Key Takeaways
- CISA’s CI Fortify initiative provides actionable guidance for critical‑infrastructure owners to maintain essential services during geopolitical conflict or cyber disruption.
- The program centers on two emergency‑planning objectives: isolation (disconnecting from unreliable third‑party networks) and recovery (restoring operations after compromise).
- Operators should assume that telecommunications, internet links, vendor connections, and upstream dependencies will be unreliable and that threat actors may gain some access to operational‑technology (OT) networks.
- Effective isolation requires identifying priority customers, defining service‑delivery targets, determining the essential OT needed to meet those targets, and updating business‑continuity plans for weeks‑ or months‑long disconnected operation.
- Recovery planning demands thorough system documentation, secure and tested backups, clear mapping of communications‑dependent licensing or licensing‑server requirements, and practical workarounds with managed service providers and integrators.
- Beyond cyber conflict, these preparations improve resilience to natural disasters, extreme weather, and routine failures, reducing recovery time and incident‑response costs.
- Experts stress that isolation alone is insufficient; continuous enforcement of who and what can access critical systems, network segmentation, and tight control of remote‑access pathways are essential to contain threats.
- Vendors, managed service providers, and system integrators are called upon to proactively identify contractual or licensing barriers to isolation, communicate OT behavior during telecom outages, and support engineering updates, backup collection, and dependency mapping.
- Security vendors should maintain watch‑and‑warning capabilities pre‑crisis and share timely intelligence on tactics that could undermine isolation or recovery during a crisis.
- Overall, CI Fortify reinforces that resilience stems from architectural controls—segmentation, precise remote‑access controls, and continuous verification—rather than relying solely on policies, visibility, or post‑incident patching.
Overview of CI Fortify Initiative
The Cybersecurity and Infrastructure Security Agency (CISA) launched CI Fortify to strengthen the resilience of America’s critical infrastructure against disruptive cyber threats, especially those that could arise during geopolitical conflict. The initiative delivers strategic guidance that helps organizations across sectors prepare for crises, ensuring they can sustain essential operations even while under attack. By focusing on baseline service continuity and operational resilience, CI Fortify aims to prevent adversaries from successfully degrading or disrupting vital services such as energy, water, transportation, and communications. The program encourages owners and operators to harden their systems now, investing in isolation and recovery capabilities that will be indispensable when communications are compromised or control systems are targeted.
Isolation and Recovery as Core Objectives
CI Fortify identifies isolation and recovery as the two emergency‑planning objectives that can mitigate the impact of cyber incidents over the next few years. Isolation involves proactively disconnecting from third‑party and business networks to limit the spread of cyber effects on operational‑technology (OT) systems while preserving essential functions in a degraded communications environment. The goal is to maintain critical service delivery rather than resorting to a full shutdown. Recovery, on the other hand, focuses on restoring operations if isolation fails or systems become inoperable. This includes documenting systems, maintaining secure backups of critical data, regularly testing system replacement or manual‑operation transitions, and addressing dependencies on communications infrastructure that may be required to bring systems back online.
Assumptions for Conflict Scenarios
For planning purposes, CI Fortify advises operators to assume that, in a geopolitical conflict, third‑party connections—such as telecommunications, internet links, vendor services, and upstream dependencies—will be unreliable. Additionally, threat actors are expected to have some level of access to the OT network. These assumptions drive the need for organizations to design architectures that can function independently of external networks and to anticipate that adversaries may attempt to manipulate or disrupt control systems. By planning under these conditions, critical‑infrastructure entities can build contingencies that do not rely on continuous external connectivity or trust in third‑party services.
Leadership Endorsement from CISA
Nick Andersen, CISA’s acting director, emphasized the timeliness and practicality of the CI Fortify guidance. In a Tuesday media statement, he said, “CI Fortify is timely, actionable guidance that helps organizations protect their networks and critical services from cyber threat actors that aim to degrade or disrupt infrastructure.” Andersen urged organizations to review the guidance, implement the recommended actions, and collaborate with CISA to strengthen defenses against opportunistic threat actors. He further noted that during a crisis, critical‑infrastructure organizations must be able to isolate vital systems, continue operating in that isolated state, and quickly recover any compromised assets to ensure the delivery of at least crucial services to the American public.
Details on Isolation Planning
Effective isolation begins with identifying priority customers, including military infrastructure and other lifeline services, and defining service‑delivery targets based on their specific needs. Operators must then determine the essential OT and supporting infrastructure required to meet those targets while operating in isolation. Business‑continuity plans and engineering processes should be updated to support safe, sustained operation for weeks or even months in a disconnected state. Simultaneously, organizations should monitor communications from CISA and relevant Sector Risk Management Agencies (SRMAs) to receive timely indications when isolation measures may need to be activated, ensuring a coordinated response to emerging threats.
Recovery Planning Essentials
Recovery planning under CI Fortify requires comprehensive documentation of system configurations, secure and regularly tested backups of critical data, and procedures for replacing compromised systems or transitioning to manual operations. Operators must also map dependencies on communications infrastructure—such as licensing servers and business‑network connections—that may be needed to restore services. Collaboration with managed service providers, system integrators, and vendors is encouraged to identify practical workarounds that enable recovery under constrained conditions. By addressing these elements, organizations can reduce downtime, limit incident‑response costs, and maintain a clear path to restoring normal operations even after a successful cyber intrusion.
Broader Resilience Benefits
The emergency‑planning efforts promoted by CI Fortify yield benefits that extend beyond cyber conflict. Preparing for communication outages enhances resilience to a wide range of scenarios, including natural disasters, extreme weather, and safety‑related incidents. Isolating critical systems limits adversaries’ ability to move laterally and cuts off command‑and‑control channels to compromised assets, thereby reducing the attack surface. Moreover, maintaining clear system documentation shortens recovery time and lowers costs across various disruptions—ranging from routine component failures to staff turnover—by eliminating the need to reconstruct networks from scratch. This holistic approach strengthens the overall defensive posture of critical‑infrastructure sectors.
Expert View: Duncan Greatwood (Xage Security)
Duncan Greatwood, CEO of Xage Security, praised CI Fortify’s focus on isolation and recovery as vital for maintaining continuity during disruption, especially as critical infrastructure becomes a prime target in geopolitical tensions and AI accelerates vulnerability exploitation. However, he cautioned that isolation alone is insufficient if organizations lack control over their environments. Threats often traverse trusted connections, third parties, or compromised credentials well before a crisis response begins. Greatwood highlighted that true resilience comes from continuously enforcing who and what can access critical systems, segmenting networks to contain malicious actors, and preventing threat spread. Organizations that layer control and containment into their architectures can limit attack impact and keep services running, rather than relying solely on patching and manual recovery after damage has occurred.
Expert View: Bill Moore (Xona Systems)
Bill Moore, CEO of Xona Systems, echoed the need for architectural resilience, stating that resilience is not achieved by policies, visibility, or incident‑response plans alone. Critical‑infrastructure operators require systems that keep essential work moving when networks are segmented, degraded, isolated, or under active cyber stress. Moore identified remote access as a strategic control point: during disruption, engineers and vendors still need to reach critical systems, but broad VPN access, jump boxes, and network‑level trust can undermine isolation and containment. He advocated for remote‑access solutions built for crisis conditions—featuring no broad network exposure, no endpoint‑to‑OT trust assumptions, precise session control, and clear audit trails of who accessed what, when, and why. Such controls can preserve operational control during disruption or, if poorly designed, become a pathway that exacerbates the incident.
Role of Vendors, MSPs, and Integrators
CISA has called on industrial automation and control system vendors and suppliers to take a proactive role in resilience planning. This includes identifying potential barriers to isolation and recovery—such as contractual or licensing dependencies tied to server connections—that could impede emergency measures. Vendors should clearly understand and communicate how their systems behave during telecommunications outages, especially for highly connected OT components, and be prepared for increased coordination as entities strengthen contingency planning. Managed service providers and integrators are urged to assist with engineering updates needed for isolation, support local collection of backups and documentation necessary for recovery, and help map communication dependencies to ensure that recovery efforts are not hampered by overlooked links.
CISA Guidance for Security Vendors
For security vendors, CISA recommends maintaining a watch‑and‑warning capability before a crisis to detect early signs that threat actors are shifting from espionage to disruptive or destructive activity. During a crisis, vendors are expected to share timely intelligence on tactics, techniques, and procedures that could hinder recovery—such as malicious firmware updates or vulnerabilities that undermine isolation measures, including weaknesses in software‑based data diodes. By providing this actionable information, vendors can help critical‑infrastructure operators anticipate and mitigate evolving threats, thereby reinforcing the isolation and recovery strategies outlined in CI Fortify.
Conclusion and Call to Action
CI Fortify underscores that the resilience of America’s critical infrastructure hinges on proactive architectural controls—network segmentation, precise remote‑access governance, continuous verification of who and what can access essential systems, and robust isolation and recovery plans. By adopting the program’s guidance, owners and operators can prepare to sustain crucial services even when facing sophisticated cyber threats during geopolitical conflict or other disruptive events. The initiative invites collaboration across government, industry, vendors, and service providers to build a more defensible, adaptable, and continuously operational critical‑infrastructure landscape. Implementing these measures now will reduce the likelihood of prolonged outages, limit adversarial impact, and ensure that essential services remain available to the public when they are needed most.