At One World Trade Center, an extraordinary gathering of security leaders and industry executives took place under the auspices of the Global Cyber Innovation Summit (GCIS). The exclusive security briefing, titled “National Security Threats to U.S. Critical Infrastructure”, brought together former national security officials, policy experts, technologists, CEOs of major utilities, and selected members of the press for a closed-door discussion on the escalating threat landscape and the urgent need for systemic responses. What made the session particularly significant was its emphasis on shifting the conversation from abstract cyber risk to the tangible, real-world consequences of attacks that target operational technology—the very backbone of energy, water, and transport systems.
The event opened with remarks by Bob Ackerman, GCIS founder and chairman, who framed the stakes in plain terms: attacks on critical infrastructure are no longer theoretical exercises, but existential threats to societal continuity. Ida Kristensen of McKinsey & Company followed with a sobering strategic briefing, noting that global operational technology breaches pose a staggering $31.1 billion in average risk over the coming year alone. Her analysis underscored that ransomware and nation-state campaigns have evolved into highly specialized threats, engineered to exploit vulnerabilities at the intersection of IT and OT systems. The message was unambiguous—boards of directors and CEOs must treat OT security as a first-order strategic issue, not a buried line item under IT budgets.
The centerpiece panel brought the weight of unparalleled experience. General Paul Nakasone, former head of NSA and U.S. Cyber Command, alongside former FBI Director Christopher Wray, American Electric Power CEO Bill Fehrman, and Dragos CEO Rob Lee, dissected how adversaries are increasingly demonstrating a sophisticated grasp of industrial protocols. Moderated by James Rundle of The Wall Street Journal, the panelists pointed to ransomware campaigns that deliberately pivot from corporate IT into power grids, pipelines, and manufacturing systems—turning what once might have been a financial extortion scheme into a national security crisis. Their exchange captured the dual reality facing the U.S.: adversaries are innovating faster, and the defense of infrastructure requires unprecedented collaboration between the public and private sectors.
The keynote by Thomas Fanning, former Southern Company chief and longtime co-chair of the Electricity Subsector Coordinating Council, reinforced the central theme: cyber risk in operational technology must be elevated to the highest levels of corporate governance. Fanning urged boards to integrate OT security into regular strategic deliberations, warning that complacency is the true vulnerability. His remarks echoed a growing consensus that the siloing of IT and OT functions is no longer viable. The future of resilience lies in cross-functional collaboration, with executive leadership directly engaged in ensuring continuity of essential services.
Ackerman closed the session with words that resonated beyond the boardroom. “The threats we discussed today aren’t just about stolen data—they’re about keeping the lights on, the water flowing, and our communities safe,” he said. The comment captured the core anxiety at the heart of the briefing: attacks on critical infrastructure are not simply cyber incidents, but potential catalysts for widespread societal disruption. For attendees, the message was clear—national resilience requires not just technological defense, but leadership willing to place infrastructure security at the very top of the strategic agenda.
Leave a Reply