United States
Australia
United Kingdom
Europe
New Zealand
Canada
The Cybersecurity and Infrastructure Security Agency has released new guidance aimed at helping critical infrastructure operators continue delivering essential services even as their networks come under attack. Branded CI Fortify, the initiative focuses on building the capacity to operate through a crisis or conflict by prioritizing resilience and continuity, not just prevention.
CISA urges organizations across all critical sectors to invest now in two emergency capabilities: isolation and recovery. Isolation means being able to proactively disconnect from third-party dependencies and continue operating without reliable telecommunications or internet access. Recovery emphasizes rapidly restoring vital compromised systems while disconnected, including testing restoration plans and practicing local or manual operations to sustain core functions.
“CI Fortify is timely, actionable guidance that helps organizations protect their networks and critical services from cyber threat actors that aim to degrade or disrupt infrastructure,” said CISA Acting Director Nick Andersen. “We strongly encourage organizations to review this guidance, implement the recommended actions and collaborate with CISA to strengthen CI defenses against opportunistic threat actors.”
The guidance targets owners and operators across sectors such as energy, water, transportation, healthcare, and manufacturing, where digital disruptions can quickly cascade into real-world consequences. It reflects a broader shift in cyber risk management toward ensuring essential services can withstand and recover from attacks, complementing past efforts like CISA’s “Shields Up” campaign and ongoing work through the Joint Cyber Defense Collaborative.
CISA characterized the effort as part of its partnership-driven approach with U.S. and international stakeholders to bolster the resilience of critical infrastructure against evolving threats. The agency is encouraging entities to engage with CISA for support and to validate isolation and recovery playbooks through exercises and regular testing.
The CI Fortify guidance and related resources are available on CISA’s website under its Industrial Control Systems materials.
