Meet Kwame Zaire, a seasoned manufacturing expert with a deep focus on electronics, equipment, and production management. As a thought leader in predictive maintenance, quality, and safety, Kwame brings a unique perspective to the critical intersection of operational technology (OT) and cybersecurity. With growing threats to U.S. critical infrastructure, particularly from sophisticated state-sponsored intrusions, his insights on implementing Zero Trust frameworks and safeguarding key assets are more vital than ever. In this conversation, we dive into the alarming reality of foreign efforts to disrupt essential services, the mindset shift required for robust defense, and practical steps for protecting industrial systems.
What’s the most concerning thing you’ve come across regarding foreign efforts, particularly from the Chinese government, to penetrate U.S. critical infrastructure?
Honestly, the most concerning thing is the sheer persistence and scale of these efforts. Reports indicate that these aren’t just one-off hacks but a long-term campaign to embed themselves deep within systems like power grids and water treatment facilities. It’s not about quick theft; it’s about positioning themselves to flip a switch during a crisis. The idea that they’ve likely been at this for years, building backdoors in critical systems, keeps me up at night. The targets seem to be anything foundational—think electricity, clean water, transportation hubs. If those go down, society grinds to a halt.
Can you paint a picture of what it might look like if these intrusions were used to disable essential services during a conflict or emergency?
Sure, imagine a coordinated attack during a geopolitical standoff or natural disaster. If adversaries have access to a power grid’s control systems, they could black out entire regions—hospitals lose power, emergency response systems fail, and chaos spreads. Or take water systems: they could manipulate treatment processes to make water unsafe, affecting millions. The damage isn’t just physical; it’s psychological. People lose trust in basic services. In a conflict, this could be timed to cripple military logistics or public morale, amplifying the impact of any physical attack.
Zero Trust for Operational Technology is often called a mindset rather than just a set of rules. How do you interpret that?
To me, it’s about fundamentally rethinking how we approach security. It’s not enough to set up a firewall and call it a day. Zero Trust means you’re always skeptical—every user, device, or connection is a potential threat until proven otherwise. Unlike traditional cybersecurity, which often assumes a safe perimeter, this mindset accepts that breaches can and will happen. It’s a shift from reactive to proactive, focusing on constant verification and minimizing damage even if someone gets in. For infrastructure, where a single failure can be catastrophic, this mindset is non-negotiable.
How do you get leaders in industries like manufacturing or utilities to embrace the idea of ‘assuming compromise’ and act as if an intruder is already in their systems?
It’s tough because it challenges the old-school ‘trust but verify’ approach many are used to. I start by showing them the stakes—real-world examples of breaches that cost millions or endangered lives. The hardest part is overcoming complacency; many think, ‘It won’t happen to us.’ I push them to visualize daily operations under this lens: limit who can access what, even among trusted staff, and monitor every action. For instance, in a factory, it might mean locking down machine controls so only specific, verified operators can make changes, no exceptions. It’s about building habits of caution.
Why is it so crucial to keep IT and OT systems separate when protecting critical infrastructure?
IT and OT have different priorities and risks. IT is about data and connectivity, often tied to corporate networks with lots of user access. OT runs the physical world—think factory machines or grid controls—where a glitch can cause real-world harm, like equipment damage or blackouts. If they’re not separated, a breach in IT, like a phishing email, can spill over to OT and shut down a plant. Segmentation, using things like one-way data diodes, ensures that even if IT is compromised, OT remains insulated. Balancing minimal connectivity for data sharing with strict barriers is tricky but essential.
What are some common oversights companies make when it comes to removable media and vendor access in their OT environments?
One big mistake is underestimating how dangerous a simple USB drive or a vendor’s laptop can be. Companies often lack strict policies, so an employee or contractor plugs in an unverified device, and boom—malware spreads to critical systems. I’ve seen cases where vendors are given broad access without oversight, using their own hardware that hasn’t been scanned. A practical fix is to enforce a ‘no external devices’ rule unless they’re sanitized first, and limit vendor access to isolated, monitored environments. It’s about treating every external touchpoint as a potential threat.
What’s your forecast for the future of cybersecurity in operational technology as threats continue to evolve?
I think we’re heading toward a landscape where Zero Trust becomes the baseline, not an option, especially for critical infrastructure. Threats will only get more sophisticated—adversaries are already using AI to craft attacks faster than we can respond. I expect tighter regulations forcing industries to adopt stricter OT security measures, alongside more investment in resilience, like offline backups and isolated operations. The challenge will be keeping up with the speed of innovation in attacks while training people to think defensively. If we don’t adapt quickly, the gap between threat and defense will widen, and the consequences could be dire.
