Rupert Marais serves as our lead in-house security specialist, bringing a wealth of expertise in endpoint protection, cybersecurity strategy, and the intricate management of industrial networks. With the Cybersecurity and Infrastructure Security Agency recently launching the “CI Fortify” initiative, Marais is at the forefront of translating high-level policy into the technical grit required to keep national utilities running during a crisis. As intelligence warnings regarding campaigns like Volt Typhoon grow more frequent, his insights provide a crucial bridge between theoretical resilience and the cold reality of maintaining operational technology under fire.
Operators are being encouraged to plan for scenarios where third-party connections like the internet and telecommunications are completely unreliable. What are the engineering challenges of running an industrial network in isolation for months, and how should a facility prioritize service for critical customers like military bases?
The shift from a connected environment to a “dark” isolated state is a massive engineering undertaking that challenges the very foundation of modern automation. When you cut off the internet and telecommunications for weeks or months, you lose the “heartbeat” of remote monitoring and the synchronized timing that many industrial sensors rely on to function safely. To maintain operations in this state, engineers must shift to a localized control logic where the Operational Technology network functions as a closed loop, independent of any upstream dependencies or vendor cloud services. Prioritizing critical customers, such as military bases, requires a granular mapping of the physical infrastructure; it is not just about flipping a switch, but about defining service delivery expectations that ensure these high-priority sites receive stable power or water even if the rest of the grid is throttled. This involves rigorous planning to ensure that the OT assets necessary for those specific lines of service are hardened and capable of running autonomously without a single packet of data leaving the facility.
If isolation fails and digital components are rendered inoperable, organizations must transition to manual processes to maintain essential services. What specific steps are involved in practicing this transition, and how can operators ensure their system documentation and backups remain accessible during a total network compromise?
Transitioning to manual operations is a visceral, high-stakes process that feels more like a fire drill than a software update; it requires operators to step away from their screens and physically interact with valves, breakers, and levers. The first step in practicing this is a “total loss” simulation where the digital control interface is ignored, forcing staff to rely on printed engineering schematics and manual override protocols that many younger technicians may have never used in a live environment. To ensure documentation and backups are actually available when the network goes dark, facilities must maintain “offline” repositories—think ruggedized, air-gapped storage or even physical binders—because a ransomware attack will encrypt your digital manuals just as quickly as your databases. We advise teams to conduct these drills at least twice a year, physically verifying that every backup file can be restored to a clean machine without an internet connection, ensuring that even if every server in the building is bricked, the lights can stay on through sheer human intervention.
Equipment vendors and managed service providers are expected to help remove barriers to system recovery and isolation. What specific technical changes should vendors implement to facilitate these workarounds, and how can integrators better support infrastructure operators with long-term engineering and planning?
For too long, equipment vendors have built systems that “phone home” for licensing or updates, creating a dangerous dependency that makes isolation nearly impossible during a geopolitical crisis. Vendors need to implement technical workarounds such as “emergency offline modes” that allow full system functionality without an active external handshake, effectively removing the barriers that prevent an operator from severing a compromised link. Integrators, on the other hand, should move away from short-term troubleshooting and instead act as long-term resilience partners who help map out every single communication dependency within the OT environment. This means performing deep-packet inspection to see exactly where data is going and working with operators to re-engineer those pathways so that critical functions are not tied to a single vulnerable service provider.
Resilience strategies vary significantly between sectors; for instance, an energy grid might redirect power while a water system cannot easily divert flow. How do these technical limitations affect assessment priorities, and what specific outcomes should a facility aim for during a resilience audit?
The physics of the infrastructure dictates the strategy: in the energy or transportation sectors, you have the luxury of rerouting electrons or cargo through different nodes if one path is compromised, which makes “redundancy” the primary audit goal. However, in the water sector, the system is often a rigid, gravity-fed or pressure-dependent linear chain, meaning you cannot simply “route around” a poisoned reservoir or a failed pump station. Because of these limitations, a water facility’s resilience audit must prioritize “isolation integrity”—the ability to lock down the current flow and protect it from digital interference—rather than trying to find non-existent alternate paths. The ultimate outcome of any audit should be a verified “Minimum Essential Service” level, where the operator can prove exactly how much service they can maintain for how long, using only the resources currently inside their four walls.
Regional support teams are essential for conducting targeted resilience assessments, yet many agencies face staffing shortages and high turnover. How does a lack of local personnel impact the rollout of critical safety initiatives, and what steps should be taken to fill these high-priority technical vacancies?
When you lose local experts due to layoffs, retirements, or forced relocations, you lose the “institutional memory” of how a specific town’s power grid or water treatment plant actually breathes, which makes high-level guidance from Washington feel disconnected and theoretical. A lack of boots-on-the-ground personnel means that “targeted assessments” take longer to start, leaving vulnerable facilities in the dark about their own weaknesses while adversaries like Volt Typhoon continue to lurk in their networks. The recent approval to hire 329 new employees is a vital step toward plugging these gaps, but we must prioritize placing these hires in regional offices where they can build long-term relationships with local operators. Filling these vacancies isn’t just about HR; it’s about recruiting specialists who are willing to spend time in the field, literally walking the floor of a plant to understand its unique quirks, which is the only way to ensure these safety initiatives actually stick.
What is your forecast for the security of critical infrastructure?
My forecast is that we are entering an era of “defensive regionalism,” where the global interconnectivity we spent decades building will be intentionally throttled in favor of local survivability. Within the next few years, I expect to see a surge in “break-glass” engineering, where facilities install physical hardware kill-switches as a standard response to the growing threat of state-sponsored sabotage. While the digital threats from actors like China are becoming more sophisticated, the focus on isolation and manual recovery—modeled after the proactive 2025 Australian strategies—will create a much harder target for adversaries. We will likely see a period of intense “hardening” where operators stop viewing cybersecurity as a software problem and start treating it as a core component of mechanical engineering and national survival.
