By John E Hargrove PE

The modern grid is no longer a fortress. With substations, transmission systems, SCADA, and power plants tied into wide-area networks and cloud platforms, the walls that once kept operations safe have crumbled. What we’ve gained in efficiency and visibility, we’ve lost in isolation. That shift has made critical infrastructure an irresistible target—and adversaries have noticed.

A Wake-Up Call From the Frontlines
Between 2017 and 2019, I was in the trenches helping build secure networks for substations, transmission, SCADA, and low-impact power plants. We didn’t have the luxury of bespoke, defense-only systems. We leaned on best-of-breed commercial off-the-shelf solutions and focused on fundamentals: strong isolation, basic filtering, and just enough intelligence to flag anomalies that didn’t fit the baseline.

That last piece—anomaly detection—mattered most. In OT, the stakes aren’t just about stolen data. A single irregularity could cascade into a power outage, damaged equipment, or worse. We learned to watch the edges carefully, to spot the faint signals of threats that hadn’t yet made the news.

Salt Typhoon and the Reality of Today’s Threats
Fast forward to now: groups like Salt Typhoon have penetrated most Western OT systems. They don’t always need a zero-day exploit or an exotic toolset. They prey on policy lag, unpatched equipment, and the misplaced confidence that last year’s firewall is good enough for this year’s adversary.

Salt Typhoon’s presence across Western infrastructure should be a wake-up call. If they’re already inside, the question isn’t if they’ll be used, but when. Detection, response, and resilience have to become as fundamental as generation, transmission, and distribution.

Zero Trust and Layered Defense—No Longer Optional
For operators, that means embracing zero trust:

• Never assume internal traffic is “safe.”
  
• Segment ruthlessly between IT and OT networks.
  
• Require strong, multi-factor authentication everywhere.
  
• Encrypt everything that crosses a WAN or microwave link.
  
• Monitor continuously and treat anomalies as early warnings, not annoyances.
  

Defense-in-depth is not theory—it’s survival. A single wall is never enough.

Policy: Fighting the Last War
The biggest gap isn’t technology. It’s policy. Utilities remain excellent at fighting the last war—buying tools and writing procedures to counter yesterday’s tactics—while adversaries adapt in real time. The delay between policy recognition and field implementation gives attackers the edge. Every month spent debating frameworks is another month adversaries tighten their grip inside our networks.

Resilience as the Mission
Prevention will never be perfect, so resilience must become the mission. Rapid recovery plans, redundant systems, and trained personnel who know how to act in the first minutes of an incident are non-negotiable. Standards and audits help, but they cannot replace a culture that treats cybersecurity as inseparable from safety and reliability.

The Way Forward
The grid of the future will be smarter and more connected. It must also be hardened—against Salt Typhoon, against the next wave of actors, and against the complacency that assumes “it can’t happen here.” Cybersecurity is no longer a compliance checkbox. It’s a core operational responsibility, as vital as voltage stability and worker safety.

The threats are already inside. The question is whether we will adapt fast enough to push them back.

Five Steps You Can Take Today to Secure OT and WAN Systems

1. Segment IT from OT traffic immediately
   Don’t let office networks and operational controls share the same flat space. Even a basic firewall or VLAN separation creates a first line of defense that limits lateral movement if IT is compromised.
   
2. Turn on multifactor authentication for all remote access
   VPNs, vendor logins, engineering laptops—anything that touches OT should require more than a password. MFA is one of the fastest, lowest-cost ways to stop credential theft from becoming a breach.
   
3. Patch what you can, isolate what you can’t
   Legacy devices in substations and plants often can’t be updated quickly. Where patching is impossible, put those assets behind filtering firewalls and strictly control who can reach them.
   
4. Start monitoring for anomalies now
   Even if you don’t have a full SIEM or SOC, set up logs, SNMP traps, or NetFlow exports from critical routers, firewalls, and servers. A simple alert on unusual traffic or logins can give you early warning before attackers pivot deeper.
   
5. Drill a “cyber incident tabletop” with your team
   Take an hour and walk through: What if Salt Typhoon or ransomware locked us out today? Who calls whom? How do we run manually? Practicing the basics builds muscle memory and reveals gaps long before a real crisis hits.

If you’d like hands-on guidance to put these steps into practice, contact us for a customized “How-To” session this fall (2025).
It’s a $5,000 value, available at a low cost to help utilities and operators strengthen OT and WAN security before the next threat wave hits.

📧 Reach out at john@johnhargrovepe.com to reserve your session.