Approved by the Infrastructure and Research Policy Committee on May 28, 2025
Approved by the Public Policy and Practice Committee on June 18, 2025
Adopted by the Board of Direction on October 7, 2025

Policy

 The American Society of Civil Engineers (ASCE) recommends that all public and private infrastructure owners employ the following actions, at a minimum, to avoid disruption and preserve public safety:

  • Deploy systems and technologies that can monitor networks, access, data, and control systems to detect malicious activity and facilitate response actions to cyber and physical threats.

  • Provide continuous, dedicated funding to modernize systems to deter cyber and physical threats. 

  • Educate the public and private sector entities on the importance of cyber and physical security.

  • Foster collaboration between the public, private sectors, and academia on cybersecurity initiatives.

  • Perform continuous evaluation of cyber and physical threats and vulnerabilities across all areas of infrastructure.

  • Conduct regular cybersecurity and physical training for all personnel and contractors.

  • Develop and maintain an adequate and qualified workforce to meet evolving threats and challenges.

  • Encourage continued funding of cyber and physical response recovery funds, such as those created by the 2021 Infrastructure Investment and Jobs Act. 

  • Encourage prompt reporting to the appropriate authorities and impacted public. 

  • Implement a “Defense in Depth” strategy that integrates cybersecurity and physical security measures across all infrastructure layers, promoting resilience against both cyber and physical threats. 

Issue

As the complexity and connectivity of our infrastructure systems increase, the associated cyber and physical security requirements must also increase to ensure safe and reliable operations. Cyber and physical threats are growing global concerns and have severe repercussions, threatening economic activities and competitiveness, as well as the public’s health, safety, and welfare. As more infrastructure owners, both public and private, are targeted by threats to cyber and physical systems, improving cyber and physical security for our nation’s critical infrastructure must be a national, state, and local priority. 

Rationale

As stewards of infrastructure, civil engineers are responsible for planning, designing, constructing, operating, maintaining, reusing, and decommissioning infrastructure across all sixteen critical infrastructure sectors identified by Cybersecurity and Infrastructure Security Agency (CISA) and the National Infrastructure Protection Plan. Critical infrastructure is essential to the public’s health, safety, and welfare, while protecting the environment, and maintaining economic competitiveness of organizations and communities. Cyber and physical threats are a growing concern, impacting how civil engineers carry out their critical jobs. 

ASCE Policy Statement 565
First Approved in 2022
This policy has worldwide implications

Reference, “Infrastructure Resilience Planning Framework (IRPF),” Cybersecurity and Infrastructure Security Agency (CISA) Publication dated October 2021