Impact of The U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency’s Memorandum on Identification of Essential Critical Infrastructure Workers During COVID-19 Response

Loren Wolff & Catherine Gorman

In an effort to offer guidance to state governments grappling with decisions to close businesses due to COVID-19, on March 16, 2020 President Trump issued the following directive:

“If you work in a critical infrastructure industry, as defined by the Department of Homeland Security, such as healthcare services and pharmaceutical and food supply, you have a special responsibility to maintain your normal work schedule.”

The U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (“CISA”) was tasked with developing guidance to assist state governments in identifying critical infrastructure industries—industries and workers that are “are essential to continued critical infrastructure viability.”

On March 19, 2020 CISA issued a Memorandum on Identification of Essential Critical Infrastructure Workers During COVID-19 Response (the “CISA Memo”) and launched a website based on the CISA Memo.

It is important to note that, as CISA emphasizes, the President’s mandate and CISA’s guidance is advisory—not mandatory. While this could change, as it stands today, all orders for business closures have come from state governments.

State governments are following CISA’s guidance to varying degrees. In California, the March 19th order issued by Governor Newsome directly sites the 16 critical industries identified by CISA and links to CISA website. The governor also included as an attachment to his order a list of critical industries that appears to be a verbatim reproduction of the federal guidance. However, in New York, on March 20th Governor Cuomo issued guidance to his March 19th order that echoes the federal guidance but deviates and, unlike the California guidance, does not directly cite the federal guidance. The March 22nd order issued in Ohio cites and attaches the CISA Memo as an exhibit to the order.

CISA breaks critical infrastructure industries into the following 16 sectors. The CISA website contains detailed information on each sector including sub-sectors and support workers. The 16 sectors are:

• Chemical Sector
• Commercial Facilities Sector
• Communications Sector
• Critical Manufacturing Sector
• Dams Sector
• Defense Industrial Base Sector
• Emergency Services Sector
• Energy Sector
• Financial Services Sector
• Food and Agriculture Sector
• Government Facilities Sector
• Healthcare and Public Health Sector
• Information Technology Sector
• Nuclear Reactors, Materials, and Waste Sector
• Transportation Systems Sector
• Water and Wastewater Systems Sector

The guidance expressly states that the workers and businesses that support these critical industries are necessary to keep critical systems and assets working. As such, CISA provides a list of “Essential Critical Infrastructure Workers” for each of the 16 sectors.

Any businesses considering whether it is a critical industry (i.e., essential business) should adhere to strict compliance and adhere to all state orders in which it operates.

For more information and further questions, please reach out to a Graydon attorney.