Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Major critical infrastructure disruptions are inevitable, acting CISA chief says

In recent years, the U.S. government has reoriented its cybersecurity strategy away from prevention and toward resilience.

Published June 17, 2026
Eric Geller's headshot
Senior Reporter
Two men and a woman sit on an event stage in front of a blue backdrop that displays the name of the event and its organizer
Nick Andersen, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, speaks at an Information Technology Industry Council event in Washington, D.C., on Feb. 3, 2026. Andersen discussed cybersecurity resilience at a conference on Wednesday. Eric Geller/Cybersecurity Dive

WASHINGTON — U.S. cybersecurity resilience in the face of sophisticated threats from China and other adversaries will increasingly depend on critical infrastructure’s ability to weather major disruptions, a top U.S. cyber official said Wednesday.

“Each and every one of us is operating right now on the front lines of a war that is never going to be cleared,” Nick Andersen, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said at ICS Village and the Institute for Security and Technology’s Critical Effect conference.

“We are going to see an adversarial disruption of our critical infrastructure,” Andersen said. “It's going to have significant not just technical impact, it's going to have a significant psychological impact on the safety of the American people. … We need to start operating like that's the reality of where we're at — that we're not going to be able to keep everything persistently online and available as much as we would like.”

CISA’s emphasis on resilience marks a shift from earlier government cybersecurity doctrines that focused on preventing intrusions. In recent years, advanced nation-state hacking campaigns — especially Beijing’s Volt Typhoon espionage operation — have increasingly convinced government and industry strategists that their primary goal should be ensuring that infrastructure can continue operating during an attack.

“We have to start making some assumptions, like [that our] telecommunications infrastructure may be disrupted,” Andersen said at the Critical Effect conference, which focused on operational technology cybersecurity issues. “Why? Because the telecommunications infrastructure is going to be disrupted.”

To support national resilience efforts, the federal government has spent years trying to make a list of the most important infrastructure assets that accounts for complex interdependencies and supply-chain relationships. But successive administrations’ programs to identify those assets — referred to as Section 9 entities and systemically important entities — have borne little fruit.

Cybersecurity mandates or money?

During a question-and-answer session, Andersen addressed whether it was time for the government to require water utilities to participate in their sector’s information sharing and analysis center, the WaterISAC, which has one of the lowest participation rates of any ISAC. Andersen acknowledged that water was “a real mess of a sector for us” because of how localized it is, but he expressed skepticism that government mandates were part of the solution.

“I don’t know yet that we will see a moment where we start to move from the voluntary to the mandatory,” he said. “The bigger part for me is, how do we apply things like state and local grant dollars in the smartest way possible?”

CISA is working with lawmakers to reauthorize and reappropriate funds for the Department of Homeland Security’s State and Local Cybersecurity Grant Program, said Andersen, who described the program as a critical support mechanism for cash-strapped municipalities.

Grant funding and asset prioritization are better approaches than “making things mandatory on a sector that … doesn’t have the resources to be able to adapt to all these changing norms,” Andersen argued.

CISA’s goal, he said, was to “identify the entities, in a prioritized way, that we need to start doing that outreach to, and then, in a very deliberate way, making sure they've got … the right level of resources to help secure themselves and hit that higher standard and that higher burden that we're foisting upon them.”

Editors' picks

Company Announcements

View all | Post a press release
Blackpoint Cyber Appoints Former CIA Operations Officer to Lead Adversary Pursuit Group
From Blackpoint Cyber
June 16, 2026
Blackpoint Cyber logo
AppViewX Launches Agent Identity Security to Govern Agents for the AI and Quantum Era
From AppViewX
June 16, 2026
AppViewX logo
DeVry University Earns Top 12 National Ranking in Spring 2026 National Cyber League Competition
From DeVry University
May 28, 2026
DeVry University logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell