March 2026 marked a clear escalation in how cyber risk impacts critical infrastructure. From GPS disruption in global shipping lanes to identity-driven attacks on enterprise control systems, adversaries are increasingly targeting the systems that underpin physical operations. At the same time, AI is accelerating both the speed and scale of attacks, reinforcing the need for resilience-focused strategies built on continuous validation and control.

Cyber-Physical Disruption Signals Escalation Across Maritime and Industrial Supply Chains

More than 1,100 vessels experienced GPS and AIS disruption in the Strait of Hormuz following U.S.-Israeli strikes on Iran, with ships spoofed into false positions and maritime traffic degraded. In parallel, a drone strike on Qatar’s Ras Laffan helium facility forced the shutdown of LNG and associated production, removing roughly one-third of global helium supply and creating ripple effects across semiconductor manufacturing and other industries.

These incidents reflect a broader convergence of cyber and physical threats, where attacks on operational systems and industrial infrastructure increasingly intersect to disrupt energy security and global supply chains. This activity coincides with a surge in Iranian cyber operations, including pre-positioning within networks and coordinated campaigns targeting governments, infrastructure, and private sector organizations across multiple regions. Warnings from intelligence agencies and ISACs further highlight elevated risk to energy, transportation, and public infrastructure.

Together, this signals a clear convergence of cyber and physical disruption. Adversaries are establishing access before conflict, then combining cyber operations with physical attacks to degrade trust, availability, and continuity across foundational systems.

Security leaders should recognize this as a shift toward systemic disruption, where adversaries target the dependencies that enable global operations rather than individual enterprises. As explored in The Convergence of Cyber and Physical Threats: A New Reality for Energy Security, energy and industrial ecosystems are now deeply interconnected attack surfaces.

Identity-centric Zero Trust plays a critical role by continuously validating users, devices, and workloads, reducing the effectiveness of pre-positioned access and limiting the impact of coordinated cyber-physical attacks.

Critical Infrastructure Layers Already Exposed

Telecommunications and Global Connectivity Under Pressure

New industry analysis highlights growing concern around submarine cables and landing stations, which carry the majority of global internet traffic. Increasing geopolitical tension, combined with hyperscaler dependency, is elevating these systems into a primary security concern.

These highly distributed systems span vast, remote environments and face challenges similar to the energy sector, where pipelines and offshore rigs operate far from centralized control. Like those assets, subsea infrastructure is difficult to monitor, secure, and physically access. Their disruption would have immediate global consequences.

Telecom remains a consistently targeted sector. Canadian provider Telus confirmed a breach involving unauthorized access and extortion, reinforcing the sector’s exposure to cybercriminal activity. Separately, state-linked actors continue targeting telecommunications networks globally, compromising network-edge and core systems to establish persistent access.

Telecommunications now function as critical infrastructure supporting both civilian and military operations, making them a high-value systemic risk. Identity-based controls at landing stations, network nodes, and across network edges are essential to prevent unauthorized access and limit lateral movement within these environments.

Edge Infrastructure Under Siege: IoT Botnets and the Persistent Device Security Gap

An international law enforcement operation dismantled four major IoT botnets responsible for large-scale DDoS attacks, built from millions of compromised devices such as routers and unmanaged edge systems.

This highlights a persistent gap. Edge infrastructure remains poorly governed, often operating outside identity and access controls, with limited patching and visibility. These devices are increasingly used not just for disruption, but for reconnaissance and as footholds into broader environments. As distributed infrastructure expands, unmanaged devices become strategic liabilities. Identity-centric Zero Trust helps mitigate this risk by enforcing authentication at the device level, ensuring only verified systems can interact with critical infrastructure.

Identity as the Control Plane: The Stryker Incident

The cyberattack on medical device manufacturer Stryker highlights how infrastructure-adjacent enterprises are increasingly caught in geopolitical crossfire. The incident disrupted Microsoft-based systems, affecting manufacturing operations and downstream product availability.

Healthcare supply chains are deeply intertwined with national resilience, and disruptions to production introduce cascading risk across hospitals and emergency services. The uncertainty surrounding recovery underscores the growing need to prioritize resilience-focused security strategies.

In response, CISA urged organizations to harden endpoint management systems, noting that attackers exploited privileged access to Microsoft Intune (Endpoint management platform) in order to execute large-scale device actions. Guidance emphasized enforcing least privilege through RBAC, requiring phishing-resistant MFA for administrative access, applying conditional access controls, and implementing multi-admin approval for high-impact actions such as device wipes and configuration changes on enterprise IT management platforms.

Zero Trust-based Privileged Access Management (PAM) approaches strengthen defense-in-depth by limiting access, phishing-resistant multilayer MFA, and protecting critical systems even after compromise. When effectively implemented, zero trust-based PAM reduces operational disruption, shortens recovery times, and minimizes the economic impact of attacks.

AI Systems as Operational Actors and Risk Multipliers

An incident at Meta involving rogue AI behavior highlighted a growing risk in agent-driven environments. An internal AI agent generated and autonomously posted a response without user approval, which was subsequently acted on by another employee, triggering a chain of events that exposed sensitive company and user data to unauthorized personnel for nearly two hours.

The issue was not model failure, but excessive permissions and a lack of enforced controls. The agent was able to read, act, and interact with internal systems without sufficient constraint or validation. As AI agents evolve from assistants to operational actors, they introduce meaningful risk if access is not tightly governed.

Identity-centric Zero Trust ensures that AI actions are enforced by policy, limiting what agents can access and execute regardless of intent.

AI Accelerates Threat Activity and Expands the Attack Surface

Recent research underscores how quickly AI is reshaping the threat landscape. A Booz Allen Hamilton report found that attackers are using AI to accelerate reconnaissance, vulnerability discovery, and exploitation, allowing them to move faster than current defensive capabilities can respond.

Microsoft also warned that threat actors are integrating AI into their workflows to enhance phishing, automate intrusion techniques, and bypass traditional security controls.

As organizations rapidly deploy AI systems that introduce new, often ungoverned access paths, this dual dynamic is compressing attack timelines while expanding the attack surface. The window between initial access and operational impact is shrinking to near real time, making traditional detection-centric approaches increasingly ineffective.

This shift highlights the limits of a decade-long focus on detection. As AI-driven attacks become more frequent and more successful, security teams risk being overwhelmed by volume and speed. The model must evolve toward prevention and protection.

Identity-centric Zero Trust provides a consistent control framework to govern both human and machine identities, ensuring that access and actions are continuously verified and enforced as AI adoption accelerates.

Policy, AI Governance, and the Shift to Systemic Cyber Defense

AI Governance Signals: Federal Consolidation and the Emerging Control Plane

The White House released a national AI framework aimed at establishing a unified federal standard, signaling a shift toward treating AI as governed infrastructure rather than experimental technology. This reflects growing recognition that AI systems are becoming core to economic and operational environments, requiring consistent oversight and control.

As AI adoption expands, the risk centers on who can access and influence these systems. Without governance, AI introduces new pathways for manipulation and unauthorized automation. Identity-centric Zero Trust provides a control layer by enforcing validated access to AI systems, models, and workflows across distributed environments.

Policy and AI Governance Signals: Toward Systemic Cyber Defense

U.S. policy is increasingly focused on disrupting adversaries and the ecosystems that enable cyber operations, signaling a shift from reactive defense to more proactive and systemic approaches. As outlined in our recent blog post, Supporting the Objectives of President Trump’s Cyber Strategy for America, this direction emphasizes strengthening critical infrastructure resilience and expanding coordination between government and the private sector to address evolving threats.

Together, these dynamics highlight a transition toward systemic cyber defense, where resilience, visibility, and coordinated response are becoming central to national strategy. In this environment, identity-centric Zero Trust provides a consistent control plane that strengthens security posture while simplifying compliance across increasingly complex regulatory landscapes.