CISA tells critical organizations to prepare for cyber outages - Federal News Network
Federal News Network
Archived Jun 10, 2026
✓ Full text saved
CISA tells critical organizations to prepare for cyber outages Federal News Network
Full text archived locally
CYBERSECURITY
CISA tells critical organizations to prepare for cyber outages
Fresh off the longest shutdown in government history, CISA is pushing critical infrastructure orgs to plan for a cybersecurity emergency.
Justin Doubleday@jdoubledayWFED
May 5, 2026 5:42 pm
The Cybersecurity and Infrastructure Security Agency – fresh out of the longest shutdown in government history and ready to begin hiring again after shedding staff for the past year – is out with new cybersecurity crisis planning guidance for critical infrastructure organizations.
CISA’s new “CI Fortify” initiative notably pushes water utilities, the transportation sector and other critical infrastructure organizations to plan for a “geopolitical crisis” involving cyber attacks that could sever their connections to internet, telecommunications and other technology services.
CISA’s guidance features two primary emergency planning objectives: “isolation” and “recovery” to mitigate threats. The former involves “proactively disconnecting from third-party and business networks” to safeguard operational technology, such as industrial control systems, from cyber attack during a crisis. CISA says organizations should be prepared to sustain “essential operations” rather than completely shutting down.
“Recovery” involves documenting systems, backing up critical files, and practicing “the replacement of systems or the transition to manual” in case a cyber attack shuts down critical systems, according to CISA.
Earn CPE credit: The latest webinar from the Billington CyberSecurity Cyber and AI Outlook Series will focus on the real-world risks facing AI deployments across the federal landscape. Register now!
CISA says it plans to perform “targeted assessments” of how prepared certain critical infrastructure organizations are to meet CI Fortify’s objectives. CISA is prioritizing “defense critical infrastructure,” meaning systems that are crucial to military forces and operations, including dams, radars, weapon systems, satellite communications and other facilities.
Acting CISA Director Nick Andersen said the cyber agency has already started evaluating some organizations, which he declined to identify.
“We’ve already started to kick off the first couple of assessments under a pilot phase of this initiative that is already up and moving,” Andersen said during a call with reporters today.
The CI Fortify guidance also calls on industrial automation control system vendors, managed service providers, and security vendors to support critical infrastructure in planning for emergency scenarios.
“Success for us in the near term is going to come from those targeted assessments we’re doing with critical infrastructure to help them be able to operate within isolation,” Andersen said. “Then the long-term side is making this sort of emergency planning easier to do. Be that OT equipment manufacturers making isolation information available in a factory acceptance test, or system integrators designing safer connectivity patterns for remote management.”
The guidance comes after CISA was prevented from doing many planning and engagement activities during the 75-day Department of Homeland Security shutdown. Most CISA staff were furloughed during the lapse in funding, which ended after Congress passed fiscal 2027 appropriations for most of DHS last week.
But even prior to the shutdown, CISA was weathering the departure of roughly 1,000 employees – one-third of its staff – amid budget cuts under the Trump administration. Those cuts and the elimination of certain authorities have left the agency’s cyber partnerships at a “standstill.”
Sign up for our daily newsletter so you never miss a beat on all things federal
But Andersen pointed to recently approved plans for CISA to make 329 “mission-critical” hires as evidence of new Homeland Security Secretary Markwayne Mullin’s support for CISA. Andersen said that represented “an initial tranche of additional hiring.”
Andersen also said CISA’s 10 regional offices, which will have a key role in overseeing the CI Fortify guidance, are “high on that priority list” for the agency’s current hiring plan.
“All of our regional operators – from the [protective security advisors] that are focused more on physical and traditional security, and our [cybersecurity advisors] focused more on cybersecurity – each one of them will have a role to play here in helping to assess the potential impact in assessing the security of these critical infrastructure owner operators as part of CI Fortify, as well as our Washington, D.C. metro area based staff,” Andersen said.
He said CISA is also encouraging critical infrastructure owners and operators to work with local, community-based emergency planners and military facilities, along with “lifeline sectors and those dependencies they have, such as the chemical or fuel sector.”
The goal is “understand how long they can operate without services from those that represent critical dependencies,” Andersen said. “From those conversations, we’re hoping are going to get to a better understanding of acceptable downtime and the minimum needs of those most important customers within those service delivery areas.”
The focus on defense-connected critical infrastructure comes as military planners and intelligence analysts expect any modern geopolitical crisis to feature cyber attacks targeting systems critical to the economy and national security.
In a heavily redacted January 2025 audit of “cyber vulnerabilities impacting defense critical infrastructure,” the Defense Department inspector general found the Navy had made “minimal progress” in mitigating cybersecurity vulnerabilities in some critical infrastructure systems.
“These vulnerabilities, if left unmitigated, provide adversaries or malicious actors with opportunities to adversely affect critical missions or functions and the DON’s ability to deploy, support, and sustain military forces worldwide,” the IG report states.
Meanwhile, CISA has also increasingly focused on OT systems relied upon by critical infrastructure. In April, CISA released guidance on “accelerating zero trust adoption” in OT systems.
Read more: Cybersecurity
Duncan Greatwood, chief executive of Xage Security, said CISA has placed an increasing emphasis on “resilience” in recent cybersecurity guidelines, rather than a narrow focus on just preventing cyber attacks.
“Resilience comes from continuously enforcing who and what can access critical systems, containing nefarious actors and preventing threats from spreading so operations can continue safely,” Greatwood said. “The organizations that will be most successful are those that layer control and containment into their environment, allowing them to limit the impact of an attack and keep services running, rather than relying on patching and human-driven recovery after disruption has already occurred.”
Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Justin Doubleday
Justin Doubleday covers cybersecurity, homeland security and the intelligence community for Federal News Network.
Follow @jdoubledayWFED
Sign up for breaking news.
Related Stories
Getty Images/amgun
Federal vulnerability management is stuck. A patch wave is coming anyway.
COMMENTARY
Read more
Getty Images/Alex Cristi
CISA chief details hiring progress, AI BOD
CYBERSECURITY
Read more
Republican senators warn surveillance program may lapse after Trump intel pick backlash
CYBERSECURITY
Read more
Related Topics
ALL NEWS CRITICAL INFRASTRUCTURE CYBERSECURITY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY DEPARTMENT OF HOMELAND SECURITY DUNCAN GREATWOOD NICK ANDERSEN TECHNOLOGY WORKFORCE XAGE SECURITY
Around the Web
UPCOMING EVENTS
Building cyber resilience in the cloud
Federal News Network’s Cloud Exchange 2026
Maximizing Your Federal Retirement Benefits (LIVE EVENT)
Federal capital projects: Strategies for next-generation infrastructure and accountability
Billington CyberSecurity Cyber and AI Outlook Series Episode 6: Securing AI for National Security: Defending Federal and Military AI Systems from Emerging Cyber Threats
More
TOP STORIES
Federal science agencies facing a ‘generational loss,’ nonprofit says
WORKFORCE
OPM details changes for federal employees in Schedule Policy/Career
WORKFORCE
CISA chief details hiring progress, AI BOD
CYBERSECURITY
VA EHR rollout continues with 4 more deployments
IT MODERNIZATION
HASC challenges Trump's EO ending bargaining rights for DoD workers
CONGRESS
What we know so far from White House's Schedule Policy/Career list
WORKFORCE