Skip to content

Why Is Now the Time to Reassess Critical Infrastructure Security?

Mark Freedman |    November 21, 2025

Wireframe view of a BIM model of civil infrastructure

Contents

Rise in Assassinations Spurs Demand for Better Intel

Navigating Modern Privacy Laws: Challenges & Future Trends

Duty of Care in Corporate Security: A Strategic Guide

By Mark Freedman

Each November, Critical Infrastructure Security and Resilience Month provides a reminder of what’s at stake. From the power grid and pipelines to water systems and data centers, America’s critical infrastructure is the foundation of our national and economic security. Yet critical infrastructure faces greater threats than at any point in recent memory. The threat environment has become multidimensional, with cyber, physical, and geopolitical risks intersecting to create an increasingly complex landscape both for government and private sector companies.

 

A Converging Threat Picture

The traditional separation between national security and corporate security is increasingly non-existent. Critical infrastructure, which is largely owned and operated by private sector companies, is consistently targeted by foreign adversaries, terrorists, and criminals. Some of the most notable threat streams in 2025 include: 

  • The Chinese state-sponsored hacking group Volt Typhoon continues to pre-position itself within U.S. critical networks, ready to disrupt operations if conflict breaks out in the Indo-Pacific. 
  • Russia has expanded gray-zone sabotage efforts against NATO member countries’ critical infrastructure in an effort to undermine Western support for Ukraine.
  • Domestic extremists target power substations to advance their ideological agendas, with increasingly innovative use of technologies such as drones.
  • Cybercriminals leverage ransomware while “old-school” criminals run copper wire theft and railway heist rings, all against critical infrastructure targets. 
  • Assassination plots – both from state actors and lone individuals – are focused on the CEOs of critical infrastructure companies, in addition to political leaders and figures.

All of this plays out against the backdrop of aging infrastructure built for a different era. Decades-old substations, outdated control systems, and vulnerable legacy networks now sit at the center of the reticle of state adversaries, criminals, and ideologues.

 

Getting Left of Bang: Exploiting OSINT To Protect Critical Infrastructure

 

The Need for Holistic Security Strategy

In this environment, the most resilient organizations are those that understand the full spectrum of threats and organize themselves accordingly. This requires moving beyond a “Guns, Gates, Guards” approach to security toward a proactive strategy undergirded by strong intelligence. 

Critical Infrastructure Security and Resilience Month is the perfect time for every critical infrastructure organization to take a step back and conduct some strategic re-evaluation of their security program. Given the threats and trends facing critical infrastructure in 2025, the following questions are a good place to start:

  • Do we have a holistic security strategy that integrates – or, at a minimum, coordinates – cybersecurity, physical security, and related disciplines such as continuity, resilience, crisis management, threat management, travel risk, event security, fraud mitigation, supply chain security, and others as appropriate to our organization?
  • Do we have an intelligence capability, including ideally a formalized intelligence program aligned to the intelligence cycle that leverages a combination of in-house personnel and processes with a right-sized mix of tools, technologies, and external sources of information?
  • Given the rise in threats to executives in 2025, do we have a formalized executive protection program in line with industry standards, integrated with the rest of our security program, and fit-for-purpose given our critical infrastructure status (i.e., potential national and economic ramifications of a CEO assassination)? 
  • Are we prioritizing cross-organizational collaboration whereby the security team takes a lead role to gather relevant stakeholders across the business – government relations, communications, risk, legal, procurement, human resources, etc. – to ensure we have a whole-of-business approach to critical infrastructure security?

 

From Corporate Risk to National Security

Critical infrastructure security is national security by another name. The companies that own and operate America’s pipelines, grids, ports, and communication systems are part of the nation’s defensive perimeter. Their resilience directly affects military readiness, economic stability, and public confidence.

That reality carries responsibility. Security leaders must ensure their organizations not only meet regulatory requirements but also contribute meaningfully to the broader mission of national resilience by prioritizing proactive threat awareness and security leadership within individual companies and across industries.

 

 

Mark Freedman, Principal & CEO, Rebel Global Security

Mark Freedman

Principal & CEO, Rebel Global Security

Mark Freedman is Principal and CEO of Rebel Global Security and was formerly the Chief of Staff for the U.S. Department of State’s Counterterrorism Bureau. This post is part of Liferaft and Rebel’s collaborative work to analyze the evolving global threat environment and provide critical insights to private sector and government clients.

 
Threat Intelligence Critical Infrastructure Cybersecurity Corporate Risk Management Threat Intelligence Strategies Security Compliance Supply Chain Threat Intelligence Physical Security

Rise in Assassinations Spurs Demand for Better Intel

Navigating Modern Privacy Laws: Challenges & Future Trends

Duty of Care in Corporate Security: A Strategic Guide
Previous

Dark Web Monitoring for Holiday Fraud