CISA Urges Critical Infrastructure to Plan for Cyberattack Continuity
▼ Summary
– CISA launched the CI Fortify initiative, urging critical infrastructure operators in sectors like water and energy to plan for disconnection from untrusted third-party networks and system recovery.
– The guidance sets two core goals: isolation, which involves cutting OT systems from third-party networks to maintain essential services for weeks or months, and recovery, which focuses on backing up systems and rehearsing manual operations.
– CISA recommends operators identify critical customers, set service delivery targets, and share the guidance with vendors and MSPs to map dependencies and workarounds.
– Industry experts caution that isolation alone is insufficient against active intruders, as attackers often compromise systems through trusted connections before any crisis response begins.
– Operators investing in these capabilities gain infrastructure that is easier to defend against all disruptions, including cyber-attacks, weather events, and routine failures.
Critical infrastructure operators across water, energy, transportation and communications sectors now have a clear directive from the US Cybersecurity and Infrastructure Security Agency (CISA): prepare to sever ties with third-party networks and restore compromised systems before a major cyberattack forces their hand. CISA formally launched the CI Fortify initiative on Tuesday, framing it as a planning blueprint for worst-case scenarios where telecommunications, internet providers, vendors and upstream service providers can no longer be trusted, and adversaries have already established a foothold inside operational technology (OT) networks.
The guidance zeroes in on two core emergency objectives. Isolation requires proactively cutting OT systems off from third-party and business networks to contain cyber impacts and sustain essential services even under degraded communications. CISA urges operators to identify critical customers,including military and lifeline services,set specific service delivery targets, and update business continuity plans to support safe operations in isolation for weeks or even months at a time. Recovery focuses on documenting system configurations, backing up critical files, and rehearsing component replacements or manual operations if isolation fails. The agency also asks operators to share the framework with managed service providers, system integrators and vendors to map out communications dependencies and workarounds.
CISA Acting Director Nick Andersen made clear the urgency behind the effort. “CI Fortify is timely, actionable guidance that helps organizations protect their networks and critical services from cyber threat actors that aim to degrade or disrupt infrastructure,” he said. “We strongly encourage organizations to review this guidance, implement the recommended actions and collaborate with CISA to strengthen CI defenses against opportunistic threat actors.”
Industry reaction has been broadly supportive of the continuity focus, but experts caution that disconnection alone won’t stop a determined attacker already inside the network. Duncan Greatwood, CEO of Xage Security, noted that adversaries often move through trusted connections, third-party pathways or compromised credentials long before any crisis response kicks in. “If organizations don’t have control within the environment, then isolation on its own is not enough,” he said. Greatwood added that the most prepared operators are those layering control and containment into their environments, building on the direction set out in CISA’s earlier zero-trust guidance for OT.
A parallel benefit, CISA pointed out, is that operators investing in these capabilities end up with infrastructure that is easier to defend across all disruptions,whether from cyberattacks, severe weather events or routine component failures. The message is clear: planning for the worst now makes day-to-day resilience stronger.
(Source: Infosecurity Magazine)
