Securing Our Critical Infrastructure With Zero Trust
Security Boulevard, Wednesday, February 18th, 2026
We are seeing a steady rise in cyberattacks against critical infrastructure and it's not surprising. Many of these systems rely on legacy software riddled with known vulnerabilities. When these systems fail, the impact moves quickly from networks to operations, and from operations to public safety.
There is still a dangerous misconception that operational technology (OT) environments are safe because they are 'air-gapped' or isolated from the internet and internal IT networks. That isolation rarely exists. These systems are connected, often indirectly, and they will continue to be breached.
During my time leading cybersecurity at the Department of the Interior, we found that what many assumed were isolated systems often had indirect pathways, including vendor access, shared infrastructure, and remote monitoring tools. The 'air gap' was rarely absolute. In more than one internal review, we discovered connectivity that existed for convenience, not necessity. Those are the connections adversaries look for.