Revisiting CISA Priorities for FY2026 and Beyond
None
<p><main id="readArticle" class="Page-main" data-module="" data-padding="none" morss_own_score="4.841930116472545" morss_score="12.802663100765738"></main></p><p><a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity">Lohrmann on Cybersecurity</a></p><h1>Revisiting CISA Priorities for FY2026 and Beyond</h1><h2>The Cybersecurity and Infrastructure Security Agency is under new leadership and focus as we enter FY2026. So what are the priorities for the coming year?</h2><div>October 12, 2025 • </div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html"><span>Dan Lohrmann</span></a></p><div class="code-block code-block-12 ai-track" data-ai="WzEyLCIiLCJCbG9jayAxMiIsIiIsMV0=" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-12-1" data-info="WyIxMi0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="VGVjaHN0cm9uZyBHYW5nIFlvdXR1YmU=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://youtu.be/Fojn5NFwaw8" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2024/12/Techstrong-Gang-Youtube-PodcastV2-770.png" alt="Techstrong Gang Youtube"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><figure> <p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/f58867e/2147483647/strip/true/crop/961x501+0+64/resize/840x438!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2F60%2Fdd%2F89dc5502b4e6e4ceacae32eff97f%2Fcybersecurity-shutterstock-1027230877.JPG"></p> <div>Shutterstock/pinkeyes</div> </figure><div class="Page-articleBody RichTextBody" morss_own_score="5.108695652173913" morss_score="102.6086956521739"> <p> If you ask state and local government technology and security leaders about current Cybersecurity and Infrastructure Security Agency (CISA) activities in October 2025, many (if not most) of them would point to <a href="https://www.govtech.com/security/federal-government-acknowledges-end-of-ms-isac-support">the end of funding for the Multi-State Information Sharing and Analysis Center</a> (MS-ISAC). And yet, while the <a href="https://www.govtech.com/security/ms-isac-cybersecurity-network-moves-to-paid-membership-model">MS-ISAC has moved to a paid membership model</a>, CISA has announced other new and ongoing priorities that deserve attention.</p></div><div>(As an aside, the ongoing <a href="https://www.usatoday.com/story/news/politics/2025/10/09/government-shutdown-day-9-trump-military-pay-live-updates/86551180007/">federal government shutdown</a> has also grabbed plenty of global attention and national headlines, but that story is separate from the focus of this blog.) <h3>CISA PRIORITIES UNDER TRUMP 2.0</h3> <p></p> <p><a href="https://industrialcyber.co/cisa/sean-plankey-pledges-to-rebuild-refocus-cisa-as-lawmakers-warn-of-weakened-cyber-defense-posture/">Sean Plankey pledged to rebuild and refocus the agency</a> as lawmakers warned of a weakened cyber defense posture:</p></div><div>“Plankey said his goal would be ‘to allow the operators to operate.’</div><div>“He added that ‘CISA has a number of the most capable cybersecurity people in the world.’</div><div>“‘I’m going to empower those operators to operate and do the best they can,’ Plankey said. ‘And if that means we have to reorganize in some form or fashion, that’s what we’ll do. I’ll lead that charge. And if that means that we need a different level of funding than we currently have now, then I will approach the Secretary, ask for that funding, ask for that support.’” </div><div>(Note that Sean Plankey’s confirmation vote has been held up in the Senate due to partisan disagreements.)</div><div>More recently, Nick Anderson, the <a href="https://therecord.media/andersen-leadership-cisa-role">new executive assistant director for the Cybersecurity Division of CISA</a> and former Vermont CISO, said he is looking to build on CISA’s past successes, while focusing on the agency’s core responsibilities — despite a smaller staff and budget. <p><a href="https://federalnewsnetwork.com/cybersecurity/2025/10/cyber-leaders-exchange-2025-cisas-nick-andersen-on-shaping-cyber-directorates-core-competencies/">According to the Federal News Network</a>: “‘We’re supposed to protect the dot-gov and work with federal civilian executive branch agencies,’ Andersen said during <a href="https://federalnewsnetwork.com/cme-event/federal-insights/federal-news-networks-cyber-leaders-exchange-2025/">Federal News Network’s Cyber Leaders Exchange 2025</a>. ‘We’re supposed to be the national coordinator for critical infrastructure security and resilience.’</p></div><div>“An animating focus for Andersen is western intelligence assessments that the Chinese military will be ready for a full-scale military invasion of Taiwan by 2027. Such an invasion would be expected to feature cyberattacks against critical infrastructure.</div><div>“‘That’s really where I want to laser focus the staff. What are we doing to defend this nation’s greatest assets? We have an economy, we have national security, we have a public health system that is incredibly reliant on technology and the associated infrastructure,’ Andersen said. ‘And if we want to do right by our fellow citizens, by our neighbors, by our friends and family, it really requires us to show up and give our best every single day. And that, if I’m just hyper summarizing it to one point, is what are we doing to deter the threat of China 2027.’</div><div>“CISA’s role as the ‘nation’s cyber defense agency’ includes working with original equipment manufacturers ‘to make sure that we’re helping them to identify opportunities to develop and build equipment that is secure from the start — secure by design,’ he said.</div><div>“‘At a broad brush stroke, just sort of refocusing ourselves on, why is it that we exist, and what is it that we’re supposed to be doing? Now, let’s take all the things that are good ideas and let’s set those to the side until we’ve really demonstrated some mastery over our core competencies.’”</div><div>You can see Mr. Anderson’s full presentation in the following video. <h3>CYBER RESILIENCE FOR CRITICAL INFRASTRUCTURE</h3> </div><div>Another top priority for CISA is cybersecurity services geared toward operational technology systems, as CISA and other agencies warn of the increasing cyber threat to U.S. critical infrastructure.</div><div>CISA offers a range of free cybersecurity services to partners across the public and private sectors. Matthew Rogers, operational technology cyber lead at CISA, said more than 10,000 critical infrastructure organizations have signed up to use the agency’s free vulnerability scanning services.</div><div>And the agency is “at the limit of our current capacity” for risk assessments that it offers to outside organizations. But Rogers, who is focused on helping organizations secure the operational technology that runs most critical infrastructure, said CISA wants to expand to more organizations.</div><div>According to the <a href="https://federalnewsnetwork.com/cybersecurity/2025/10/cyber-leaders-exchange-2025-cisas-matthew-rogers-inls-ollie-gagnon-on-driving-cyber-resilience-in-critical-infrastructure/">Federal News Network</a>: “We’re actively in the process of improving the services so that they can scale to more people,” Rogers said</div><div>You can watch that full session here: <p>Another perspective on CISA’s evolving roles under Trump 2.0 comes from this Morgan Lewis article on “<a href="https://www.morganlewis.com/blogs/sourcingatmorganlewis/2025/07/navigating-the-2025-cybersecurity-landscape-data-breaches-rising-costs-and-cisas-evolving-role">Navigating the 2025 Cybersecurity Landscape: Data Breaches, Rising Costs, and CISA’s Evolving Role”</a>:</p></div><div>“CISA’s <a href="https://www.cisa.gov/resources-tools/resources/exposure-reduction#:~:text=Assess%20Your%20Current%20Exposure.&text=Utilize%20tools%20and%20services%20(e.g.,into%20your%20organization%27s%20online%20footprint.">recent guidance</a> offers actionable steps for organizations to reduce their internet exposure to common vulnerabilities and weaknesses that may lead to costly cybersecurity incidents. As the range and number of internet-accessible assets, such as industrial internet of things, supervisory control and data acquisition systems, and remote access technology, continue to grow, securing these assets becomes increasingly important. CISA recommends the following four steps for reducing internet exposure: <ul> <li>Assess your current exposure: Identify publicly exposed systems in order to gain visibility into your organization’s online footprint</li> <li>Evaluate your necessity of exposure: Determine which assets are required to be internet-accessible for operational purposes, and remove or restrict access for those assets that are not</li> <li>Mitigate risks to remaining exposed assets: Engage in steps to secure assets that must remain internet-accessible, including changing default passwords and ensuring systems are up to date with the latest security patches</li> <li>Establish routine assessments: Regular and continuous assessments assist an organization in maintaining a secure posture and quickly adapting to new exposure</li> </ul> <p>“While this guidance provides a framework by which companies can determine a starting point to reduce cybersecurity vulnerabilities and weaknesses, operationalizing these processes as tailored to the specific needs of an individual business or company is crucial to successful, long-term implementation. Companies should look to organizations such as CISA for a general approach; however, given CISA’s shifting structure, internal stakeholders should follow guidance and independently anticipate what may work most effectively to complement an individual business’s culture. Organizations must hold themselves accountable, ensuring that cybersecurity is not just an IT issue but a core business priority.”</p> <h3>FINAL THOUGHTS</h3> </div><div>Many of CISA’s roles remain unchanged, as seen in this video from CISA Acting Director Madhu Gottumukkala on Cybersecurity Awareness Month 2025: </div><p><a href="https://www.govtech.com/tag/cybersecurity">Cybersecurity</a><a href="https://www.govtech.com/tag/federal-government">Federal Government</a></p><p><a href="https://www.govtech.com/authors/dan-lohrmann.html"></a></p><p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/7be6234/2147483647/strip/true/crop/343x343+77+0/resize/100x100!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Faa%2Fbe%2F66bbbc539526800857dd96f3c9d5%2Flohrman.jpg"></p><p></p><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">Dan Lohrmann</a></p><div> Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author. </div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">See More Stories by Dan Lohrmann</a></p><p></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/10/revisiting-cisa-priorities-for-fy2026-and-beyond/" data-a2a-title="Revisiting CISA Priorities for FY2026 and Beyond"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Frevisiting-cisa-priorities-for-fy2026-and-beyond%2F&linkname=Revisiting%20CISA%20Priorities%20for%20FY2026%20and%20Beyond" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Frevisiting-cisa-priorities-for-fy2026-and-beyond%2F&linkname=Revisiting%20CISA%20Priorities%20for%20FY2026%20and%20Beyond" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Frevisiting-cisa-priorities-for-fy2026-and-beyond%2F&linkname=Revisiting%20CISA%20Priorities%20for%20FY2026%20and%20Beyond" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Frevisiting-cisa-priorities-for-fy2026-and-beyond%2F&linkname=Revisiting%20CISA%20Priorities%20for%20FY2026%20and%20Beyond" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Frevisiting-cisa-priorities-for-fy2026-and-beyond%2F&linkname=Revisiting%20CISA%20Priorities%20for%20FY2026%20and%20Beyond" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="">Lohrmann on Cybersecurity</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Lohrmann on Cybersecurity">Lohrmann on Cybersecurity</a>. Read the original post at: <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/revisiting-cisa-priorities-for-fy2026-and-beyond">https://www.govtech.com/blogs/lohrmann-on-cybersecurity/revisiting-cisa-priorities-for-fy2026-and-beyond</a> </p>