- AI agents will be ambient, but not autonomous - what that means for us
- All Pixel Watch 3s are on sale at Best Buy - save $70 on the LTE model
- Your embarassing Meta AI prompts might be public - here's how to check
- Why ads are coming to your favorite AI bots and you've only got yourself to blame
- How to install iOS 26 beta on your iPhone (and which models support it)
Modernizing Critical Infrastructure Security to Meet Today’s Threats
Ransomware attacks are no longer just a cybersecurity concern – they are a direct threat to national security. A recent study found that among organizations hit by ransomware in the past 12 months, an average of 25 percent of critical systems were affected, with downtime lasting an average of 12 hours. The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Multi-State Information Sharing and Analysis Center have sounded this alarm and recently issued a joint cybersecurity advisory, warning that ransomware groups are exploiting vulnerabilities in aging systems, including in the critical infrastructure sector.
Such attacks don’t just threaten individual agencies – they pose a serious national security risk by targeting essential services used by everyday citizens, including energy grids, healthcare systems, water treatment facilities, and transportation networks.
As Rear Adm. Mark Montgomery (Ret.) a retired navy admiral recently said, “the state and local cybersecurity officials are the front line – they ought to be treated like the front line. […] Cybersecurity soldiers are on the front line defending our water power utilities, our state and local databases, judicial information.” This means acknowledging the potential for cyber warfare and putting a proactive and modern security strategy in place that effectively defends critical infrastructure.
Traditional cybersecurity approaches fall short against modern and sophisticated threats because legacy systems often lack fundamental security controls. Many were not designed with today’s cyber risks in mind, leaving agencies and critical infrastructure owners with limited visibility, weak access controls, and flat network architectures that allow attackers to move laterally with ease. Without segmentation, containment, and advanced threat detection, agencies struggle to identify and mitigate attacks before they disrupt operations or compromise sensitive data. To defend against evolving threats, agencies must shift to a model that enforces continuous verification and least-privilege access to limit an attack’s impact.
Moving Away from Outdated Security Practices
Traditional models lack the visibility needed for effective risk detection and response, creating dangerous blind spots. While internet-connected systems enhance defense and stability, they also give nation state actors new attack opportunities, putting sensitive data and critical services at risk.
The security approach Zero Trust addresses modern cyber threats by preventing attackers from gaining access they need to succeed. No matter how advanced their tools are, cybercriminals can’t breach what they’re not allowed to reach. Operating on the principle of “never trust, always verify,” Zero Trust eliminates blind spots by enforcing continuous verification and least-privilege access, ensuring that even if attackers find a way in, they can’t move laterally or cause widespread damage.
Securing critical infrastructure through Zero Trust requires placing essential computational controls – such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs) – within a defined Protect Surface. By building out protections with a five-step Zero Trust model, agencies can effectively secure these high-value assets. First, they must identify the data, applications, assets, and services that require protection. Mapping transaction flows then reveals how these components interact, informing the architecture’s design to ensure controls are placed as close as possible to the Protect Surface. Establishing Zero Trust policies then further restricts access to only those who truly need it. Finally, continuous monitoring and telemetry analysis enable real-time threat detection and adaptive security improvements, ensuring that critical infrastructure remains resilient against evolving cyber threats.
Another key component of Zero Trust, Zero Trust Segmentation (ZTS), prevents attackers from moving laterally across networks and reaching high-value assets. By automatically isolating critical systems and containing threats at the source, ZTS not only minimizes the impact of breaches but also accelerates incident response. With ZTS in place, agencies and critical infrastructure owners can quickly contain threats without widespread operational disruptions – enabling mission continuity and operational efficiency even in the face of attacks.
Integrating Advanced Security Measures to Enhance Resilience
Beyond ZTS, agencies and critical infrastructure owners must leverage continuous monitoring and threat intelligence sharing to detect and respond to emerging threats in real time. The integration of artificial intelligence (AI) and automation plays a crucial role in cybersecurity, enabling faster threat detection, predictive analytics, and automated response mechanisms. Within the Zero Trust framework, AI accelerates key processes such as labeling environments and implementing day-one policies, making security measures more efficient and adaptive. By leveraging AI-driven automation alongside solutions like ZTS, agencies and owners can proactively isolate threats while maintaining seamless operations, strengthening their overall security posture.
Strengthening collaboration efforts is also essential. Critical infrastructure owners and agencies must work closely with the federal government to share intelligence, enhance threat visibility, and develop coordinated defense strategies. By integrating these advanced security measures, agencies can build adaptive, resilient defenses that protect vital assets and maintain national security.
By modernizing security strategies and adopting proactive measures, critical infrastructure owners can reduce operational risk, limit the impact of cyber intrusions, and strengthen national security.
Balancing Security with Operational Continuity
Striking the right balance requires a security strategy that enhances protection without introducing inefficiencies or disrupting mission-critical functions. This means adopting solutions, like ZTS, that integrate with existing infrastructure to help isolate threats while allowing normal operations to continue. Agencies must also take a phased approach to modernization, testing and implementing security upgrades incrementally to minimize operational disruptions and ensure efficiency. Additionally, cybersecurity measures should be tailored to specific operational needs – rather than applying one-size-fits-all solutions.
Meeting Today’s Threats and Charging Forward
As cyber threats continue to evolve, securing critical infrastructure demands a proactive and modernized approach. Critical infrastructure owners can no longer rely on outdated security models that leave vital systems vulnerable to ransomware and other attacks and ultimately create an environment that stalls efficiency.
By adopting Zero Trust principles and implementing ZTS, agencies and critical infrastructure owners can significantly reduce risks and strengthen national security. Balancing these measures with operational continuity ensures that security enhancements do not compromise essential services. Through strategic modernization, agencies can build resilient defenses that safeguard the nation’s most essential assets.
About the Author
John Kindervag is considered one of the world’s foremost cybersecurity experts. With over 25 years of experience as a practitioner and industry analyst, he is best known for creating the revolutionary Zero Trust Model of Cybersecurity. As Chief Evangelist at Illumio, John Kindervag is responsible for accelerating awareness and adoption of Zero Trust Segmentation. Most recently, John led cybersecurity strategy as a Senior Vice President at On2IT. He previously served as Field CTO at Palo Alto Networks and, before that, spent over eight years as a Vice President and Principal Analyst on the security and risk team at Forrester Research. In 2021, John was named to the President’s National Security Telecommunications Advisory Committee (NSTAC) Zero Trust Sub-Committee and was a primary author of the NSATC Zero Trust report that was delivered to the President. That same year, he was also named CISO Magazine’s Cybersecurity Person of the Year. John serves as an advisor to several organizations, including the Cloud Security Alliance and Venture Capital firm NightDragon.
