Key Takeaways
- CISA’s “CI Fortify” initiative helps critical infrastructure sustain essential operations during geopolitical cyber conflicts.
- Proactive isolation—disconnecting from third‑party and business networks—protects operational technology from cyber impacts.
- Recovery measures include system documentation, regular backups, and rehearsed transitions to manual or replacement systems.
- The guidance is especially valuable for hospitals and health systems aiming to maintain patient care during ransomware or nation‑state attacks.
- Additional resources and contact information are available through the American Hospital Association’s cybersecurity portal.
Overview of CI Fortify Initiative
The Cybersecurity and Infrastructure Security Agency (CISA) has introduced a new program called “CI Fortify” designed to bolster the resilience of critical infrastructure against cyberattacks that may arise during periods of geopolitical tension. Rather than focusing solely on defensive tools, the initiative emphasizes proactive isolation and robust recovery planning as complementary strategies. By preparing organizations to temporarily segregate vital networks and to swiftly restore essential functions, CI Fortify aims to ensure that indispensable services can continue operating even when cyber adversaries succeed in penetrating perimeter defenses. The program reflects a shift toward resilience‑centric cybersecurity, recognizing that prevention alone cannot guarantee uninterrupted operation in high‑risk environments.
Objectives of Proactive Isolation
A core objective of CI Fortify is to enable organizations to isolate critical operational technology (OT) from external networks before an attack can cause widespread disruption. Proactive isolation involves deliberately disconnecting from third‑party vendors, business partners, and other non‑essential network connections that could serve as vectors for malware or ransomware propagation. By creating a controlled “air‑gap”‑like environment for OT, organizations limit the attack surface and prevent malicious code from reaching systems that manage power generation, water treatment, transportation, or healthcare delivery. This pre‑emptive step is intended to buy time for incident responders to assess and contain threats without forcing a complete shutdown of essential services.
Implementation of Isolation Measures
To operationalize isolation, CI Fortify recommends a series of concrete steps that organizations can integrate into their existing cybersecurity policies. First, asset inventories must be updated to clearly delineate which systems are deemed essential and therefore eligible for isolation. Second, network segmentation policies should be enforced to create logical boundaries between OT and IT environments, with the ability to swiftly sever those links upon detection of anomalous activity. Third, organizations are encouraged to establish predefined isolation playbooks that outline who authorizes a disconnect, how communication with stakeholders is maintained, and what monitoring continues on isolated segments. Regular tabletop exercises and red‑team testing help validate that isolation can be executed rapidly and reliably under pressure.
Recovery Planning Strategies
When isolation fails or certain components become inoperable, CI Fortify stresses the importance of having a well‑rehearsed recovery plan. Recovery measures begin with comprehensive documentation of all critical systems, including hardware configurations, software versions, dependency maps, and credential repositories. This documentation serves as the foundation for rebuilding or replacing affected assets. Equally vital is the implementation of regular, verified backups of essential data and configuration files, stored offline or in geographically separate locations to protect against ransomware encryption. Finally, organizations should develop and test procedures for transitioning to manual operations or deploying standby systems, ensuring that core missions can continue even if primary digital infrastructures remain compromised.
Role of Documentation and Backups
Documentation and backups form the twin pillars of an effective recovery strategy within CI Fortify. Detailed records enable rapid reconstruction of environments, reducing the mean time to recovery (MTTR) and minimizing service downtime. Backups, when performed according to the 3‑2‑1 rule (three copies, two different media, one off‑site), provide a reliable source of clean data that can be restored without paying ransom or succumbing to data loss. CI Fortify advises organizations to automate backup processes where feasible, enforce strict access controls to backup repositories, and conduct periodic restore tests to confirm integrity. By coupling meticulous documentation with resilient backup practices, entities can transform a potentially catastrophic cyber incident into a manageable operational disruption.
Practicing System Replacement and Manual Fallbacks
Beyond passive safeguards, CI Fortify encourages active rehearsal of system replacement and manual fallback scenarios. Organizations should conduct regular drills that simulate the failure of key OT components, prompting teams to install spare hardware, apply golden images, or switch to legacy manual processes. These exercises reveal gaps in training, resource availability, and procedural clarity, allowing for pre‑emptive adjustments. For sectors like healthcare, where patient safety hinges on uninterrupted access to medical devices and electronic health records, practicing manual workflows—such as paper‑based medication charts or analogue vital‑sign monitoring—can be lifesaving when digital systems are temporarily unavailable.
Relevance to Healthcare Sector
John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, highlighted that CI Fortify’s guidance is particularly timely for hospitals and health systems facing the threat of destructive nation‑state cyberattacks or ransomware campaigns. Cyber resilience directly supports the continuity of patient care and safety, ensuring that critical functions—such as emergency department operations, intensive care monitoring, and medication dispensing—remain accessible even when digital infrastructure is compromised. The initiative aligns with the AHA and Joint Commission’s newly launched Cyber Resilience Readiness program, which likewise focuses on sustaining clinical continuity during prolonged technology outages. Together, these frameworks provide healthcare leaders with a comprehensive roadmap to prepare for, withstand, and recover from cyber incidents that could otherwise jeopardize public health.
Additional Resources and Contact Information
Stakeholders seeking further details on CI Fortify or related cybersecurity guidance can visit the American Hospital Association’s dedicated cybersecurity portal at aha.org/cybersecurity. For direct inquiries, John Riggi can be reached via email at [email protected]. The portal offers up‑to‑date threat intelligence, best‑practice toolkits, and links to federal resources that complement CISA’s initiative, enabling organizations across critical infrastructure sectors to enhance their cyber resilience posture.