The Trump administration has been increasingly focused on protecting our nation’s critical infrastructure (CI) from cyberattacks: the grids, plants and operating systems that power our homes, deliver our water, and oversee our hospitals and highways.
In the March 2025 Annual Threat Assessment of the U.S. Intelligence Community report, the Office of the Director of National Intelligence (DNI) cites troubling activity on the part of nation-state adversaries in attempting to compromise these and other U.S. interests:
- China: As part of a plan to achieve “the great rejuvenation of the Chinese nation” by 2049, China has emerged as “the most active and persistent cyber threat to U.S. government, private-sector and critical infrastructure networks,” according to the report. China has been behind campaigns such as Volt Typhoon and Salt Typhoon compromising multiple CI organizations – including the energy, transportation and water/wastewater sectors – to move laterally within operational technology (OT) assets and disrupt functions.
- Russia: The Russians command a “unique strength” in integrating cyberattacks with military action, such as the relentless assault of Ukraine’s networks while attempting to gain position on CI assets of the U.S.
- Iran: The Iranians have expanded their expertise in cyber operations to launch major threats to U.S. networks.
- North Korea: The U.S. intelligence community (IC) has been closely monitoring North Korea for the possible targeting of defense industrial base (DIB) companies involved with aerospace, submarine and hypersonic glide technologies. The DIB is included among the 16 CI sectors as identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The DNI contends that these activities are part of a larger, coordinated effort to deploy attacks as part of a multi-layered assault on a wide range of global interests – including but not limited to our technology systems and CI.
If we consider the individual CI sectors as a collective industry, then it would account for 41% of nation-state threat notifications, according to research from Microsoft. In comparison, the U.S. government accounts for just 12% of these notifications.
It doesn’t help that one-quarter of OT devices are on unsupported systems. Even more alarming: with CI systems increasingly interconnected – 78% of Internet of Things (IoT) devices are linked to known network vulnerabilities, and 46% of the devices cannot be patched, according to the research.
This unsettling reality leaves us potentially – and dangerously – exposed. It simply makes perfect sense to leverage cyberattacks against CI as a foundational aggression strategy for the modern age: The disruption of power generators, transformers, and water sources will go far in weakening the hearts and minds of an opponent’s warfighters and citizens.
In response, leaders from the U.S. government, military and private sector must collaborate on the following multi-step defense plan that’s specifically designed for our most essential CI/OT assets:
- Establish fortified communications: Because our networks are so interconnected, users representing different operations and security clearances need to exchange information in real-time. Yet, the risk of compromising the information remains significant, and that’s why leaders should strongly consider deploying cross domain solutions (CDS) in these situations. A proven tool in optimal network segmentation, a CDS promises to deliver a firewall with superpowers. It lets users access and transfer information between separate domains, which means two different users with two different security clearances from two different domains can share information safely. By establishing a fortified wall between individual trust domains, it automatically transfers sanitized, relevant and appropriate intelligence directly to the right users with seamless connectivity. With this, they act on real-time intelligence without risking data.
- Reinforce with data diodes: Hardware-based data diodes often support CDS capabilities, allowing for unidirectional protection for high-risk zones while preventing reverse data flow. Because they are hardware-based, they are more resistant to threats that will expose software-based systems.
- Ensure accountability: While OT and IT systems were traditionally kept separated, CI operators rightfully want the operational efficiency, real-time insights, predictive maintenance and economic benefits of connecting the two. Even though CDS and data diodes can make this connectivity happen safely, those managing the OT and the IT sides of the equation are often reluctant to accept the responsibility. There’s a need for senior-most leadership in CI organizations to make the determination, set the direction and define policies that keep both OT and IT engaged and accountable for security hygiene.
Unlike the early cyber threat era of the 1990s or even the nascent mega attacks seen in the 2000s, today’s cyber threats are at a different level. Our adversaries are more capable than ever of “playing dirty” by leveraging any and all emerging technologies to disrupt vital CI/OT systems.
By incorporating a multi-layered plan to protect the infrastructure which supports us in so many ways – one that includes the deployment of CDS for maximum information-exchange assurance – we’ll take major steps in defending our national interests.
This article originally appeared in SC Mediahttps://www.scworld.com/perspective/three-ways-we-can-protect-u-s-critical-infrastructure
Scott Orton, chief executive officer, Owl Cyber Defense