CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict

Critical infrastructure operators are being advised to prepare for prolonged periods of isolation, potentially lasting weeks to months, in the event of a conflict. This guidance is driven by the ongoing threat of state-sponsored hacking groups, such as Salt Typhoon and Volt Typhoon, which have been known to target essential sectors like electricity and water supply¹. The Cybersecurity and Infrastructure Security Agency is collaborating with private sector entities to enhance the security of operational technology systems, which control critical machinery and infrastructure. The agency's warning underscores the shifting threat landscape, where state-aligned activity is becoming increasingly prominent. As a result, critical infrastructure operators must adapt their security strategies to account for the unique characteristics of nation-state threats. This new reality necessitates a distinct approach to security, one that prioritizes resilience and continuity in the face of potentially prolonged disruptions, making it essential for practitioners to reassess their emergency response plans.