25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

CISA Launches Initiative to Improve Critical Infrastructure Resilience During Geopolitical Conflicts

Posted By on May 8, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a new initiative aimed at improving critical infrastructure cyber resilience during geopolitical conflicts, and is urging critical infrastructure operators to improve their defenses against disruptive and destructive cyberattacks through proactive isolation and recovery planning. CISA warns that adversaries have already embedded themselves in critical systems and are positioning themselves to cripple operational technology in the event of a wider geopolitical conflict.

During geopolitical conflicts, critical infrastructure entities face an increased risk of cyberattacks, where nation-state actors may attempt to disrupt and destroy the operational technology running the United States. Attacks may target healthcare providers to disrupt patient care, telecommunications infrastructure to damage phone and internet services, food production facilities, and energy and wastewater entities. At all times, critical infrastructure entities must continue to deliver crucial services to Americans. They must therefore isolate vital systems from harm, continue operating them in an isolated state, and be able to rapidly recover any systems that are successfully compromised.

The initiative, dubbed CI Fortify, is aimed at boosting public health and safety, critical defense infrastructure, national security, and ensuring the continuity of the economy. CISA explains that critical infrastructure operators must assume that, in the event of a conflict scenario, third-party connections such as telecommunications, vendors, service providers, upstream dependencies, and the internet are likely to be unreliable, and threat actors will have access to certain parts of the operational technology network.

Operators must plan for such scenarios and improve resilience through isolation and incident recovery practices. Isolation involves proactively disconnecting operational technology systems from third-party business networks to prevent operational technology cyber impacts and sustain essential operations in a degraded communications environment. Processes need to continue to ensure service delivery in the event of an incident, rather than being forced to completely shut down.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Critical infrastructure operators should identify critical customers and set a service delivery target based on their needs, determine vital operational technology and supporting infrastructure to meet their targets in isolation, and update business continuity plans and engineering processes to ensure safe operations while isolated, which could be weeks or even months. They should track CISA and Sector Risk Management Agency (SRMA) guidance to know when to isolate. For healthcare and public health organizations, the Department of Health and Human Services is the designated Sector Risk Management Agency (SRMA), with those duties handled by the Administration for Strategic Preparedness through the Office of Critical Infrastructure Protection.

For recovery, it is essential to ensure that systems are documented, critical files are backed up, and procedures are practiced for replacing critical systems and transitioning to manual processes in the event of systems or components being rendered inoperable. It is also vital to address communications dependencies for recovery, such as licensing servers or business network connections.  “Regardless of the source for any disruption, these emergency planning efforts will leave operators with more resilient infrastructure that is easier to defend and keep running,” explained CISA. CISA has set up a webpage with further information and resources to help critical infrastructure entities isolate systems and enable recovery.

This week, the Joint Commission and AHA announced a new Cyber Resilience Readiness Program for hospitals and health systems to ensure they can sustain clinical operations during cyberattacks that disrupt critical information technology systems. The program dovetails with CISA’s CI Fortify initiative, according to John Riggi, AHA national advisor for cybersecurity and risk.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist