Critical Infrastructure Security and Resilience Month: Resolving to Be Resilient with vArmour


This month, the Cybersecurity and Infrastructure Security Agency (CISA), part of the US Department of Homeland Security, launched Critical Infrastructure Security and Resilience Month, emphasizing the importance of enhancing national security and resilience. This initiative reflects the growing awareness of the critical role that IT resilience plays in safeguarding our nation’s vital infrastructure. With this initiative, CISA is asking everyone to “Resolve to Be Resilient,”  and the practices they recommend for strengthening resilience align closely with what we do at vArmour.

In their announcement, CISA has highlighted practices that critical infrastructure organizations can implement to recover rapidly in the aftermath of any significant disruption:

Assess Your Risk: Organizations should identify their most critical functions and assets, define dependencies that enable the continuity of these functions, and consider the full range of threats that could undermine functional continuity.

Make a Plan and Exercise It: Organizations should perform dedicated resilience planning, determine the maximum downtime acceptable for customers, develop recovery plans to regain functional capabilities within the maximum downtime, and test those plans under real-life conditions to ensure the ability to operate through disruption.

Continuously Improve and Adapt: Organizations should be prepared to regularly adapt to changing conditions and threats. This starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents, and evolving cross-sector risks.

From CISA. (2023, November 01). CISA Launches Critical Infrastructure Security and Resilience Month 2023.


At vArmour, our focus is on strengthening operational resilience through mapping dependencies across critical applications and infrastructure, enabling organizations to put recommendations like those from CISA into practice (as well as regulatory requirements like EU’s DORA). Here’s how vArmour’s automated dependency mapping helps with each of the recommendations above:

Assess Your Risk:

Assessing your risk, particularly identifying critical assets and their dependencies, is typically a cumbersome and time-consuming process, often taking months to complete. Moreover, the information gathered quickly becomes outdated due to the dynamic nature of modern IT environments. vArmour automates this process through the real-time mapping of critical applications and their dependencies, providing organizations with an always up-to-date view of their IT landscape, while avoiding the limitations of traditional, static methods.

Make a Plan and Exercise It:

vArmour streamlines recovery plan development by offering a clear view of an organization’s application landscape. This clarity helps identify critical assets and ensures alignment of recovery time objectives (RTOs) across interdependent systems. With a comprehensive understanding of application interconnections, organizations can anticipate the consequences of service outages and minimize customer downtime effectively.

Continuously Improve and Adapt:

By providing a dynamic, real-time view of the application landscape, vArmour allows organizations to stay updated with their evolving environment. This real-time visibility is essential for promptly identifying changes, vulnerabilities, and making informed decisions when adapting to evolving conditions and mitigating potential cyber risks.

In a digital age where operational resilience is paramount to safeguarding infrastructure, CISA’s Critical Infrastructure Security and Resilience Month shines a spotlight on the practices that can enhance the security of the services we rely on. At vArmour, we’re focused on helping organizations achieve operational resilience objectives through the mapping of critical dependencies across applications and infrastructure. By aligning closely with CISA’s recommendations and the resiliency requirements from regulators across the globe, we offer organizations a path to put these principles into practice. Our automated dependency mapping not only simplifies risk assessment, recovery planning, and adaptation but also ensures that organizations can remain agile, proactive, and resilient in the face of ever-evolving threats and challenges.


Read More
December 13, 2023
Decoding DORA ICT Risk Management Requirements: Step 3 - Executing Business Impact Analysis and Risk Assessments
Read More
December 6, 2023
Decoding DORA ICT Risk Management Requirements: Step 2 - Mapping your Business Functions and their Dependencies
Read More
November 28, 2023
Decoding DORA ICT Risk Management Requirements: Step 1 - Identifying and Classifying ICT Functions

Timothy Eades

Chief Executive Officer