Cybersecurity Strategy Now Requires Both Prevention and Operational Resilience

CISA’s new CI Fortify initiative reflects an important and overdue shift in how the industry approaches cybersecurity for critical infrastructure. For years, most cybersecurity guidance focused primarily on three goals: keep adversaries out, patch vulnerabilities quickly, and recover systems after an attack. CI Fortify acknowledges a much harder reality. During a geopolitical conflict or large-scale cyber event, operators may already have adversaries inside their operational technology (OT) environments. Communications can become degraded, external dependencies may fail, and critical services must  still continue operating despite the disruption. 

The updated guidance reflects a fundamental change in how resilience is being defined for industrial environments: maintaining safe, continuous operations even when the environment has already been compromised.

At Xage Security, we are seeing this shift accelerating across critical infrastructure sectors worldwide. Utilities, manufacturers, transportation providers, energy operators, and government agencies increasingly recognize that traditional perimeter-based cybersecurity models are no longer sufficient for highly interconnected OT environments.

Why Isolation and Recovery Matter More Than Ever

CI Fortify places heavy emphasis on isolation and recovery, encouraging organizations to prepare for scenarios where portions of their OT environments may need to be disconnected from vendors, telecommunications providers, cloud services, and broader enterprise networks while still maintaining essential operations.

The guidance also stresses the importance of maintaining operational continuity in degraded states, recognizing that many industrial organizations cannot simply shut down operations while security teams investigate incidents manually.

This shift comes at a critical moment. 

Nation-state actors are increasingly targeting critical infrastructure as part of broader geopolitical strategy. Campaigns such as Volt Typhoon heightened concerns that adversaries may already be embedded within infrastructure environments, using stealthy “living off the land” techniques to prepare for future disruption scenarios. 

In parallel AI is accelerating the speed at which vulnerabilities can be identified, weaponized, and exploited, compressing attack timelines and increasing operational risk for environments that often rely on risk-prone legacy infrastructure and complex third-party access models.

The challenge is especially severe in OT environments, where organizations often cannot pause operations to patch systems, rebuild networks, or manually investigate every threat. Industrial environments demand cybersecurity architectures capable of maintaining uptime and operational continuity even during active cyber incidents.

This is precisely why resilience has become such a critical industry priority.

Isolation Alone is Not Enough

CISA’s emphasis on resilience is both practical and necessary. However, isolation on its own is not enough.

Many organizations still depend heavily on centralized authentication, identity, and access control systems that become difficult to maintain when environments are segmented or disconnected during a cyber crisis. If operators are unable to maintain secure authentication and access enforcement inside isolated segments, disconnection itself can create operational disruption and reduce visibility and control precisely when they are needed most.

This is why resilient architectures increasingly require distributed authentication and access control capabilities that can continue operating locally across disconnected or degraded environments. Approaches such as the distributed identity and access architecture provided by the Xage Fabric Platform allow organizations to maintain Zero Trust enforcement, identity validation, and secure operational access even when segments are isolated from centralized infrastructure.

If organizations do not have control within the environment itself, threats will continue to move through trusted connections, third parties, unmanaged remote access, or compromised credentials long before a crisis response begins. In many industrial breaches, attackers do not “break in” dramatically. They move quietly through legitimate pathways that already exist inside the organization. By the time operators initiate emergency isolation procedures, adversaries may already have deep operational access.

That is why one of the most important aspects of CI Fortify is its recognition that industrial cybersecurity must prioritize control and containment inside the environment before disruption occurs.

Organizations can build resilience by continuously enforcing who and what can access critical systems, dynamically segmenting environments, and preventing threats from spreading laterally across OT, IT, cloud, and edge infrastructure. The organizations that will be most successful are those that layer control and containment directly into their environments rather than relying solely on patching or human-driven recovery after disruption has already occurred.

Segmentation and Zero Trust are Becoming Operational Requirements

The initiative’s emphasis on segmentation and maintaining operations in degraded conditions marks  a meaningful step forward, aligning more closely  with the operational realities of critical infrastructure environments. Operators cannot rely on immediate patching, complete shutdowns, or manual recovery processes during an active cyber crisis. Water systems, manufacturing plants, transportation networks, utilities, and energy infrastructure have an imperative to continue operating safely even while portions of the environment are compromised.

The continued focus on cyber resilience following CISA’s April guidance on accelerating Zero Trust adoption in OT should also be viewed as a source of optimism. It reflects a growing understanding that resilience does not come solely from perimeter defenses or reactive recovery plans.

Resilience comes from continuously enforcing identity, access, segmentation, and least-privilege policies directly inside the environment itself. It requires organizations to contain nefarious actors before they move laterally and prevent threats from spreading operationally so service delivery can continue safely.

Organizations pursuing this model are moving toward architectures that can dynamically enforce policy across distributed environments, including disconnected or remote operational sites. Xage’s universal Zero Trust Access architecture was specifically designed to address these challenges by extending granular, identity-based access control across IT, OT, cloud, and isolated environments without disrupting operations.

The Xage Security Perspective

CI Fortify represents an important evolution in cybersecurity strategy for industrial environments. Traditional approaches built primarily around perimeter defense, periodic patching, and manual recovery are insufficient against modern threats. AI-driven attacks, persistent nation-state activity, and highly interconnected OT ecosystems require organizations to assume compromise is likely and architect environments capable of containing it.

At Xage, we believe the future of critical infrastructure cybersecurity depends on converging Zero Trust access, identity-based segmentation, privileged access management, and continuous enforcement into a unified operational security architecture delivered through a distributed model that extends across every site and continues operating securely even in disconnected or degraded conditions. At Xage, we call this the Xage Fabric Platform.

The objective is not simply to recover after disruption has already occurred, but to limit the blast radius of an attack in real time, maintain operational continuity, and keep critical services running safely even under adverse conditions.

This approach is already being adopted across critical infrastructure sectors. Organizations including energy providers, manufacturers, utilities, and government agencies are using Xage to modernize OT security, reduce remote access risk, and strengthen operational resilience across distributed infrastructure environments. 

Explore Xage customer case studies.

CI Fortify reflects a broader realization across both government and industry that critical infrastructure defense can no longer be measured solely by whether organizations prevent compromise entirely. The defining question now is whether organizations can maintain safe, reliable operations when compromise inevitably occurs.