CybersecurityInfrastructure

CISA Launches Framework to Fortify Critical Infrastructure Against Cyber-Attacks

Analyst 207||Source: InfoSecMag
Technicians and operators work at consoles in a power grid control room with a mix of analog and digital equipment.

"CI Fortify is timely, actionable guidance that helps organizations protect their networks and critical services from cyber threat actors that aim to degrade or disrupt infrastructure," CISA Acting Director Nick Andersen said.

CISA launches CI Fortify as a planning framework

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday launched CI Fortify, a planning framework aimed at critical infrastructure sectors including water, energy, transportation and communications. CISA framed the initiative around a worst-case scenario in which telecommunications, internet, vendors and upstream service providers cannot be trusted and threat actors already have a foothold in the operational technology (OT) network.

Isolation as an emergency planning objective

CISA set isolation as one of two core planning goals for operators. The agency urged operators to plan for the ability to proactively cut OT systems off from third-party and business networks to prevent impacts from spreading and to keep essential services running in a degraded communications environment. Specifically, CISA recommended that operators identify their critical customers — including military and lifeline services — set service delivery targets and update business continuity plans to enable safe operations in isolation for weeks or months at a time.

Recovery: documentation, backups and rehearsed transitions

The second core goal is recovery. CISA advised operators to document systems, back up critical files and rehearse the replacement of components or a transition to manual operations if isolation fails. The guidance also asked operators to share the CI Fortify recommendations with managed service providers, system integrators and vendors so that communications dependencies and practical workarounds can be mapped out in advance.

Industry reaction and the limits of disconnection

Industry voices welcomed the emphasis on continuity but cautioned that disconnection alone would not stop an active intruder. Duncan Greatwood, CEO of Xage Security, said attackers frequently moved through trusted connections, third parties or compromised credentials well before any crisis response began. "If organizations don't have control within the environment, then isolation on its own is not enough," he said. Greatwood added that the most prepared operators would be those that layered control and containment into their environments, building on the direction set out in CISA's earlier zero-trust guidance for OT.

CISA highlighted a parallel benefit of the CI Fortify approach: operators who invest in the recommended capabilities "end up with infrastructure that is easier to defend across all disruptions, from cyber-attacks to weather events and routine component failures."

What this means for water, energy, transportation and communications operators, and for their suppliers

  • Water, energy, transportation and communications operators: CISA's guidance asks these operators to plan for sustained isolated operation, to set service delivery targets for critical customers (including military and lifeline services), and to rehearse manual or component-level recovery for weeks or months if required.
  • Managed service providers, system integrators and vendors: The agency explicitly asked operators to share the guidance with these suppliers to map communications dependencies and workable contingencies ahead of an incident.
  • Critical customers (military and lifeline services): The guidance places these customers at the center of continuity planning by asking operators to identify them and set service delivery targets designed to preserve essential functions even during prolonged isolation.

CISA's message is both practical and pointed: plan now for operating disconnected from untrusted telecommunications, internet and upstream services, and rehearse the recovery steps you would need if isolation does not stop an adversary. As CISA Acting Director Nick Andersen put it, the agency "strongly encourage[s] organizations to review this guidance, implement the recommended actions and collaborate with CISA to strengthen CI defenses against opportunistic threat actors."

Original story

CisaCritical InfrastructureCyber ThreatsEmerging ThreatsNation-StateNational SecurityOperational TechnologySupply ChainUnited StatesCI Fortify
Related Intelligence

Continue Reading

Close-up of a smartphone's circuit board with blurred background, components out of focus.

BootROM Exploit Targets Millions of iPhones

Millions of iPhones are vulnerable to a newly discovered BootROM exploit, known as "usbliter8", that can't be fixed with software updates because it's embedded in the device's hardware. This means iPhones with A12 and A13 processors will be at risk for the rest of their lifespan.

Analyst 207
Blurred laptop screen on office table surrounded by coworkers.

AI Agents Emerge as Unchecked Identities in Enterprise Security

The equation for enterprise security is no longer simple: with AI agents now connected to critical business services, controlling identities is no longer enough to control risk. These emerging insiders have quietly become privileged - and potentially invisible - attack paths that security and identity programs must urgently address.

Analyst 207
Security analysts work at computer workstations and a large wall screen in a brightly-lit operations center.

AI Shifts Threat Management from Reactive to Proactive Stance

With a sprawling security stack of 40+ tools, enterprise teams are drowning in overlapping alerts and manual handoffs, leaving gaping holes for adversaries to exploit. This disjointed approach leaves teams scrambling to respond to threats, with attackers enjoying a lengthy 43-day window to wreak havoc.

Analyst 207
Windows desktop with Recycle Bin open, showing a file and a confirmation dialog with a partially obscured filename.

Microsoft Updates Trigger Recycle Bin Filename Glitch

Microsoft just revealed a frustrating glitch in the Recycle Bin that displays a confusing filename when you permanently delete an item, showing a cryptic code instead of the file's original name. Luckily, the issue only affects the deletion confirmation dialog and doesn't change the file's name in the Recycle Bin or when it's restored.

Analyst 207