Skip to content

Illustration by Security Management

CISA Releases Guidance on Essential Personnel to Coronavirus Response

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released guidance to aid U.S. state and local jurisdictions, as well as the private sector, in identifying and managing essential workers in the response to the coronavirus pandemic.

“As the nation comes together to slow the spread of COVID-19, everyone has a role to play in protecting public health and safety,” said CISA Director Christopher Krebs in a statement. “Many of the men and women who work across our nation’s critical infrastructure industries are hard at work keeping the lights on, water flowing from the tap, groceries on the shelves, among other countless essential services.”

The release of the guidance came after U.S. President Donald Trump issued an update on 16 March saying that those who work in critical infrastructure sectors—like healthcare, pharmaceutical, and food supply—have a responsibility to maintain a normal work schedule.

“As the nation’s risk advisor, this list is meant to provide additional guidance to state and local partners, as well as industry, building on the president’s statement that critical infrastructure industries have a special responsibility to keep normal operations,” Krebs said. “We’re providing recommendations for these partners as they carry out their mission to keep their communities safe, healthy, and resilient.”

There are 16 designated critical infrastructure sectors in the United States, including critical manufacturing, emergency services, energy, financial services, healthcare and public health, and transportation systems. These sectors have been designated such because their assets, systems, and networks are “considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security,” according to CISA.

The CISA guidance is designed to help critical infrastructure owners and operators determine who are essential workers necessary to carry out normal operations. These positions include those who work in staffing operations centers, maintaining and repairing critical infrastructure, operating call centers, working construction, and performing management functions.

But CISA cautioned that the list is advisory and that officials should “use their own judgement” when implementing the guidance. “All decisions should appropriately balance public safety while ensuring the continued delivery of critical infrastructure services and functions.”

The CISA guidance is especially important as numerous jurisdictions in the United States are increasingly limiting individuals’ movement in an attempt to slow the spread of COVID-19. On Thursday, 19 March, California Governor Gavin Newson announced a stay at home order for all Californians – roughly 40 million people.

“I can assure you home isolation is not my preferred choice, I know it’s not yours, but it’s a necessary one,” Newsom said in a press briefing about his decision.


New York Governor Andrew Cuomo followed Newsom’s lead and announced a similar mandate on Friday, 20 March, requiring all non-essential workers to stay home beginning Sunday night (22 March) as the state’s confirmed COVID-19 cases reached 7,000.

“We need everyone to be safe, otherwise no one can be safe,” Cuomo said. “This is the most drastic action we can take.”

The U.S. states' stay home mandates mirror similar measures taken in Europe and Asia to stop the spread of the coronavirus by limiting movement to essential employees only who are on the frontlines of responding to the pandemic.

Earlier this week, Leonard Ong, CPP, group CISO for Fullerton Health based in Singapore spoke to Security Management about how the healthcare provider took steps to protect patients, customers, and identify key personnel who would be at higher risk of exposure.

“There were several measures taken in the early phase of this situation that includes forming a taskforce on COVID-19 comprising select senior leaders, reviewing and revising business continuity plans and disaster recovery plans, regular communication to employees, and aligning our approach with authority recommendations,” Ong said. “Given that a segment of our employees are at the frontline dealing with patients, ensuring their safety and being able to provide the necessary healthcare services has been a top priority.”

Hospitals around the world are bracing for surges of COVID-19 patients, but many of them lack the equipment needed to protect staff.

“Given the nationwide supply shortages, the U.S. Centers for Disease Control and Prevention (CDC) recently downgraded its guidelines for how health workers should protect themselves, allowing them to use surgical masks instead of N95 respirator masks in many cases,” according to ProPublica. “And this week, the CDC went further, publishing directions that providers ‘might use homemade masks’ like a bandana or scarf if no masks are available.”

To help address the U.S. shortage, President Trump invoked the Defense Production Act to expand production of medical equipment. South Korea, Thailand, and Singapore are also using government powers to increase mask production to protect healthcare workers and essential personnel.

“Last year the Icheon Production Centre CNTUS-Sungjin Co. Ltd. Manufactured 30 million face masks,” Reuters reports. “Amid this year’s coronavirus outbreak, it has produced 19 million in January and February alone.”

The pandemic is having a major effect on the global supply chain. On 25 March, the ASIS International Supply Chain and Transportation Security Community will host a webinar discussion on what steps organizations can take immediately to address supply chain shortages and disruptions. Interim CEO for Los Angeles Metro, Aston Greene, will also join the discussion to talk about how the city is increasing interagency communication and creating a layered response to limit the spread of COVID-19.

For more security-related pandemic resources, see ASIS's Disease Outbreak: Security Resources.