners employ the following actions, at a minimum, to avoid disruption and preserve public safety:
- Deploy systems and technologies that can monitor networks, access, data, and control systems to detect malicious activity and facilitate response actions to cyber and physical threats.
- Provide continuous dedicated formula and discretionary funding to modernize systems to deter cyber and physical threats.
- Educate the public and private sector entities on the importance of cyber and physical security.
- Foster collaboration between the public and private sectors on cybersecurity initiatives.
- Perform continuous evaluation of cyber and physical threats and vulnerabilities across all areas of infrastructure.
- Conduct regular cybersecurity and physical training for staff and contractors.
- Develop and maintain an adequate and qualified workforce to meet evolving threats and challenges.
- Encourage continued funding of cyber and physical response recovery funds, such as those created by the 2021 Infrastructure Investment and Jobs Act.
- Encourage the prompt reporting to appropriate authorities and impacted public.
As the complexity and connectivity of our infrastructure systems increase, the associated cyber and physical security requirements must also increase to ensure safe and reliable operations. Cyber and physical threats are growing global concerns and have severe repercussions, threatening economic activities and competitiveness, as well as the public’s health, safety, and welfare. As more infrastructure owners, both public and private, are targeted by threats to cyber and physical systems, improving cyber and physical security for our nation’s critical infrastructure must be a national, state, and local priority.
As the stewards of infrastructure, civil engineers, plan, design, construct, operate, maintain, reuse, and decommission infrastructure in all sixteen sectors recognized by CISA and National Infrastructure Protection Plan, including associated cyber and communication systems. These are essential to enhance the public’s health, safety, and welfare, while protecting the environment, and maintaining economic competitiveness of organizations and communities. Cyber and physical threats are a growing concern, impacting how civil engineers carry out their critical jobs. ASCE is actively engaged.
ASCE Policy Statement 565
First Approved in 2022
This policy has worldwide implications