Critical infrastructure entities may receive a communication from CISA indicating that CISA has obtained their information pursuant to a subpoena, and that a vulnerability is present on their network.
CISA encourages critical infrastructure entities to investigate and resolve the issue but does not require them to do so. CISA offers a variety of services and assistance that may be available upon request.