The National Risk Management Center is leading a cross-cutting risk management effort between the private sector and government to improve the defense of our nation’s critical infrastructure.
Housed within the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD), the Center provides a single point of access where government and the private sector can collaborate across sectors to develop plans and solutions for reducing cyber and other systemic risks to national and economic security.
The NRMC supports NPPD’s cybersecurity and infrastructure security mission by:
- Identifying, assessing, and prioritizing strategic risks to national critical functions;
- Collaborating on the development of strategies and approaches to manage risks to critical functions; and
- Coordinating integrated cross-sector risk management activities.
The Center is currently facilitating a series of initiatives across a variety of sectors aimed of developing a more strategic and prioritized understanding of collective and systemic risks to critical infrastructure. Interested stakeholders should reach out to NRMC@hq.dhs.gov for more information.
About the National Risk Management Center
The Center evolved out of the former Office of Cyber and Infrastructure Analysis (OCIA) in response to industry demand for a more integrated approach to today’s complex threat environment. The new name was announced in July 2018 and it remains a subcomponent of the National Protection and Programs Directorate (NPPD).
The NRMC plays an important role in DHS’s efforts to implement Presidential Policy Directive 21, which calls for integrated analysis of critical infrastructure, and Executive Order 13636, identifying critical infrastructure where cyber incidents could have catastrophic impacts to public health and safety, the economy, and national security.
NRMC builds on the recent work of OCIA to advance understanding of emerging risks crossing the cyber-physical domain.
- Read the National Risk Management Fact Sheet
Frequently Asked Questions
How will the NRMC drive better risk management outcomes?
As the threat environment evolves and becomes more complex, we must also evolve and mature the way we think about risk. The Center prioritizes a more strategic and cross-cutting understanding of risk analysis and planning in direct response to requirements identified by front-line critical infrastructure owners and operators.
The NRMC works across sectors and across agencies to understand and contextualize national risk, set priorities together, plan jointly, train and exercise alongside each other. Where sectors once had to make strategic decisions based on partial understanding of the risk environment, the Center facilitates a complete, systemic risk picture that fills in the gaps and provides a sound basis for collaborative risk strategies that target and prioritize collective risks.
How does the NRMC work with other operations centers within DHS and NPPD?
The NRMC focuses on identifying the most pronounced and systemic risks to critical infrastructure, which helps shape the critical infrastructure security capacity-building and operations efforts undertaken by our National Infrastructure Coordinating Center (NICC) and the National Cybersecurity and Communications Integration Center (NCCIC). These operational centers complement and inform NRMC risk assessment efforts, providing insights from day-to-day information sharing and incident response efforts.
The NCCIC and NICC are 24x7 centers that focus on current operations, connecting the dots on incidents and potential incidents, with the NCCIC focusing on bi-lateral cybersecurity information sharing, information integration, incident analysis and response, technical assistance, and other operational activities to include risk management support, assessments, training, and exercises. During incidents, the NCCIC plays a leadership role in national incident response consistent with Presidential Policy Directive-41 and the National Cyber Incident Response Plan. The NRMC plays a supporting role to help with dynamic prioritization, providing a national and regional strategic understanding of what is truly critical in the path of an incident, as well as serving as a venue for coordinated operational planning across Sector Specific Agencies and other relevant agencies. The NRMC plays a similar support role in coordination with the NICC during physical incidents. The NRMC, along with the NCCIC and NICC work together to ensure alignment of future and current operations and connect information to action.
How can other organizations engage with the NRMC?
The NRMC’s risk management approach stems from a belief that a robust collective defense posture is the only way to gain an upper hand on adversaries – cyber and otherwise – in a rapidly evolving threat landscape. We live in a world where risk increasingly transcends stakeholders, sectors, governments, and industries. Properly managing and reducing this risk requires that our efforts equally transcend silos and organizational boundaries. We welcome all stakeholders – private, federal, and state, local, and tribal – to join us in protecting our critical infrastructure.
To learn more, please reach out to NRMC@hq.dhs.gov.