CISA unveils CI Fortify to help secure critical infrastructure during conflicts

The Cybersecurity and Infrastructure Security Agency announced the release of its CI Fortify project on Tuesday, aiming to help critical infrastructure owners and operators defend themselves against hackers and maintain continuity during a geopolitical conflict.

“For planning purposes, operators should assume that in a conflict scenario third-party connections — such as telecommunications, internet, vendors, service providers, and upstream dependencies — will be unreliable and that threat actors will have some access to the [operational technology] network,” a webpage describing the initiative says.

Per guidance, CISA wants critical infrastructure providers to focus on isolation and recovery planning objectives.

“We strongly encourage organizations to review this guidance, implement the recommended actions and collaborate with CISA to strengthen CI defenses against opportunistic threat actors,” agency acting director Nick Andersen said in a prepared statement.

Critical infrastructure — like water treatment plants, financial institutions and electric grids — are a regular target for foreign hackers. U.S. officials have assessed for years that China is burrowing into non-military critical infrastructure networks, preparing to sabotage them should the U.S. enter into a major conflict with the nation, especially involving Chinese interests in Taiwan.

Hackers linked to China, Russia, Iran, North Korea and ransomware groups will continue to pose critical threats to U.S. networks and critical infrastructure, U.S. intelligence agencies assessed this year.

Amid the U.S.-Israel war against Iran, Tehran-backed hackers exploited and disrupted operational technology control systems embedded in multiple U.S. critical infrastructure sectors, targeting equipment manufactured by Rockwell Automation, according to a government advisory issued last month.

Last year, Australia, a Five Eyes partner, launched its own CI Fortify program.