The Feds Just Told Utilities to Assume the Enemy Is Inside the Grid and You Should Plan Accordingly
In the predawn hours of January 3, the lights went out across Caracas. No transmission towers were bombed and no power lines were severed. The blackout was accomplished through precise manipulation of the industrial control systems that manage the flow of electricity, synchronized with the American operation that pulled Nicolás Maduro out of his palace and, as ZeroHedge reported, onto a plane bound for an American courtroom. A capital city of millions went dark because someone, somewhere, typed the right commands.
That was a preview. Five months later, on May 5, the federal government quietly told every power company, water utility, and pipeline operator in America to plan as though the same thing could happen here. Not as a thought experiment. As a baseline operating assumption.
The Cybersecurity and Infrastructure Security Agency calls the initiative CI Fortify, and buried in its bureaucratic language is one of the most remarkable admissions Washington has ever made. Operators are instructed to assume that in a conflict scenario, third-party connections such as telecommunications, internet, vendors, and service providers will be unreliable, and that threat actors will already have some access to their operational technology networks. Read that again. The agency responsible for defending American infrastructure is telling the people who run that infrastructure to plan as if the enemy is already inside, the phones are dead, and nobody is coming to help.
What Washington Just Admitted
For years, the official posture on grid vulnerability treated catastrophic cyberattack as a tail risk, something to model in academic papers and war games while assuring the public that layered defenses would hold. CI Fortify abandons that posture. The guidance instructs operators to identify their most critical customers, such as nearby military bases, and to maintain business continuity plans that allow safe operation in a fully isolated state for weeks to months. Recovery planning includes practicing the replacement of destroyed systems and the transition to manual operations in case isolation fails and components are rendered inoperable.
Acting CISA Director Nick Andersen said utilities must be able to “isolate vital systems from harm, continue operating in that isolated state” and recover whatever an adversary manages to compromise. The agency has already begun targeted assessments under a pilot phase, prioritizing infrastructure that serves military installations. Pilot assessments are not what an agency does about a hypothetical. They are what an agency does about a threat it believes is real, near, and inadequately answered.
The obvious question follows. If the federal government believes the utilities serving your home should be prepared to operate for weeks or months while compromised and cut off from the outside world, what does it believe about the homes at the end of those wires? The guidance never says, because that is not CISA’s lane. But the logic does not stop at the substation fence.
Three Continents, One Target
This guidance did not appear in a vacuum. It arrived after six months of grid attacks that spanned three continents and three entirely different methods.
On April 7, six federal agencies including the FBI, NSA, and Department of Energy issued a joint advisory confirming that Iranian-affiliated hackers had disrupted programmable logic controllers deployed across multiple American critical infrastructure sectors, including energy, water, and local government facilities, with some victims suffering operational disruption and financial loss. These are not warnings about what Iran might attempt. The advisory describes what Iranian actors already did, inside American systems, during an active shooting war.
In late December, hackers linked to Russian intelligence penetrated operational technology systems across Poland’s electrical grid, targeting wind farms, solar installations, and the remote terminal units that connect distributed generation sites to control centers. The attackers entered through vulnerable internet-facing edge devices and deployed wiper malware that damaged operational technology, nearly crippling power in part of the country during a period of severe cold.
And in Berlin, no code was needed at all. On the same January morning Caracas went dark, arsonists set fire to a single cable bridge in the Lichterfelde district, knocking out power to more than 40,000 households and 2,000 businesses. Full restoration took four days, the longest outage the city had experienced since 1945. One fire. Four days. A left-wing extremist group claimed the attack as a protest against fossil fuels, which tells you something about how cheaply and ideologically motivated grid sabotage has become.
Iranian hackers, Russian military intelligence, and homegrown radicals with a gas can. Different actors, different tools, identical target. The pattern is not subtle, and CISA clearly noticed.
The Split-Reality Problem
What makes the cyber variant of this threat uniquely dangerous is that operators may not know it is happening until the damage is done. Security researchers have demonstrated malware that intercepts legitimate operator commands and replaces them with malicious instructions, rapidly opening and closing circuit breakers in a technique that can physically destroy transformers and generators by overheating them or forcing them out of sync. Simultaneously, the malware calculates what normal sensor readings should look like and feeds those fabricated values back to the control room, so operators see green lights and stable voltage even as equipment burns in the physical world.
Large power transformers are not sitting on shelves waiting to be installed. Replacement timelines run to months, and much of the manufacturing capacity sits overseas. An attack that destroys hardware rather than merely disrupting software breaks every restoration assumption the old preparedness models were built on. The two-week pantry was designed for hurricanes, where mutual-aid crews pour in from neighboring states and the lights come back in days. It was not designed for an adversary who destroys the machines that make restoration possible while blinding the people who would order it.
The Paranoid Were Right on Schedule
There is a rich irony here worth savoring. For two decades, the people who stored water, kept generators fueled, and asked pointed questions about grid fragility were the media’s favorite punchline, wild-eyed characters good for a condescending cable segment between celebrity news and weather. Now the federal government has issued formal guidance built on the preppers’ exact premise, that the systems sustaining modern life can fail suddenly, at scale, by hostile design, and that the only rational response is to prepare before it happens. Nobody at CISA will phrase it that way, but CI Fortify is a preparedness doctrine. The government simply reserves the vindication for institutions while the citizens who reached the same conclusion years earlier are still waiting for their apology.
Scripture records that when Nehemiah rebuilt Jerusalem’s walls under threat of attack, he did not choose between faith and vigilance. He exercised both at once.
Nevertheless we made our prayer unto our God, and set a watch against them day and night, because of them. (Nehemiah 4:9)
Prayer and a posted watch. Trust in God and a hand on the trowel and the sword. That has always been the biblical model of preparedness, and it is precisely the posture this moment calls for. Not panic, which is faithless, and not passivity, which is presumption, but sober watchfulness.
The Household Version of CISA’s Question
The core question CISA now puts to every utility is simple. How long can you operate without external connectivity? Every family should ask the household version of the same question and answer it honestly.
Water. Municipal pressure depends on electric pumps. A grid-down event of weeks means stored water and a means of purifying more, at a gallon per person per day as the bare floor.
Refrigerated medications. Insulin and other temperature-sensitive prescriptions are the quiet catastrophe in every extended outage. Talk to your pharmacist now about buffer supplies and non-powered cooling options.
Communications. Cell networks degrade within hours of grid loss. A battery or hand-crank radio, and ideally a family plan for where to meet when phones are useless, costs almost nothing today and everything later.
Heat and cooling. Match your plan to your climate and season. The Polish attack was timed to a cold snap for a reason.
Cash. Card readers, ATMs, and payment apps are all grid appliances. Small bills on hand will buy what plastic cannot.
Duration. Retire the 72-hour mindset. If federal planners are telling utilities to prepare for weeks to months of isolated operation, the prudent household target is thirty days minimum, built toward ninety as budget allows.
None of this requires a bunker or a second mortgage. It requires taking the government at its word, which is a novel experience, but a warranted one in this case. Washington has told the utilities that the enemy may already be inside the grid and that no cavalry is guaranteed. The watchman who hears that and fills his water barrels is not the crazy one. He is the only one paying attention.

