We are seeing a steady rise in cyberattacks against critical infrastructure and it’s not surprising. Many of these systems rely on legacy software riddled with known vulnerabilities. When these systems fail, the impact moves quickly from networks to operations, and from operations to public safety.
There is still a dangerous misconception that operational technology (OT) environments are safe because they are “air-gapped” or isolated from the internet and internal IT networks. That isolation rarely exists. These systems are connected, often indirectly, and they will continue to be breached.
During my time leading cybersecurity at the Department of the Interior, we found that what many assumed were isolated systems often had indirect pathways, including vendor access, shared infrastructure, and remote monitoring tools. The “air gap” was rarely absolute. In more than one internal review, we discovered connectivity that existed for convenience, not necessity. Those are the connections adversaries look for.
So, what do we do?
We design for resilience by applying Zero Trust principles to OT environments.
Zero Trust is About Mission Continuity
That starts with assuming breach, not accepting it, but acknowledging reality and planning accordingly. Organizations must apply the same rigor to internal operational resilience that they apply to perimeter defenses.
When we developed long-term Zero Trust roadmaps in federal environments, the first question was not whether a breach would occur, but how we would limit its operational impact when it did. Roadmap discussions were grounded in mission impact. Which systems support field operations? Which support public safety? Which cannot tolerate downtime? Those answers shaped sequencing, budget allocation, and control prioritization.
A comprehensive approach includes implementing microsegmentation to prevent lateral movement and protect critical assets. Strong identity enforcement ensures users and systems access only what they are authorized to use. Deep visibility into OT environments allows defenders to detect abnormal activity early and contain it before it spreads.
Three weeks to patch a known exploited vulnerability on a critical system is too long. Adversaries are automating reconnaissance and exploitation. We will not outpace them through patching alone. Containment must be built into the architecture. In practice, that means isolating vulnerable assets even when patch windows are constrained by operational realities. In federal environments, maintenance cycles are rarely ideal. Architecture must account for that.
This is how we ensure that critical missions continue even when defenses are tested.
This challenge also underscores the urgent need for a holistic, ecosystem-wide approach to protecting our nation’s critical infrastructure.
The Department of War’s recent Zero Trust OT guidance is a major step forward. But even if every DoW OT system was perfectly secured, an adversary could still achieve mission failure by targeting infrastructure outside the fence line. A compromised municipal water system, regional power grid, or transportation network supporting a military installation can have the same operational impact as a direct attack on DoW systems.
When coordinating across bureaus and interagency partners, it became clear that resilience is shared. Dependencies extend beyond organizational charts. Infrastructure that supports mission execution often sits outside direct authority. That reality must inform strategy.
In a recent The Wall Street Journal article titled “Unsettled Cyber Intel Law Erodes Private-Sector Trust,” I noted that hesitation in sharing timely cyber intelligence slows national visibility, delays mitigations, and increases risk across both private and public sector environments. That observation reflects a broader truth. When visibility is delayed, response slows. When coordination fractures, adversaries gain maneuver space. The same dynamics apply inside operational environments.
Our adversaries understand this interconnectedness. They are getting smarter, faster, and more adaptive. Our defenses must be designed with that reality in mind.
It’s time to think more broadly about how we design and implement strategies to secure the systems that underpin U.S. readiness and resilience. Federal, state, local, and private-sector partners must collaborate on unified approaches that strengthen the entire ecosystem, not just individual networks. Mission assurance depends on it.
If you’re rethinking how to strengthen mission resilience across your critical infrastructure, connect with us to continue the conversation.
