Critical Infrastructure Cybersecurity Guidance and Architecture to Reduce Telecom and OT Attack Surfaces
A virtual briefing hosted by the Institute for Critical Infrastructure Technology (ICIT) argued that telecom networks’ “crown jewels”—including signaling pathways and subscriber identity/metadata—remain high-value targets, and that traditional perimeter defenses are insufficient against advanced adversaries. The session cited activity associated with China-linked threat actors Salt Typhoon and Volt Typhoon as illustrative of systemic telecom weaknesses, and promoted privacy-first mobile-carrier design choices (e.g., minimizing exposed identifiers and reducing the long-term value of compromised data) as concrete controls to reduce attack surface and limit blast radius.
Separately, the U.K. National Cyber Security Centre (NCSC), working with CISA, the FBI, and other international partners, released guidance titled “Secure Connectivity Principles for Operational Technology” aimed at reducing exposed and insecure connectivity in OT environments, including nuclear-sector contexts. The guidance outlines eight foundational principles intended to help organizations protect OT networks from highly capable and opportunistic actors, including nation-state threats, against a backdrop of accelerating IT/OT convergence and increasing rates of OT/ICS-impacting incidents reported across critical infrastructure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
ICIT briefing highlights privacy-first mobile security for telecoms
A virtual briefing hosted by the Institute for Critical Infrastructure Technology argued that telecom operators should adopt privacy-first mobile-carrier architectures to reduce attack surface, limit blast radius, and better protect signaling systems and subscriber identity data. Speakers cited China-linked Salt Typhoon and Volt Typhoon activity as examples of why traditional perimeter defenses are insufficient.
NCSC and partners release OT connectivity security guidance
The U.K. National Cyber Security Centre, with partners including CISA and the FBI, released guidance titled "Secure Connectivity Principles for Operational Technology" aimed at reducing exposed and insecure OT connectivity and improving defenses against opportunistic and nation-state threats. The guidance was presented as especially relevant to critical infrastructure environments, including emerging nuclear reactor technologies.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Western Cyber Agencies Release Secure Connectivity Principles for Operational Technology
CISA, the UK **NCSC**, and multiple international partners released **Secure Connectivity Principles for Operational Technology (OT)** guidance aimed at reducing risk created by increased connectivity into industrial environments (e.g., industrial control systems, sensors, and other critical services). The guidance is positioned for operators of essential services facing business and regulatory pressure to enable remote monitoring and management, and it emphasizes that formerly *air-gapped* OT is now more exposed due to expanded remote access and IT/OT convergence. The guidance highlights that insecure or exposed OT connectivity is being targeted by a broad range of adversaries, including **ransomware groups**, **state-backed actors**, and **pro-Russia hacktivists** conducting opportunistic attacks against global critical infrastructure. Recommended defensive themes include **network segmentation**, **strong authentication**, continuous monitoring, and minimizing remote access paths to prevent disruptive incidents with potential real-world safety and service-delivery impacts; CISA also solicited stakeholder feedback via a product survey. Separate opinion pieces discussing AI in critical infrastructure and power redundancy risks in OT, and an industry roundup of Chinese cybersecurity companies, do not provide additional reporting on this specific guidance release.
Mar 21, 2026
Rising Risk of State-Linked Attacks on Power Grids and Operational Technology
Reporting highlighted growing concern that **state-affiliated and state-linked actors** are positioning for disruptive attacks against **operational technology (OT)** and critical infrastructure, with activity that may be difficult for operators to detect. A Codific analysis described five common pathways seen in disruptive grid-focused intrusions—often beginning with **human error or exposed perimeter services**, then escalating through **credential theft**, **remote access exploitation** (e.g., VPNs/gateways), **ransomware**, and misuse of **legitimate industrial commands** that can delay operations and complicate detection and recovery; it also warned that attacks on virtualized environments can hinder restoration efforts and that cascading impacts could be severe (e.g., Lloyd’s “Business Blackout” scenario estimating losses up to **$1T**). Recommended mitigations emphasized proven controls such as **phishing-resistant MFA** and **IT/OT segmentation**, rather than novel defenses. Separate commentary and media content also pointed to OT becoming a frontline in geopolitical escalation, including claims of a coordinated campaign tied to Iran-linked hacktivist activity targeting OT devices such as **Unitronics PLCs** used in water and industrial facilities, alongside psychological operations and SMS spoofing. Other items in the set were leadership/career/podcast-style content without specific incident or vulnerability detail and do not materially add to the OT/power-grid threat reporting.
Mar 21, 2026
US and UK Agencies Publish New Cybersecurity Guidance for Critical Infrastructure Environments
The National Institute of Standards and Technology (**NIST**) published a draft *Transit Cybersecurity Framework Community Profile* intended to improve cybersecurity practices in transportation systems that require continuous operations and connectivity. The voluntary draft, developed by NIST’s National Cybersecurity Center of Excellence (**NCCoE**), is open for public comment through **February 23, 2026**, and positions transportation as a critical-infrastructure area needing more tailored cybersecurity guidance. Separately, **CISA** and the UK’s **NCSC** released joint guidance titled *Secure Connectivity Principles* for **Operational Technology (OT)** environments, aimed at helping asset owners balance business-driven connectivity (remote access, data integration, cloud connectivity) with security risk. The guidance outlines eight high-level principles (e.g., limiting exposure, centralizing and standardizing access, using secure protocols, hardening boundaries) intended to be broadly applicable across critical-infrastructure sectors. An additional Help Net Security interview with Fermilab’s CISO discusses general cybersecurity challenges in open scientific research environments, but it does not materially relate to the NIST transit framework draft or the CISA/NCSC OT connectivity guidance.
Mar 21, 2026