[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRx_zTcH8_1tALP8v9Km8kckf7FVNJEeiOekMqffWgL0":3},{"article":4,"iocs":53},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":28,"category":29,"article_tags":32},"90c9c344-45de-4a56-9311-17d7c5b4c771","CI Fortify | CISA","ci-fortify-cisa-5a388f",null,"CISA has released the CI Fortify initiative, warning that U.S. critical infrastructure operators face persistent nation-state intrusion attempts with objectives beyond espionage—adversaries aim to disrupt operational technology (OT) systems during geopolitical conflict. The guidance emphasizes two core emergency planning objectives: isolation (proactively disconnecting from third-party networks to sustain essential services) and recovery (documenting systems, backing up critical data, and practicing failover procedures). CISA is offering targeted assessments and updated guidance while calling on vendors, service providers, and security professionals to support infrastructure resilience efforts.","CISA launches CI Fortify initiative urging critical infrastructure operators to prepare for geopolitical conflict","CI Fortify: Strengthening Resilience Across Critical Infrastructure CISA urges critical infrastructure operators to defend against disruptive cyberattacks with proactive isolation and recovery planning. U.S. critical infrastructure (CI) operators face constant intrusion attempts from nation-state cyber threat actors. These adversaries aim for more than espionage. To win a wider geopolitical conflict: They have successfully pre-positioned across critical infrastructure to disrupt and destroy the operational technology (OT) running the United States.They could leverage access to telecommunications infrastructure to take out phone and internet services. CI owners and operators must fortify their systems to allow vital services in the United States to sustain essential operations during a geopolitical conflict. Investing in isolation and recovery capabilities today is essential to maintaining service delivery during a future crisis, when an adversary may disrupt communications and manipulate control systems.In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering—at a minimum—crucial services. They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.\" - Nick Andersen, CISA Acting Director What is CI Fortify?“CI Fortify” is an allied initiative bolstering public health and safety, defense critical infrastructure, continuity of the economy, and national security by ensuring operators are prepared to sustain essential operations during a geopolitical conflict. For planning purposes, operators should assume that in a conflict scenario third-party connections–such as telecommunications, internet, vendors, service providers, and upstream dependencies–will be unreliable and that threat actors will have some access to the OT network. Isolation and Recovery are emergency planning objectives that can mitigate this threat within the next few years. Isolation Isolation includes proactively disconnecting from third-party and business networks to prevent OT cyber impacts and sustain essential operations in a degraded communications environment. The goal is to ensure essential service delivery occurs during an emergency rather than completely shutting down. This involves:Identifying critical customers, such as military infrastructure and lifeline services, and setting a service delivery target based on their needs.Determining vital OT and supporting infrastructure to meet that target in isolation.Updating business continuity plans and engineering processes to allow for safe operations for weeks to months while isolated.Tracking CISA and Sector Risk Management Agency (SRMA) communications to know when to isolate. Subscribe to updates from CISA.RecoveryRecovery includes documenting systems, backing up critical files, and practicing the replacement of systems or the transition to manual in case isolation fails and components are rendered inoperable. It also includes addressing communications dependencies for recovery, such as licensing servers or business network connections. Operators should share and discuss this page with their managed service providers, system integrators, and vendors to help understand their communications dependencies and potential workarounds. Parallel BenefitsRegardless of the source for any disruption, these emergency planning efforts will leave operators with more resilient infrastructure that is easier to defend and keep running. Emergency planning for communication outages:Serves operators in sustaining essential operations across all disruptions, not only cyber incidents, but also weather and safety events.Prevents further access and cuts off command and control to compromised systems.Reduces recovery time and incident response costs across all disruptions, natural disasters, routine component failure, and staff turnover, by maintaining system documentation that eliminates the need to recreate networks from scratch. What CISA is DoingUpdating this page with more detailed guidance on how to isolate systems and enable recovery. Subscribe for alerts on these updates.Performing targeted assessments, prioritizing defense critical infrastructure, to identify barriers to isolation or recovery and support isolation capability development and exercises. Call to Action for Non-OperatorsAll cybersecurity professionals have a role to play in protecting critical infrastructure and the well-being of their local community. Together, we can fortify America’s infrastructure and ensure our nation’s resilience in the face of evolving threats. Industrial Automation Control System Vendors & Suppliers Managed Service Providers & Integrators Security Vendors Volunteers Industrial Automation Control System Vendors & Suppliers Proactively identify blockers to isolation and recovery. For example, contractual and licensing issues related to server connections may stop operators from exercising for an emergency or taking needed isolation and recovery steps.Understand and communicate failure states in telecommunication outages, particularly for highly connected OT components.Anticipate outreach from critical entities.Contact cisa.jcdc@cisa.dhs.gov to ensure points of contact are up to date. Managed Service Providers & Integrators Assist in supporting the engineering updates and planning work required to allow isolation.Support the local collection of backups and documentation necessary for recovery, as well as communication dependencies. Security Vendors Before a crisis: Support a watch and warning function, communicating any indications that threat actors are pivoting from espionage to impact. During a crisis: Communicate tactics, techniques, and procedures that prevent recovery (for example, malicious firmware updates) or break isolation (for example, vulnerabilities in software-based data diodes). Contact cisa.jcdc@cisa.dhs.gov or 1-844-729-2472 to establish crisis communication paths and pre-determined data formats. Volunteers To see how you can help your community become more resilient, reach out to local government emergency planners, your regional CISA office, or volunteer organizations, such as those in the US Cyber Resilience Corps. CISA Resources Secure Connectivity Principles for Operational Technology (OT) Critical Infrastructure Security and Resilience Critical Infrastructure Sectors Partner Resources National Cyber Security Centre-United Kingdom: How to prepare for and plan your organization’s response to severe cyber threat: a guide for CNI Australian Cyber Security Center's CI Fortify Canadian Centre for Cyber Security: Critical infrastructure resilience and escalated threat navigation initiative Please share your thoughts! Provide us feedback on CI Fortify. Survey","https:\u002F\u002Fwww.cisa.gov\u002Ffortify","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHj2T3wWAAYMzaB.jpg","2026-05-05T13:49:09+00:00","2026-05-05T14:00:10.622+00:00",7,[18,21,24,26],{"name":19,"type":20},"CISA","vendor",{"name":22,"type":23},"Operational Technology (OT)","technology",{"name":25,"type":23},"Telecommunications Infrastructure",{"name":27,"type":23},"Critical Infrastructure Control Systems","c5c77cdb-f7d7-4990-9436-c81dcbff1163",{"id":28,"icon":8,"name":30,"slug":31},"Policy","policy",[33,38,43,48],{"category":34},{"id":35,"icon":8,"name":36,"slug":37},"217d3263-c763-41ca-875e-06901f522fe0","NIST","nist",{"category":39},{"id":40,"icon":8,"name":41,"slug":42},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":44},{"id":45,"icon":8,"name":46,"slug":47},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",{"category":49},{"id":50,"icon":8,"name":51,"slug":52},"d6f63bb8-0801-486a-be7f-171400700454","IoT\u002FOT","iot-ot",[]]