CISA Says Critical Infrastructure Must Run in Isolation

"Weeks to Months" Without the Internet

On May 5, CISA launched CI Fortify -- a nationwide initiative telling critical infrastructure operators to prepare for something most have never rehearsed: running essential services for weeks to months while completely disconnected from IT networks, third-party vendors, and the internet (CISA).

The trigger is real. Chinese APT groups Salt Typhoon and Volt Typhoon have embedded themselves inside U.S. electricity, water, and telecommunications systems. They are not stealing data. They are pre-positioning for activation during a geopolitical crisis (CyberScoop).

What CI Fortify Requires

The initiative centers on two planning pillars:

• Isolation: Proactively disconnecting OT systems from business networks and third-party connections before an attack spreads. The goal is continued service delivery in a degraded environment -- not a full shutdown.
• Recovery: Documenting systems, backing up critical files, and rehearsing manual operations if isolation fails and components are destroyed.

CISA's planning assumption is blunt: in a conflict scenario, telecommunications, internet, vendor support, and upstream dependencies will all be unreliable (Federal News Network).

The agency is prioritizing defense-critical infrastructure -- military bases, dams, satellite communications -- and has already begun pilot assessments, though Acting Director Nick Andersen declined to identify which facilities (SecurityWeek).

Why This Matters for Operations Teams

CI Fortify is framed as a cyber initiative, but the downstream effects are physical. When a water treatment plant isolates its OT network, operators need to know which valves to control manually. When a grid operator disconnects from vendor monitoring tools, they need local situational awareness of weather, wildfire, and civil unrest conditions that affect their assets.

The first quarter of 2026 saw 1,305 cyber incidents across critical infrastructure sectors (Cyble). For operators already stretched thin, adding isolation planning to the continuity stack is not optional -- it is the new baseline.

Orion provides the physical and geopolitical risk layer that infrastructure operators need when digital monitoring tools go dark -- real-time conditions across 195 countries, scored to the asset level.

Wrapping Up

If you operate energy, water, transportation, or telecommunications infrastructure, CI Fortify is your signal to start planning now. CISA is not issuing this guidance because the threat is theoretical. They are issuing it because adversaries are already inside. Request a demo to see how Orion monitors the conditions that drive these threats.