CISA Launches CI Fortify Initiative to Strengthen Critical Infrastructure Against Nation-State Cyber Threats
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new initiative named “CI Fortify,” aimed at bolstering the defenses of critical infrastructure operators against disruptive cyberattacks associated with geopolitical tensions. This initiative emerges in response to escalating concerns regarding nation-state cyber threats that increasingly target operational technology (OT) systems vital for essential services across the United States.
CI Fortify is designed to enhance the resilience of critical infrastructure through two primary objectives: isolation and recovery. CISA emphasizes that the initiative will assist operators in maintaining essential operations even if adversaries compromise telecommunications networks, internet services, or industrial control systems.
According to CISA, nation-state actors are expanding their activities beyond traditional espionage. Threat groups are now positioning themselves within critical infrastructure environments, potentially aiming to disrupt or destroy systems during future geopolitical conflicts.
CI Fortify Initiative Focuses on Isolation and Recovery
CISA encourages critical infrastructure organizations to prepare for scenarios where third-party communications and service providers may become unreliable during crises. Operators are advised to operate under the assumption that threat actors may already have some level of access to OT networks.
Nick Andersen, Acting Director at CISA, highlighted the necessity for organizations to prepare for worst-case operational scenarios. He stated, “In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering, at a minimum, crucial services. They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.”
The isolation strategy within CI Fortify involves proactively disconnecting operational technology systems from external business networks and third-party connections. This approach is intended to prevent cyber impacts from spreading into OT environments while allowing organizations to maintain essential services in a degraded communications context.
CISA advises operators to identify critical customers, including military infrastructure and other lifeline services, and determine the minimum operational capabilities required to support them during emergencies. The agency also recommends updating engineering processes and business continuity plans to facilitate safe operations for extended periods while systems remain isolated.
Recovery Planning Central to Critical Infrastructure Resilience
In conjunction with isolation, the CI Fortify initiative places significant emphasis on recovery planning. CISA urges operators to keep updated system documentation, create secure backups of critical files, and regularly practice system replacement or manual operational transitions.
Organizations are encouraged to identify communications dependencies that could complicate recovery efforts, such as licensing servers, remote vendor access, or upstream network connections. CISA advocates for collaboration with managed service providers, system integrators, and vendors to understand potential failure points and establish alternative recovery pathways.
The initiative also underscores the broader benefits of emergency planning beyond cybersecurity incidents. CISA notes that similar planning processes can assist organizations in maintaining operations during weather-related disruptions, equipment failures, and safety emergencies. Isolation planning can help sever command-and-control access to compromised systems, while robust recovery preparation can reduce incident response costs and shorten recovery timelines.
Security Vendors and Service Providers Asked to Support CI Fortify
The CI Fortify initiative extends its reach beyond infrastructure operators, calling on cybersecurity vendors, industrial automation suppliers, and managed service providers to contribute to resilience planning efforts. Industrial control system vendors are encouraged to identify barriers that could hinder isolation and recovery procedures, including licensing restrictions and server dependency issues.
Managed service providers and integrators are expected to assist organizations in engineering updates, local backup collection, and recovery documentation planning. Security vendors are asked to support threat monitoring and provide intelligence should nation-state actors shift from espionage-focused activities to destructive cyber operations.
CISA has also requested that vendors share information related to tactics that could undermine recovery or bypass isolation protections, including malicious firmware updates and vulnerabilities affecting software-based data diodes.
Volt Typhoon Cyberattacks Continue to Shape U.S. Cybersecurity Strategy
The launch of CI Fortify is closely linked to ongoing concerns regarding the Volt Typhoon cyberattacks, which U.S. officials have associated with Chinese state-sponsored threat actors. CISA’s initiative specifically references the Volt Typhoon campaign as a case study of how adversaries have sought to establish long-term access within U.S. critical infrastructure systems, potentially to facilitate disruptive actions during military conflicts.
The Volt Typhoon operation first came to public attention in 2023 when U.S. authorities revealed that Chinese hackers had infiltrated multiple sectors of American critical infrastructure. Former CISA Director Jen Easterly indicated in 2024 that the agency had identified and removed Volt Typhoon intrusions across various sectors. She reiterated in 2025 that efforts continued to focus on identifying and evicting Chinese cyber actors from critical infrastructure environments.
Despite these operations, cybersecurity researchers and some government officials have cautioned that Chinese threat actors may still maintain access to portions of critical infrastructure networks. Experts have suggested that nation-state groups remain deeply embedded in certain environments, despite years of remediation efforts.
With the CI Fortify initiative, CISA appears to be shifting its focus toward operational resilience, acknowledging that prevention alone may not suffice against sophisticated nation-state cyber threats targeting U.S. critical infrastructure.
Source: thecyberexpress.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
