CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 10, 2026

CISA tells critical organizations to prepare for cyber outages - Federal News Network

Federal News Network Archived Jun 10, 2026 ✓ Full text saved

CISA tells critical organizations to prepare for cyber outages Federal News Network

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERSECURITY CISA tells critical organizations to prepare for cyber outages Fresh off the longest shutdown in government history, CISA is pushing critical infrastructure orgs to plan for a cybersecurity emergency. Justin Doubleday@jdoubledayWFED May 5, 2026 5:42 pm           The Cybersecurity and Infrastructure Security Agency – fresh out of the longest shutdown in government history and ready to begin hiring again after shedding staff for the past year – is out with new cybersecurity crisis planning guidance for critical infrastructure organizations. CISA’s new “CI Fortify” initiative notably pushes water utilities, the transportation sector and other critical infrastructure organizations to plan for a “geopolitical crisis” involving cyber attacks that could sever their connections to internet, telecommunications and other technology services. CISA’s guidance features two primary emergency planning objectives: “isolation” and “recovery” to mitigate threats. The former involves “proactively disconnecting from third-party and business networks” to safeguard operational technology, such as industrial control systems, from cyber attack during a crisis. CISA says organizations should be prepared to sustain “essential operations” rather than completely shutting down. “Recovery” involves documenting systems, backing up critical files, and practicing “the replacement of systems or the transition to manual” in case a cyber attack shuts down critical systems, according to CISA.         Earn CPE credit: The latest webinar from the Billington CyberSecurity Cyber and AI Outlook Series will focus on the real-world risks facing AI deployments across the federal landscape. Register now! CISA says it plans to perform “targeted assessments” of how prepared certain critical infrastructure organizations are to meet CI Fortify’s objectives. CISA is prioritizing “defense critical infrastructure,” meaning systems that are crucial to military forces and operations, including dams, radars, weapon systems, satellite communications and other facilities. Acting CISA Director Nick Andersen said the cyber agency has already started evaluating some organizations, which he declined to identify. “We’ve already started to kick off the first couple of assessments under a pilot phase of this initiative that is already up and moving,” Andersen said during a call with reporters today. The CI Fortify guidance also calls on industrial automation control system vendors, managed service providers, and security vendors to support critical infrastructure in planning for emergency scenarios. “Success for us in the near term is going to come from those targeted assessments we’re doing with critical infrastructure to help them be able to operate within isolation,” Andersen said. “Then the long-term side is making this sort of emergency planning easier to do. Be that OT equipment manufacturers making isolation information available in a factory acceptance test, or system integrators designing safer connectivity patterns for remote management.” The guidance comes after CISA was prevented from doing many planning and engagement activities during the 75-day Department of Homeland Security shutdown. Most CISA staff were furloughed during the lapse in funding, which ended after Congress passed fiscal 2027 appropriations for most of DHS last week. But even prior to the shutdown, CISA was weathering the departure of roughly 1,000 employees – one-third of its staff – amid budget cuts under the Trump administration. Those cuts and the elimination of certain authorities have left the agency’s cyber partnerships at a “standstill.”         Sign up for our daily newsletter so you never miss a beat on all things federal But Andersen pointed to recently approved plans for CISA to make 329 “mission-critical” hires as evidence of new Homeland Security Secretary Markwayne Mullin’s support for CISA. Andersen said that represented “an initial tranche of additional hiring.” Andersen also said CISA’s 10 regional offices, which will have a key role in overseeing the CI Fortify guidance, are “high on that priority list” for the agency’s current hiring plan. “All of our regional operators – from the [protective security advisors] that are focused more on physical and traditional security, and our [cybersecurity advisors] focused more on cybersecurity – each one of them will have a role to play here in helping to assess the potential impact in assessing the security of these critical infrastructure owner operators as part of CI Fortify, as well as our Washington, D.C. metro area based staff,” Andersen said. He said CISA is also encouraging critical infrastructure owners and operators to work with local, community-based emergency planners and military facilities, along with “lifeline sectors and those dependencies they have, such as the chemical or fuel sector.” The goal is “understand how long they can operate without services from those that represent critical dependencies,” Andersen said. “From those conversations, we’re hoping are going to get to a better understanding of acceptable downtime and the minimum needs of those most important customers within those service delivery areas.” The focus on defense-connected critical infrastructure comes as military planners and intelligence analysts expect any modern geopolitical crisis to feature cyber attacks targeting systems critical to the economy and national security. In a heavily redacted January 2025 audit of “cyber vulnerabilities impacting defense critical infrastructure,” the Defense Department inspector general found the Navy had made “minimal progress” in mitigating cybersecurity vulnerabilities in some critical infrastructure systems. “These vulnerabilities, if left unmitigated, provide adversaries or malicious actors with opportunities to adversely affect critical missions or functions and the DON’s ability to deploy, support, and sustain military forces worldwide,” the IG report states. Meanwhile, CISA has also increasingly focused on OT systems relied upon by critical infrastructure. In April, CISA released guidance on “accelerating zero trust adoption” in OT systems.         Read more: Cybersecurity Duncan Greatwood, chief executive of Xage Security, said CISA has placed an increasing emphasis on “resilience” in recent cybersecurity guidelines, rather than a narrow focus on just preventing cyber attacks. “Resilience comes from continuously enforcing who and what can access critical systems, containing nefarious actors and preventing threats from spreading so operations can continue safely,” Greatwood said. “The organizations that will be most successful are those that layer control and containment into their environment, allowing them to limit the impact of an attack and keep services running, rather than relying on patching and human-driven recovery after disruption has already occurred.” Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.           Justin Doubleday Justin Doubleday covers cybersecurity, homeland security and the intelligence community for Federal News Network. Follow @jdoubledayWFED Sign up for breaking news. Related Stories Getty Images/amgun Federal vulnerability management is stuck. A patch wave is coming anyway. COMMENTARY Read more Getty Images/Alex Cristi CISA chief details hiring progress, AI BOD CYBERSECURITY Read more Republican senators warn surveillance program may lapse after Trump intel pick backlash CYBERSECURITY Read more Related Topics ALL NEWS CRITICAL INFRASTRUCTURE CYBERSECURITY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY DEPARTMENT OF HOMELAND SECURITY DUNCAN GREATWOOD NICK ANDERSEN TECHNOLOGY WORKFORCE XAGE SECURITY Around the Web UPCOMING EVENTS Building cyber resilience in the cloud Federal News Network’s Cloud Exchange 2026 Maximizing Your Federal Retirement Benefits (LIVE EVENT) Federal capital projects: Strategies for next-generation infrastructure and accountability Billington CyberSecurity Cyber and AI Outlook Series Episode 6: Securing AI for National Security: Defending Federal and Military AI Systems from Emerging Cyber Threats More TOP STORIES Federal science agencies facing a ‘generational loss,’ nonprofit says WORKFORCE OPM details changes for federal employees in Schedule Policy/Career WORKFORCE CISA chief details hiring progress, AI BOD CYBERSECURITY VA EHR rollout continues with 4 more deployments IT MODERNIZATION HASC challenges Trump's EO ending bargaining rights for DoD workers CONGRESS What we know so far from White House's Schedule Policy/Career list WORKFORCE
    💬 Team Notes
    Article Info
    Source
    Federal News Network
    Category
    ◇ Industry News & Leadership
    Published
    Jun 10, 2026
    Archived
    Jun 10, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗