CISA releases CI Fortify cyber crisis guidance for critical infrastructure
Updated
Updated · Federal News Network · May 5
CISA releases CI Fortify cyber crisis guidance for critical infrastructure
12 articles · Updated · Federal News Network · May 5
Acting director Nick Andersen said pilot assessments have begun, prioritising defence-critical systems such as dams, radars, weapon systems and satellite communications.
The guidance tells operators to prepare to isolate operational technology from outside networks, maintain essential services, back up systems and rehearse manual operations or replacement after attacks.
It follows a 75-day DHS shutdown and heavy staffing losses at CISA, though 329 mission-critical hires are now approved as officials warn geopolitical crises could trigger disruptive cyber attacks.
Is strategically disconnecting our infrastructure the last defense against a widespread, crisis-level cyberattack from foreign adversaries?
With nation-states already inside networks, is the new 'Zero Trust' model for infrastructure coming too late to prevent sabotage?
Strengthening U.S. Critical Infrastructure in 2026: The CI Fortify Initiative’s Focus on Isolation and Resilience
Overview
In response to escalating cyberattacks by state-sponsored actors and a major power grid attack in Poland, CISA launched the CI Fortify initiative in May 2026 to strengthen critical infrastructure resilience. The program focuses on isolation and recovery strategies to ensure essential services continue operating during cyber incidents. CISA is conducting targeted assessments to identify barriers, while regulatory frameworks push for stricter security on critical suppliers. However, significant challenges remain, including a severe cybersecurity skills gap and high upfront costs, which contribute to inadequate cyber resilience in many smaller organizations. Leadership uncertainty at CISA also hampers effective implementation, underscoring the urgent need for coordinated action.