Earlier this month, the White House released its new National Cyber Strategy, introducing significant implications for securing the nation’s critical infrastructure and the heart of our mission at Claroty.
The strategy represents a fundamental shift in how governments usually approach cybersecurity, especially through the lens of national security. It echoes the world we’re living in today, rife with global conflict and uncertainty. It calls for a decidedly aggressive approach to securing critical infrastructure, starting with the identification of foreign adversaries who seek to disrupt U.S. critical infrastructure. It also seeks to unify the public and private sectors to “detect, confront, and defeat cyber adversaries before they breach our networks and systems.”
This signals the beginning of what the government calls an “offensive” approach to making networks more resilient by hunting threat actors and ensuring continuity of the American economy. We’ve recently seen how hacktivist groups are targeting critical infrastructure around the world for political and social gain, and the impact of those attacks has already been felt in Ukraine, Israel, and elsewhere. Now that the problem has escalated from a concern for private companies to a national security risk, it’s understandable that the U.S. has acknowledged the obvious implications in its new strategy.
Though light on prescriptive guidance, the strategy outlines six pillars of action that ostensibly serve as the guidelines for its implementation. A few of these are particularly important to our mission of securing the cyber-physical systems (CPS) that underpin the world’s critical infrastructure:
Pillar 3: Modernize and Secure Federal Government Networks
Pillar 4: Secure Critical Infrastructure
Pillar 5: Sustain Superiority in Critical and Emerging Technologies
Pillar 3: Modernize and Secure Federal Government Networks
Upon first glance, this might not seem like it applies to everyone. While it is first and foremost directly relevant and actionable to U.S. government agencies, the implications run deeper than that and I expect will cascade across the global economy, from the public to private sectors and to other parts of the world.
Federal agencies’ systems are constantly failing Government Accountability Office (GAO) cyber audits, often due to networks being rife with legacy technology. The resulting vulnerabilities plague these networks, and with nation-state threat actors now enlisting the help of politically motivated hacktivist groups to target the low-hanging fruit this creates, the time to invest in securing and modernizing federal networks is now.
Pillar 3 calls for “the adoption of AI-powered solutions to defend federal networks and deter intrusion at scale.” Artificial intelligence is evolving from a novelty into an operational necessity. As adversaries are increasingly targeting high-value CPS assets, it’s critical that we advance our protective technologies to outpace attackers. The key here is not to think about AI as an “add on” set of capabilities, but instead to reimagine how to incorporate AI into everything; to solve problems we could never hope to address in the past. The power of AI is a central component of the Claroty Platform, from the CPS Library to our MCP Server and more, driving fundamental shifts in how we reduce CPS risk and improve security outcomes.
Pillar 4: Secure Critical Infrastructure
The focus of this pillar on “securing information and operational technology supply chains” speaks to just how converged IT and OT have become. In addition to expanding organizations’ attack surface and reshaping the way we think about securing it, IT/OT convergence also correlates to a shift in threat actors’ motives: from espionage to sabotage.
CPS assets that are insecure and internet-facing or connected to the corporate IT network present attackers with an opportunity to disrupt critical services that are core to our way of life. For state-sponsored threat actors, this is a new and evolving frontier of threat vectors that can be attacked at scale to disrupt or shut down manufacturing, utilities, energy companies and other critical infrastructure.
Along with the shift from espionage to sabotage, defenders must move from reactive to proactive security. This requires advancing beyond traditional vulnerability management workflows towards exposure management, a more dynamic, focused approach to identifying, assessing, and addressing potential vulnerabilities and risks before they can be exploited. It’s no longer just about patching, but understanding risky configurations, poor authentication, insecure remote connnectivity—and the role of compensating controls as a mitigation.
Pillar 5: Sustain Superiority in Critical and Emerging Technologies
This pillar says, “We will secure the AI technology stack—including our data centers—and promote innovation in AI security.” The emphasis on data centers is noteworthy, especially with the recent news of an Iranian strike on three Amazon data centers in the United Arab Emirates and Bahrain. While the damage done in the strike was devastating, the real story that lies in the wreckage is how integral data centers are becoming to society at large.
While data centers have long been the backbone of the digital economy, what’s different now is that AI workloads have dramatically increased the degree to which we rely on data centers for the proper functioning of modern society and everyday life. As a result, we are now living in a world where data centers are not just a target for hacktivist collectives and nation-state threat actors, but also for military forces in kinetic warfare.
A Common Goal
In reality, pillars 3, 4, and 5 of this document aren’t separate initiatives; they are all connected. The federal government is modernizing its own networks (Pillar 3) specifically to better protect and coordinate with critical infrastructure (Pillar 4), while emphasizing the importance of securing emerging technologies that play pivotal roles in modern society (Pillar 5).
These pillars represent the most explicit acknowledgement from the U.S. government that critical infrastructure is now a primary battleground of geopolitical conflict, and that harnessing the power of AI in our arsenal is not just an advantage but a necessity. As recent events have shown, a worst-case scenario is no longer rhetorical—it’s a very real possibility at any moment.
What this all boils down to is clear: operational resiliency and national security are in many ways one and the same. Ensuring operational resilience amid today’s geopolitical threat landscape means organizations must make cybersecurity—for both IT and CPS—a central component of their overall business and innovation strategy.
