CISA Launches CI Fortify Initiative to Ensure Critical Infrastructure Can Operate Offline During Cyberattacks
The Cybersecurity and Infrastructure Security Agency (CISA) has introduced a significant initiative aimed at bolstering the resilience of critical infrastructure organizations against cyberattacks. This new program, named CI Fortify, was unveiled this week and emphasizes the importance of preparing for technology and telecommunications outages that may occur during cyber crises.
CISA’s guide encourages organizations to develop strategies that allow them to maintain operations even when under attack. The initiative focuses on isolation and recovery tactics, urging critical infrastructure entities to proactively disconnect from third-party dependencies and to establish methods for functioning without reliable telecommunications and internet access. The guide also highlights the necessity for these organizations to quickly restore compromised systems while operating in isolation.
“CI Fortify is timely, actionable guidance that helps organizations protect their networks and critical services from cyber threat actors that aim to degrade or disrupt infrastructure,” stated Nick Andersen, Acting Director of CISA. He further noted that CISA will conduct targeted assessments of critical infrastructure, although he did not disclose specifics regarding the number of assessments or their locations. These evaluations will vary based on the specific organization and industry.
Andersen emphasized that the ultimate goal is for critical infrastructure organizations to develop detailed emergency plans and operational technology systems that are segmented and isolated from other network components.
Addressing Nation-State Threats: The Volt Typhoon Campaign
The CI Fortify initiative is positioned as a response to recent nation-state hacking campaigns, particularly the Volt Typhoon cyberattacks. These attacks involved Chinese threat actors who prepositioned themselves within U.S. critical infrastructure, potentially enabling destructive cyber actions in the event of military conflict. The CI Fortify webpage includes a link to a 2024 CISA advisory regarding the Volt Typhoon campaign.
When the Volt Typhoon campaign was first publicized in 2023, U.S. officials aimed to eliminate all Chinese hackers embedded within critical infrastructure systems. Jen Easterly, former CISA director, noted in 2024 that agency teams had “found and eradicated Volt Typhoon intrusions into critical infrastructure across multiple sectors.” By 2025, the focus remained on identifying and evicting Chinese cyber actors.
Despite these efforts, some U.S. officials have claimed that the Volt Typhoon initiative was “not successful” for China. Researchers have indicated that Chinese hackers remain deeply embedded in critical infrastructure systems, even after extensive efforts by U.S. law enforcement.
In comments to Recorded Future News, Andersen clarified that the CI Fortify initiative was not specifically aimed at any single nation-state actor, including Volt Typhoon. Instead, it is designed to mitigate the potential destructive impacts on operational technology from any nation-state actor. He also noted that the initiative would address tactics used during alleged Russian cyberattacks on operational technology networks in Poland earlier this year.
The Challenge of Eradication
Cybersecurity expert Matthew Hartman explained that advanced nation-state actors like Volt Typhoon are now so deeply embedded that eradication is no longer a feasible short-term outcome. He stated, “Eviction remains the objective but it cannot be the lone strategy. Prioritizing segmentation and resilience is a pragmatic shift, assuming compromise and limiting blast radius rather than chasing a constantly reconstituting threat.”
Several experts have pointed out that evicting Volt Typhoon hackers was never a realistic goal, especially since CISA acknowledged that some victims had been compromised as far back as 2019. The CISA advisory warned that Volt Typhoon repeatedly targets the same organizations and steals domain credentials to maintain access.
The Role of Artificial Intelligence
Andersen also highlighted that artificial intelligence (AI) is a primary concern driving the pivot to the CI Fortify initiative. He remarked that discussions have taken place regarding the rapid evolution of AI and its potential impact on cyber defense across various sectors, including critical infrastructure and operational technology.
Recent reports indicate that hackers are increasingly utilizing AI models to conduct cyber intrusions. For instance, incident response firm Dragos reported that a hacker employed an AI model to compromise a municipal water and drainage utility in Monterrey, Mexico.
The CI Fortify initiative represents a proactive approach to safeguarding critical infrastructure against the evolving landscape of cyber threats. By emphasizing operational resilience and isolation, CISA aims to equip organizations with the tools necessary to withstand attacks and maintain essential services.
Source: therecord.media
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
