The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative called CI Fortify, urging operators of water utilities, transportation systems, and other critical infrastructure to prepare for a geopolitical-scale cyber crisis in which connectivity to the internet, telecommunications providers, and third-party services could be cut off. The guidance is built around two emergency planning objectives — isolation and recovery. Isolation means proactively disconnecting OT and industrial control systems from third-party and business networks during a crisis, while still sustaining essential operations rather than going fully dark. Recovery covers documenting systems, maintaining critical backups, and rehearsing the replacement of compromised systems or a fallback to manual operations.
To validate readiness, CISA will conduct targeted assessments of selected operators, starting with "defense critical infrastructure" — systems that underpin military forces and operations, including dams, radars, weapon systems, and satellite communications. Acting CISA Director Nick Andersen confirmed that the first pilot assessments are already under way. The guidance also calls on industrial automation vendors, managed service providers, and security vendors to support operators in this planning — for example by including isolation procedures in factory acceptance testing and by designing safer remote-management connectivity patterns from the start.
The shift reflects a broader move at CISA toward resilience over pure prevention: assuming attacks will succeed and ensuring that essential services keep running anyway. As Duncan Greatwood, CEO of Xage Security, observed, resilience increasingly comes from continuously enforcing who and what can access critical systems and containing intruders before they spread, rather than relying on reactive patching and human-driven recovery after disruption has hit. For European public-sector operators with similar obligations under NIS2, the takeaway is directly applicable: build the capability to disconnect cleanly, operate degraded but safely, and recover on a known timeline — and treat OT vendors as co-owners of that plan.