{"id":209251,"date":"2026-05-05T17:46:00","date_gmt":"2026-05-05T21:46:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/05\/cisa-tells-critical-organizations-to-prepare-for-cyber-outages-2\/"},"modified":"2026-05-05T17:50:08","modified_gmt":"2026-05-05T21:50:08","slug":"cisa-tells-critical-organizations-to-prepare-for-cyber-outages-2","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/05\/cisa-tells-critical-organizations-to-prepare-for-cyber-outages-2\/","title":{"rendered":"CISA tells critical organizations to prepare for cyber outages"},"content":{"rendered":"

CISA tells critical organizations to prepare for cyber outages<\/a><\/p>\n

https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/05\/cisa-tells-critical-organizations-to-prepare-for-cyber-outages\/<\/a><\/p>\n

Publish Date: 2026-05-05 17:46:00<\/a><\/p>\n

Source Domain: federalnewsnetwork.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The Cybersecurity and Infrastructure Security Agency \u2013 fresh out of the longest shutdown in government history and ready to begin hiring again after shedding staff for the past year \u2013 is out with new cybersecurity crisis planning guidance for critical infrastructure organizations.
\nCISA\u2019s new \u201cCI Fortify\u201d initiative notably pushes water utilities, the transportation sector and other critical infrastructure organizations to plan for a \u201cgeopolitical crisis\u201d involving cyber attacks that could sever their connections to internet, telecommunications and other technology services.
\nCISA\u2019s guidance features two primary emergency planning objectives: \u201cisolation\u201d and \u201crecovery\u201d to mitigate threats. The former involves \u201cproactively disconnecting from third-party and business networks\u201d to safeguard operational technology, such as industrial control systems, from cyber attack during a crisis. CISA says organizations should be prepared to sustain \u201cessential operations\u201d rather than completely shutting down.
\n\u201cRecovery\u201d involves documenting systems, backing up critical files, and practicing \u201cthe replacement of systems or the transition to manual\u201d in case a cyber attack shuts down critical systems, according to CISA.]]><\/p>\n

CISA says it plans to perform \u201ctargeted assessments\u201d of how prepared certain critical infrastructure organizations are to meet CI Fortify\u2019s objectives. CISA is prioritizing \u201cdefense critical infrastructure,\u201d meaning systems that are crucial to military forces and operations, including dams, radars, weapon systems, satellite communications and other facilities.
\nActing CISA Director Nick Andersen said the cyber agency has already started evaluating some organizations, which he declined to identify.
\n\u201cWe\u2019ve already started to kick off the first couple of assessments under a pilot phase of this initiative that is already up and moving,\u201d Andersen said during a call with reporters today.
\nThe CI Fortify guidance also calls on industrial automation control system vendors, managed service providers, and security vendors to support critical infrastructure in planning for emergency scenarios.
\n\u201cSuccess for us in the near term is going to come from those targeted assessments we\u2019re doing with critical infrastructure to help them be able to operate within isolation,\u201d Andersen said. \u201cThen the long-term side is making this sort of emergency planning easier to do. Be that OT equipment manufacturers making isolation information available in a factory acceptance test, or system integrators designing safer connectivity patterns for remote management.\u201d
\nThe guidance comes after CISA was prevented from doing many planning and engagement activities during the 75-day Department of Homeland Security shutdown. Most CISA staff were furloughed during the lapse in funding, which ended after Congress passed fiscal 2027 appropriations for most of DHS last week.
\nBut even prior to the shutdown, CISA was weathering the departure of roughly 1,000 employees \u2013 one-third of its staff \u2013 amid budget cuts under the Trump administration. Those cuts and the elimination of certain authorities have left the agency\u2019s cyber partnerships at a \u201cstandstill.\u201d]]><\/p>\n

But Andersen pointed to recently approved plans for CISA to make 329 \u201cmission-critical\u201d hires as evidence of new Homeland Security Secretary Markwayne Mullin\u2019s support for CISA. Andersen said that represented \u201can initial tranche of additional hiring.\u201d
\nAndersen also said CISA\u2019s 10 regional offices, which will have a key role in overseeing the CI Fortify guidance, are \u201chigh on that priority list\u201d for the agency\u2019s current hiring plan.
\n\u201cAll of our regional operators \u2013 from the [protective security advisors] that are focused more on physical and traditional security, and our [cybersecurity advisors] focused more on cybersecurity \u2013 each one of them will have a role to play here in helping to assess the potential impact in assessing the security of these critical infrastructure owner operators as part of CI Fortify, as well as our Washington, D.C. metro area based staff,\u201d Andersen said.
\nHe said CISA is also encouraging critical infrastructure owners and operators to work with local, community-based emergency planners and military facilities, along with \u201clifeline sectors and those dependencies they have, such as the chemical or fuel sector.\u201d
\nThe goal is \u201cunderstand how long they can operate without services from those that represent critical dependencies,\u201d Andersen said. \u201cFrom those conversations, we\u2019re hoping are going to get to a better understanding of acceptable downtime and the minimum needs of those most important customers within those service delivery areas.\u201d
\nThe focus on defense-connected critical infrastructure comes as military planners and intelligence analysts expect any modern geopolitical crisis to feature cyber attacks targeting systems critical to the economy and national security.
\nIn a heavily redacted January 2025 audit of \u201ccyber vulnerabilities impacting defense critical infrastructure,\u201d the Defense Department inspector general found the Navy had made \u201cminimal process\u201d in mitigating cybersecurity vulnerabilities in some critical infrastructure systems.
\n\u201cThese vulnerabilities, if left unmitigated, provide adversaries or malicious actors with opportunities to adversely affect critical missions or functions and the DON\u2019s ability to deploy, support, and sustain military forces worldwide,\u201d the IG report states.
\nMeanwhile, CISA has also increasingly focused on OT systems relied upon by critical infrastructure. In April, CISA released guidance on \u201caccelerating zero trust adoption\u201d in OT systems.]]><\/p>\n

Duncan Greatwood, chief executive of Xage Security, said CISA has placed an increasing emphasis on \u201cresilience\u201d in recent cybersecurity guidelines, rather than a narrow focus on just preventing cyber attacks.
\n\u201cResilience comes from continuously enforcing who and what can access critical systems, containing nefarious actors and preventing threats from spreading so operations can continue safely,\u201d Greatwood said. \u201cThe organizations that will be most successful are those that layer control and containment into their environment, allowing them to limit the impact of an attack and keep services running, rather than relying on patching and human-driven recovery after disruption has already occurred.\u201d
\n Copyright
\n \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

CISA tells critical organizations to prepare for cyber outages https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/05\/cisa-tells-critical-organizations-to-prepare-for-cyber-outages\/ Publish Date: 2026-05-05 17:46:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":209253,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2025\/10\/GettyImages-2198621098-e1761175896525.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-209251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209251"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209251"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209251\/revisions"}],"predecessor-version":[{"id":209254,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209251\/revisions\/209254"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209253"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}