惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

Lohrmann on Cybersecurity

On AI Ethics: Why Prompt Engineering Needs a Moral Compass Navigating NIST’s New Cybersecurity AI Frontier AI at Work: Employees Aren’t Waiting for Permission AI, Mind Reading and Microchip Brain Implants The Global State of Technology Risk in 2026 The Mythos Race: Trump’s New EO and Glasswing’s Expansion No Longer Invisible: When Cyber Attacks Go Physical How New College Grads Can Succeed in an AI Economy Protecting People and Infrastructure: A 2026 World Cup Security Preview A Tale of Two States: The 2026 Cybersecurity Paradox The Great Stay: Why Tech Talent Is Choosing Stability Over Salary A History of Global Hacking — and Where It’s Going Next Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity Post-Quantum Cryptography: Moving From Awareness to Execution RSAC 2026 Highlights: From Agentic AI to Active Defense What Is Physical AI, and What Does It Mean for Government? New Federal Strategies, Rising Risk From Iran Top Cyber Themes Securing Critical Infrastructure in a Time of War From Michigan to Silicon Valley: A Conversation With Mohamad Yassine Defending Your Castle: Best Practices for Smart Home Security Your Smart Home Is Watching You: Privacy in the Age of AI Robots How Global Power Struggles Are Rewriting Cyber Defense After TikTok: Navigating the Complex Web of Foreign Tech Bans
‘CI Fortify’ Is the New Road Map for State and Local Resilience
https://www.govtech.com/authors/dan-lohrmann.html · 2026-05-10 · via Lohrmann on Cybersecurity

This past week the Cybersecurity and Infrastructure Security Agency (CISA) announced the release of its CI Fortify project, aiming to help critical infrastructure owners and operators defend themselves against hackers and maintain continuity during a geopolitical conflict.

The CISA portal describes the program this way: “‘CI Fortify’ is an allied initiative bolstering public health and safety, defense critical infrastructure, continuity of the economy, and national security by ensuring operators are prepared to sustain essential operations during a geopolitical conflict. For planning purposes, operators should assume that in a conflict scenario third-party connections — such as telecommunications, internet, vendors, service providers, and upstream dependencies — will be unreliable and that threat actors will have some access to the OT network. Isolation and Recovery are emergency planning objectives that can mitigate this threat within the next few years.”

Here’s a related quote from Acting CISA Director Nick Anderson: “In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering — at a minimum — crucial services. They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.”

DIGGING DEEPER

Going a bit further, you are probably wondering what is meant by “Isolation” and “Recovery.” Here are those details from CISA: “Isolation includes proactively disconnecting from third-party and business networks to prevent OT cyber impacts and sustain essential operations in a degraded communications environment. The goal is to ensure essential service delivery occurs during an emergency rather than completely shutting down. This involves:

  • Identifying critical customers, such as military infrastructure and lifeline services, and setting a service delivery target based on their needs.
  • Determining vital OT and supporting infrastructure to meet that target in isolation.
  • Updating business continuity plans and engineering processes to allow for safe operations for weeks to months while isolated.
  • Tracking CISA and Sector Risk Management Agency (SRMA) communications to know when to isolate. Subscribe to updates from CISA.

“Recovery includes documenting systems, backing up critical files, and practicing the replacement of systems or the transition to manual in case isolation fails and components are rendered inoperable. It also includes addressing communications dependencies for recovery, such as licensing servers or business network connections.

“Operators should share and discuss this page with their managed service providers, system integrators, and vendors to help understand their communications dependencies and potential workarounds.”

THE ONGOING CYBER THREAT

Back at the beginning of March, I covered the challenges of protecting critical infrastructure in a time of war in this blog. More than two months later, the problems have only grown more severe.

Several months back, CISA warned that nation-state cyber actors have already prepositioned themselves within critical infrastructure systems and could target operational technology and telecommunications networks during geopolitical conflicts. The Center for Strategic and International Studies described the situation in more detail in this white paper last week: The Iranian Cyber Threat to U.S. Critical Infrastructure.

Here’s a brief excerpt: “Recently, CISA and other U.S. agencies published an advisory notice warning of the threat posed to U.S. critical infrastructure by Iran-affiliated actors — many of which are thought to be associated with the Islamic Revolutionary Guard Corps. CISA warned that cyber incidents exploiting vulnerabilities in programmable logic controllers (PLCs) — types of computers that control and monitor industrial equipment or machinery — had caused disruption to an unspecified number of U.S. organizations across multiple critical infrastructure sectors (including local government, water, and energy), gaining unauthorized access to systems and manipulating data displayed on monitors. Though the number of victims was not confirmed, the advisory stated that the incidents had resulted in operational disruption and financial loss.”

The Record from Recorded Future News elaborates here: “In comments to Recorded Future News, [CISA Acting Director Nick] Andersen argued that the CI Fortify effort was ‘not in response to any particular nation-state actor’ and denied that it was aimed specifically at Volt Typhoon. The initiative was designed to ‘prevent the potential destructive impact to OT by any nation-state actor,’ he said. ...

“Andersen added that artificial intelligence is also a primary concern prompting the pivot to CI Fortify. He told reporters on Tuesday that CISA and the Trump administration have had deep discussions about ‘the increasing speed and velocity at which … artificial intelligence is going to sort of change and morph the types of impacts we would see for cyber defenders across the board, both for critical infrastructure and operational technology as well as traditional information technology.’”

Cybersecurity researchers have reported multiple recent cases of hackers using AI models to conduct large portions of cyber intrusions. Incident response firm Dragos said on Wednesday that a hacker used an AI model to compromise a municipal water and drainage utility in Monterrey, Mexico.

FINAL THOUGHTS

While it appears that the war with Iran could be winding down, with a ceasefire still in place and strong hopes for an agreement at the time I am writing this piece, the cyber attacks will not stop and may just be getting started at a new level.

State and local governments must take aggressive steps to follow CISA’s guidance as released in CI Fortify in the past week.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.