CISA's CI Fortify Initiative: Strengthening Critical Infrastructure Against Geopolitical Cyber Threats

Introduction

In response to escalating geopolitical tensions and the growing risk of cyber conflict, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative called CI Fortify. This program aims to prepare the nation’s critical infrastructure operators for scenarios involving extended network isolation and sustained cyber compromise. While the original announcement was brief, the implications are profound: CISA is urging operators to build resilient Operational Technology (OT) environments that can survive without external connections for prolonged periods.

What Is CI Fortify?

CI Fortify is a targeted guidance and operational framework issued by CISA. It calls on owners and operators of critical infrastructure—such as power grids, water systems, pipelines, and transportation networks—to adopt a new mindset: prepare for worst-case scenarios where cyber attacks or physical conflicts cut off remote access, cloud services, or even internet connectivity.

The core idea is that traditional reliance on always-on connectivity and external security updates may not be sufficient during a major geopolitical cyber conflict. Instead, OT systems must be hardened to self-sustain under attack, maintain core functions without external commands, and recover autonomously.

Key Recommendations for OT Resilience

CISA’s guidance outlines several practical steps for building resilient OT environments. Below are the primary recommendations, organized by priority:

1. Segment and Isolate Critical Systems

Operators should enforce strict network segmentation between IT and OT networks. In high-risk scenarios, air-gapping certain control systems from corporate networks may be necessary. CISA emphasizes that even partial isolation can limit the spread of malware like Industroyer or Pipedream—tools designed specifically to disrupt industrial processes.

2. Implement Local Failover Capabilities

Every critical OT environment should have local backup control centers that can operate without cloud or remote data feeds. This includes redundant on-site servers, manual override procedures, and local data historians that do not rely on external synchronization.

3. Plan for Extended Isolation

Operators must test their systems for survival times—hours, days, or even weeks—during which no external patches, updates, or threat intelligence is available. CISA recommends developing survival playbooks that detail actions such as shutting down non-essential systems, maintaining manual operations, and conserving power and bandwidth.

4. Conduct Cyber-Physical Drills

CISA urges operators to run tabletop exercises that simulate prolonged isolation and ongoing cyber attacks. These drills should involve both cybersecurity teams and physical operations staff to ensure coordinated responses. For example, a scenario might simulate a ransomware attack that locks out remote access while a physical attack damages a substation, forcing operators to revert to local manual controls.

The Geopolitical Context

CI Fortify is not created in a vacuum. Recent cyber attacks on Ukraine’s power grid, the Colonial Pipeline incident, and rising tensions with state-sponsored groups (e.g., Russia’s Sandworm team, China’s Volt Typhoon) have highlighted the fragility of interconnected critical infrastructure. CISA’s call for resilience stems from intelligence indicating that adversaries may target OT systems during conflicts to cause kinetic effects—physical destruction or prolonged outages.

As CISA Director Jen Easterly has noted, “The next major conflict may begin with a cyber salvo aimed at our critical infrastructure.” CI Fortify is designed to ensure that even if that salvo disrupts external support, the infrastructure can limp along or survive until human response teams can restore full functionality.

Implementing CI Fortify: Steps for Operators

CISA’s guidance is not mandatory, but the agency strongly encourages all critical infrastructure sectors to adopt these principles. Below is a suggested implementation roadmap:

1. Audit current OT architecture to identify single points of failure and dependencies on external connections.
2. Prioritize critical functions that must remain operational during isolation (e.g., power generation, water flow, automated safety systems).
3. Develop and test isolated operation procedures for each critical function, including manual overrides.
4. Create redundant communication channels with emergency backup links (e.g., satellite, radio) for essential coordination.
5. Train staff on survival procedures, ensuring they can operate without remote guidance for extended periods.

Challenges and Future Outlook

Implementing CI Fortify will not be easy. Many OT systems were designed decades ago when internet connectivity was minimal, and retrofitting for resilience requires significant investment. Moreover, regulatory mandates may be needed to enforce these standards across all sectors. However, CISA’s proactive approach signals a shift from reactive defense to preparedness for high-impact geopolitical cyber conflict.

In the coming months, CISA plans to release sector-specific guidance and funding opportunities through programs like the State and Local Cybersecurity Grant Program. Operators are urged to start now, even with small steps such as offline backups and manual override drills.

Conclusion

CI Fortify represents a necessary evolution in critical infrastructure cybersecurity. By focusing on survival under extended isolation and compromise, CISA is preparing operators for the worst-case scenarios that geopolitical cyber conflict could bring. The time to build resilient OT environments is before the conflict begins—not during. Operators who heed this call will not only protect their own systems but also contribute to the overall national resilience against cyber threats.

For more details, see CISA’s official guidance at cia.gov/ci-fortify.