In the quiet corners of our utility rooms and control centres, a strategic shift is underway. For decades, we have relied on the notion of a defensible perimeter, a digital wall intended to keep the bad actors out while allowing engineers and technicians to operate from within. But as the geopolitical landscape shifts and sophisticated nation-state actors like Volt Typhoon preposition themselves within our vital networks, that wall is more of a liability than a safeguard. The Cybersecurity and Infrastructure Security Agency (CISA) has responded with the Critical Infrastructure Fortify initiative. This isn’t just another set of guidelines; it is a call to action that urges operators to move beyond reactive defence and embrace a posture of proactive isolation. This initiative is built on three sobering assumptions: our connectivity will be unreliable, our networks are likely already compromised, and we must be prepared to operate in an isolated state for weeks or even months. This is a fundamental shift in architecture that requires us to rethink the nature of secure connectivity.
The first pillar of this new reality is accepting unreliable connectivity. In a geopolitical crisis, the telecommunications and internet services we take for granted may become unavailable or untrusted. The initiative explicitly warns that threat actors are targeting the software and hardware that facilitate our connections to third-party vendors and business networks. Traditional security models, which depend on constant communication with external authentication servers and cloud-hosted management consoles, will fail when those links are severed. Operators must now identify the vital Operational Technology required to maintain minimum service delivery targets while completely disconnected from the broader internet. This means moving away from a ‘defence-in-depth’ model that is porous and reactive toward a ‘resilience-by-design’ model where systems are architected to be self-sufficient. By proactively planning for isolation, we can cut off the command-and-control channels used by adversaries while ensuring that our water, energy, and transportation systems continue to serve the public, even in a degraded state.
However, the greatest obstacle to this isolation is often the very tool we once considered a security standard: the Virtual Private Network (VPN). VPNs are anchors that prevent true resilience in critical infrastructure. By design, a VPN creates a persistent, trusted path into the heart of a network, often granting broad access to an entire segment. If an adversary compromises a technician’s credentials or exploits a vulnerability in the VPN software itself, they have a literal highway for lateral movement across the environment. Furthermore, VPNs are inherently ‘connected’ technologies; they require a stable, external endpoint to function. This directly contradicts the goal of the Critical Infrastructure Fortify initiative, which is to be able to isolate vital systems from harm. When we use a VPN to manage a Programmable Logic Controller (PLC), we are not just providing access; we are exposing a pathway that can be exploited to brick our infrastructure. Removing the VPN is an act of fortification that prevents the total evaporation of security when the air gap fails.
The solution to this architectural dilemma lies in becoming disconnected yet connected through Zero Trust Architecture. At Agilicus, we believe that identity is the new air gap. With Agilicus AnyX, we enable a model where access is granted not to a network, but to a specific resource, and only after a rigorous, identity-based verification process. This allows a water utility or power plant to remain isolated from the public internet while still providing secure, granular access to authorized personnel as needed. Because AnyX is clientless and operates at the application layer, it provides a level of utility and ease of use that traditional methods cannot match. A technician can securely access a Human-Machine Interface (HMI) from a standard browser without the friction of specialized software or hardware tokens. Every connection is protected by Multi-Factor Authentication and recorded with a complete audit trail, providing the visibility required for compliance with standards like NERC CIP-003-9. This architecture ensures that even if a business network is compromised, the vital Operational Technology remains protected and reachable only by those whose identity has been verified.
The Critical Infrastructure Fortify initiative is more than a set of guidelines; it is a wake-up call for every operator of vital services. We can no longer afford the luxury of assuming our perimeters are secure or our connections are stable. The path to resilience requires us to embrace isolation as a proactive strategy and to replace outdated, network-centric tools with identity-centric solutions. By shifting to a Zero Trust model, we increase the security of our most critical assets while simultaneously improving the utility and efficiency of our operations. The air gap may be evaporating, but by treating identity as our primary barrier, we can build a fortress that is truly resilient against the threats of today and tomorrow. We must move beyond the defensible perimeter and toward an architecture that is defined by its ability to endure, recover, and continue delivering the essential services our society relies upon.