(TLP:CLEAR) CISA LaunchesCI Fortify: Strengthening Resilience Across Critical Infrastructure
Created: Thursday, May 7, 2026 - 14:24
Categories: Cybersecurity, Federal & State Resources, OT-ICS Security
Summary: On Tuesday, CISA launched “CI Fortify: Strengthening Resilience Across Critical Infrastructure” in collaboration with federal interagency and international partners. This nationwide initiative encourages critical infrastructure (CI) operators to fortify their infrastructure by building robust isolation and recovery capabilities as part of their emergency planning efforts. Investing in these capabilities will help sustain critical service delivery even if malicious cyber actors degrade communications and third-party connections and attempt to compromise systems.
CISA’s new webpage, CI Fortify | CISA, fuses guidance, planning materials, threat context and other resources to support organizations as they prepare for and withstand high-consequence cyber scenarios.
CISA is socializing this initiative as widely as possible throughout CI organizations and networks. CISA also encourages utilities to share their thoughts on this initiative in this quick survey – your feedback helps shape its future efforts.
Analyst Note: For the water sector, this initiative aligns directly with the reality that many utilities rely on interconnected IT/OT environments and third-party services that may be degraded or unavailable during a cyber or geopolitical crisis. CISA’s emphasis on operating through isolation reinforces the need for utilities to sustain essential functions, such as treatment and distribution, even in a disconnected state.
Isolation and recovery planning also addresses a key sector risk: adversaries pre-positioning within OT environments to enable disruptive or destructive attacks. By prioritizing offline operations, system documentation, and recovery capabilities, utilities can reduce reliance on external dependencies and maintain continuity of operations during high-consequence cyber events.
For additional guidance, see Fundamental 1: Plan for Incidents, Emergencies, and Disasters in WaterISAC’s 12 Cybersecurity Fundamentals for Water and Wastewater Utilities. Additional related WaterISAC Fundamentals include:
- Fundamental 2: Minimize Control System Exposure
- Fundamental 5: Account for Critical Assets
- Fundamental 11: Secure the Supply Chain
Original Source: https://www.cisa.gov/topics/industrial-control-systems/ci-fortify
Additional Reading: Below are additional products released by CISA and its partners as part of a sustained focus on defending OT. These include guidance and actionable recommendations that operators and other stakeholders can take to secure OT systems and reduce cybersecurity risk.
- Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators
- Secure Connectivity Principles for Operational Technology (OT)
- Barriers to Secure OT Communication: Why Johnny Can’t Authenticate
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
- Adapting Zero Trust Principles to Operational Technology