As the cyber threat landscape down under intensifies, Australia has launched CI Fortify, a comprehensive guidance framework designed to help critical infrastructure (CI) operators enhance the security, reliability, and resilience of their operational technology (OT) systems. The move highlights the growing concern over cyberattacks targeting Australia’s most vital sectors, including energy, transport, water, healthcare, and telecommunications.
According to national security officials, state-sponsored cyber actors and cybercriminals are increasingly targeting Australia’s critical systems, either to steal sensitive information, conduct espionage, or prepare for potential disruption during times of crisis. These threats could degrade public confidence, interrupt essential services, and cause physical or economic harm.
The Australian Security Intelligence Organisation (ASIO), in its Annual Threat Assessment 2025, warned that espionage and foreign interference are already at “extreme levels” and are expected to intensify. Authoritarian regimes, the report noted, are showing greater willingness to disrupt or destroy critical infrastructure to damage national decision-making and sow social discord.
Escalating Threats to Operational Technology
Operational technology systems, the backbone of essential services — have become a prime target for malicious actors. Over the past 15 years, cyberattacks on OT systems have grown in both sophistication and impact.
- In 2010, the Stuxnet malware demonstrated how malicious code could damage industrial machinery, targeting Iran’s nuclear centrifuges.
- In 2016, Industroyer struck Ukraine’s power grid, cutting off electricity in Kyiv.
- The 2017 Triton malware went a step further, targeting safety systems at a Saudi petrochemical facility — signaling a dangerous shift toward attacks that threaten human life.
- The 2021 Colonial Pipeline ransomware attack in the U.S. disrupted fuel supply across the East Coast, highlighting how IT breaches can force OT shutdowns.
- In 2022, Industroyer2 resurfaced, showcasing attackers’ deep knowledge of specific OT environments.
These incidents underline how vulnerable legacy systems and outdated engineering designs remain. Many OT environments still run on old software and protocols, with limited ability to withstand sophisticated cyber intrusions.
Building Resilience with CI Fortify
The CI Fortify framework provides high-level cybersecurity recommendations to help Australian CI operators prepare for and respond to crises. It emphasizes maintaining service continuity even during major disruptions.
Before implementing CI Fortify’s measures, operators are advised to take three key preparatory steps:
- Maintain a current OT asset inventory: An accurate and regularly updated inventory helps identify system roles, dependencies, and criticality.
- Identify vital OT and enabling systems: Operators must determine which systems are essential to sustain critical services.
- Establish isolation points: Knowing where and how to isolate vital systems enables faster responses during cyber incidents.
The framework’s two primary goals are:
- The ability to isolate vital OT systems from the internet and other networks for up to three months while maintaining essential services.
- The ability to rapidly rebuild OT systems to restore normal operations safely after an attack.
Preparing for Isolation and Recovery
Temporary isolation plays a crucial role in containing persistent threats. The ability to disconnect vital systems from other networks — including third-party connections — can prevent attackers from spreading through interconnected systems. However, this may require businesses to perform some automated tasks manually during isolation periods.
Equally important is the capacity to rebuild systems rapidly. CI Fortify advises maintaining offline, known-good backups of firmware, configurations, and processes to ensure recovery even if existing backups are compromised. Operators should also pre-position spare equipment and establish tested rebuild procedures.
A Proactive Approach to OT Security
CI Fortify represents a shift from reactive to proactive cybersecurity for critical infrastructure. By strengthening preparedness and resilience before incidents occur, CI operators can minimize downtime, reduce financial loss, and ensure the continuity of essential services during both cyber and physical crises.
The Australian government’s message is clear — the risk to critical infrastructure is not hypothetical, it is already being realised. Strengthening cyber resilience today is the only way to safeguard the systems that keep the nation running tomorrow.
