Critical infrastructure (CI) remains firmly in the cross-hairs of cyber adversaries. In fact, within a sample of more than 4,700 ransomware incidents in 2025, one-half targeted CI.
These targets are the factories that make our vehicles, construction materials, computer chips and spaceships; the Defense Industrial Base (DIB) that supports our military community; the power grids that keep our lights on; and the police and fire departments that keep us safe.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories to warn that state-sponsored attackers are seeking to pre-position themselves on the IT networks of CI organizations to disrupt and/or destroy systems in the event of a major crisis or conflict with the U.S. In response, CISA recently announced the launching of CI Fortify, an initiative that seeks to strengthen resilience throughout the CI sector via proactive isolation and recovery planning.
CI leaders should assume third-party connections – such as telecommunications, the internet, vendors, service providers and upstream dependencies – will be unreliable during a conflict scenario. According to CISA, cyber adversaries will have at least some access to operational technology (OT) networks. This is where CI Fortify’s two essential planning steps enter the picture:
- Isolation. This includes proactively disconnecting from third-party and business networks to prevent OT cyber impact and sustain needed operations in a degraded communications environment. To ensure critical service delivery and avoid a complete shutdown, CI organizations must identify key customers (like military units and lifeline services) and set service delivery targets based on their requirements. They should determine how to meet these targets in isolation, while updating business continuity plans and engineering processes to allow for safe operations for weeks or possibly months in isolation.
- Recovery. This involves documenting systems, backing up critical files, practicing system replacements – and even preparing to transition to manual means – if isolation fails, rendering components inoperable. CI leaders need to address communications dependencies for recovery, such as licensing servers or business network connections.
Ultimately, these measures prevent attackers from gaining further access to or command and control of compromised systems. They also reduce recovery time and incident response costs.
According to CISA, “Regardless of the source for any disruption, these emergency planning efforts will leave operators with more resilient infrastructure that is easier to defend and keep running.” The agency will continue to provide updates on the CI Fortify page while performing targeted assessments of CI to identify barriers to isolation and recovery.
Owl Achieves CI Fortify Goals While Sustaining Operations at Pace
At Owl, we have bolstered such efforts as CISA recommends through our cross domain solutions, which establish a secure wall between different trust domains. This approach instantly transfers sanitized, relevant and appropriate intelligence directly to users, who benefit from the seamless connectivity between disparate networks.
Our hardware-based data diodes play an indispensable role by establishing one-way connectivity with assured cyber protection. The diodes also allow for the isolation of backup data vaults. Owl data diodes are purpose-built and U.S. government validated. They enable the feeding of big data and artificial intelligence (AI) without giving up one-way security.
The Owl team is committed to continued innovation in including advancements in isolation and recovery. We have a long and proven track record of valuable service and support for the protection of CI operators, regardless of events such as attacks and disasters. Our cross domain solutions and hardware diodes have constantly distinguished themselves in the most contested and challenging of circumstances. If you’d like to learn more, please contact us.
