The Cybersecurity and Infrastructure Security Agency (CISA) wants to help critical infrastructure operators keep their systems running during a major cyberattack or other serious incident.

CISA on Tuesday released guidance as part of an international “CI Fortify” initiative focused on activities that infrastructure operators can take to isolate the effects of a cyber intrusion and recover from them.

“In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering—at a minimum—crucial services,” acting CISA Director Nick Andersen said in a statement. “They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.”

The new guidance, modeled on advice that the Australian government published in 2025, comes as intelligence agencies warn that China might sabotage Western critical infrastructure to keep the U.S. and its allies from interfering with Beijing’s long-rumored invasion of Taiwan. China’s Volt Typhoon hacking campaign indicated that Beijing had already begun laying the groundwork for such disruption, prompting U.S. officials to step up warnings about the dangers of interdependencies in operational technology.

“Operators should assume that in a conflict scenario third-party connections — such as telecommunications, internet, vendors, service providers, and upstream dependencies — will be unreliable and that threat actors will have some access to the OT network,” CISA said on its CI Fortify page. “Isolation and Recovery are emergency planning objectives that can mitigate this threat within the next few years.”

The isolation advice includes identifying “critical customers,” such as nearby military bases, establishing service delivery expectations for them, identifying the OT assets necessary to provide that service and maintaining up-to-date “business continuity plans and engineering processes” to facilitate safe isolated operations “for weeks to months.”

The recovery advice covers documenting how systems operate, backing up important files and “practicing the replacement of systems or the transition to manual in case isolation fails and components are rendered inoperable.”

Critical infrastructure operators should discuss CISA’s advice with their vendors, the agency said, “to help understand their communications dependencies and potential workarounds.”

CI Fortify also includes recommendations for how other companies in the critical infrastructure ecosystem can support operators. Equipment vendors should remove barriers to isolation and recovery, CISA said, while managed service providers and integrators should help operators with engineering and planning work.

CISA also offers direct help

In addition to the guidance, which CISA will periodically update, the agency will also perform “targeted assessments” of participating critical infrastructure operators’ resilience measures, including their ability to operate in isolation, Andersen told reporters during a briefing on Tuesday.

“We've already started to kick off the first couple of assessments under a pilot phase of this initiative,” he said.

CISA’s regional offices will play a key role in supporting this assessment work, but they have been hit hard by layoffs, retirements and forced relocations as part of the Trump administration’s efforts to downsize CISA. The administration has approved CISA’s request to hire 329 new employees to fill critical vacancies, and Andersen told reporters that the regional teams “are high on that priority [list]” for the hiring plan.

Each infrastructure facility assessment will prioritize different outcomes depending on the sector and operator in question, Andersen said. Energy utilities and transportation systems can choose to supply or transport one customer versus another in the event of degraded capacity, he noted, while the water sector isn’t designed to work that way.