TIA makes several recommendations regarding how policymakers can provide the owners and operators of critical infrastructure systems with the flexibility they need to address cyber threats as they evolve, along with recommendations for addressing ICT supply chain concerns.