The Cybersecurity and Infrastructure Security Agency (CISA) wants to help critical infrastructure operators keep their systems running during a major cyberattack or other serious incident.
CISA on Tuesday released guidance as part of an international “CI Fortify” initiative focused on activities that infrastructure operators can take to isolate the effects of a cyber intrusion and recover from them.
“In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering—at a minimum—crucial services,” acting CISA director Nick Andersen said in a statement. “They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.”
The new guidance, modeled on advice that the Australian government published in 2025, comes as intelligence agencies warn that China might sabotage Western critical infrastructure to keep the U.S. and its allies from interfering with Beijing’s long-rumored invasion of Taiwan. China’s Volt Typhoon hacking campaign indicated that Beijing had already begun laying the groundwork for such disruption, prompting U.S. officials to step up warnings about the dangers of interdependencies in operational technology.
“Operators should assume that in a conflict scenario third-party connections — such as telecommunications, internet, vendors, service providers, and upstream dependencies — will be unreliable and that threat actors will have some access to the OT network,” CISA said on its CI Fortify page. “Isolation and Recovery are emergency planning objectives that can mitigate this threat within the next few years.”
The isolation advice includes identifying “critical customers,” such as nearby military bases, establishing service delivery expectations for them, identifying the OT assets necessary to provide that service and maintaining up-to-date “business continuity plans and engineering processes” to facilitate safe isolated operations “for weeks to months.”
The recovery advice covers documenting how systems operate, backing up important files and “practicing the replacement of systems or the transition to manual in case isolation fails and components are rendered inoperable.”
Critical infrastructure operators should discuss CISA’s advice with their vendors, the agency said, “to help understand their communications dependencies and potential workarounds.”
CI Fortify also includes recommendations for how other companies in the critical infrastructure ecosystem can support operators. Equipment vendors should remove barriers to isolation and recovery, CISA said, while managed service providers and integrators should help operators with engineering and planning work.
