CISA Warns Critical Infrastructure to Prepare for Cyberattacks Without OT Connectivity
CISA officials warned that a military confrontation with a peer adversary such as Russia or China would likely bring successful cyberattacks against U.S. critical infrastructure, causing severe disruptions across water, power, healthcare, law enforcement, and parts of banking. Agency leaders said operators should expect to lose reliable internet access, third-party and vendor connections, and some SCADA functionality, and should plan to continue delivering essential services in a degraded state rather than relying solely on traditional cyber hygiene measures.
To support that shift, CISA is prioritizing operational resilience through its CI Fortify initiative, redirecting OT resources to conduct 75 to 100 assessments over the next year and expand emergency planning guidance across sectors. Officials called for "ruthless prioritization" during crises, including decisions on which facilities receive limited water or power, while the EPA is preparing a national cybersecurity exercise for the water sector to test operations without supervisory control and data acquisition technology; CISA also warned that prolonged cyber-induced outages could erode public trust more sharply than natural disaster recovery delays.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
EPA plans national water-sector cybersecurity exercise
Officials said the EPA plans a national cybersecurity exercise for the water sector to test operations without supervisory control and data acquisition technology. The exercise is part of broader resilience planning for critical infrastructure under cyber disruption.
CISA prioritizes 75 to 100 CI Fortify OT resilience assessments
CISA said its CI Fortify initiative is redirecting OT resources toward resilience assessments and emergency planning, with 75 to 100 assessments planned over the next year. The effort is intended to test whether critical service providers can continue operating in isolation during major cyber disruptions.
CISA warns critical infrastructure to prepare for degraded OT operations
CISA officials said U.S. critical infrastructure sectors including water, power, healthcare, law enforcement, and parts of banking should expect successful cyberattacks and severe service disruptions in a conflict with a peer adversary. The agency said it is shifting emphasis from basic cyber hygiene to resilience planning so operators can continue functioning without reliable internet, third-party links, vendor connections, or some SCADA capabilities.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Poland Water Plant Breaches Spur Broader Critical Infrastructure Resilience Push
Poland’s Internal Security Agency said hackers breached five water treatment plants and could potentially have taken control of industrial equipment, raising the risk of compromised water safety and possible physical harm. The incidents were disclosed alongside a wider warning that sabotage campaigns targeting Polish military sites, civilian entities, and critical infrastructure pose an immediate threat, while Sweden separately reported that suspected pro-Russian hackers attempted to disrupt a thermal power plant but were stopped by built-in protections. Officials in both countries described the activity as part of a broader pattern of increasingly aggressive attacks on operational technology across Europe, particularly against infrastructure in countries supporting Ukraine. In the United States, the disclosures add urgency to CISA’s new **CI Fortify** initiative, which tells critical infrastructure operators in sectors including water, energy, transportation, and communications to prepare to keep essential services running for **weeks to months** while isolated from business networks, vendors, and telecom providers. CISA said the program is designed for scenarios in which attackers may already have access to OT environments and foreign adversaries are prepositioned inside U.S. infrastructure, with guidance focused on isolating control systems, maintaining offline and manual operations, and rehearsing recovery through tested backups, documentation, and component replacement plans.
May 14, 2026
Western Cyber Agencies Release Secure Connectivity Principles for Operational Technology
CISA, the UK **NCSC**, and multiple international partners released **Secure Connectivity Principles for Operational Technology (OT)** guidance aimed at reducing risk created by increased connectivity into industrial environments (e.g., industrial control systems, sensors, and other critical services). The guidance is positioned for operators of essential services facing business and regulatory pressure to enable remote monitoring and management, and it emphasizes that formerly *air-gapped* OT is now more exposed due to expanded remote access and IT/OT convergence. The guidance highlights that insecure or exposed OT connectivity is being targeted by a broad range of adversaries, including **ransomware groups**, **state-backed actors**, and **pro-Russia hacktivists** conducting opportunistic attacks against global critical infrastructure. Recommended defensive themes include **network segmentation**, **strong authentication**, continuous monitoring, and minimizing remote access paths to prevent disruptive incidents with potential real-world safety and service-delivery impacts; CISA also solicited stakeholder feedback via a product survey. Separate opinion pieces discussing AI in critical infrastructure and power redundancy risks in OT, and an industry roundup of Chinese cybersecurity companies, do not provide additional reporting on this specific guidance release.
Mar 21, 2026
Chinese State-Linked Cyber Intrusions Targeting US Water Utilities
Hackers associated with China have gained unauthorized access to the IT networks of hundreds of small and medium-sized water utilities and other critical infrastructure providers across the United States. These intrusions are believed to be part of a broader strategy to position Chinese actors to sabotage American water and power supplies in the event of a geopolitical conflict, particularly if tensions escalate over Taiwan. U.S. officials have been aware of this threat for over two years, and recent reporting has brought renewed attention to the scale and persistence of these cyber operations. The targeted utilities are often located in rural areas and small towns, which typically lack the cybersecurity resources and expertise of larger metropolitan systems. The operational technology (OT) systems that control water treatment and distribution are especially vulnerable due to their increasing automation and remote accessibility. The risk is compounded by a significant resource gap, as many of these utilities struggle to defend against sophisticated nation-state threats. Efforts to bolster defenses have included the launch of two non-profit initiatives aimed at supporting critical infrastructure operators, but these programs face their own limitations. One of the non-profits has paused its activities to recalibrate its approach, while the other is only able to provide assistance in a limited number of states due to resource constraints. The threat underscores the broader challenge of protecting critical infrastructure in the United States, where many essential services are managed by small organizations with limited budgets. The potential for cyber sabotage of water and power systems raises concerns about the resilience of civilian infrastructure in the face of international conflict. U.S. government agencies have issued warnings and guidance to utilities, but implementation of robust security measures remains inconsistent. The situation highlights the need for increased investment in cybersecurity for critical infrastructure, particularly in rural and underserved areas. The ongoing threat from Chinese-linked hackers demonstrates the strategic importance of water and power utilities as potential targets in modern cyber warfare. The exposure of these vulnerabilities has prompted calls for greater public-private collaboration and federal support. The risk is not limited to water utilities, as other sectors of critical infrastructure may face similar threats from state-sponsored actors. The revelations serve as a wake-up call for the urgent need to address cybersecurity gaps in essential services. The possibility of coordinated attacks on infrastructure during a geopolitical crisis could have far-reaching consequences for national security and public safety. The current state of preparedness among small utilities is insufficient to counter the scale and sophistication of the threat. The situation remains dynamic, with ongoing efforts to assess and mitigate the risks posed by foreign cyber actors.
Mar 21, 2026