Stealth Networks for Critical Infrastructure: Rethinking Defense-in-Depth
The Inadequacy of Visible Defenses in Critical InfrastructureCritical infrastructure operators face a fundamental asymmetry: attackers need only one unguarded path, while defenders must protect every vector. Traditional defense-in-depth relies on layers of firewalls, intrusion detection systems, and segmentation—all of which are visible to adversaries who have achieved initial foothold. Once inside the network perimeter, an attacker can map the architecture, identify high-value assets, and move laterally with increasing confidence. The core problem is that our defenses are observable, and observability is the enemy of resilience.Consider a typical electric utility control network. It employs firewalls between the corporate IT zone and the industrial control system (ICS) zone, plus application whitelisting and network monitoring. Yet, in a scenario drawn from real incidents, a phishing email gave an adversary access to a low-privilege workstation. From there, they used standard network scanning tools to discover the ICS subnet, identified a programmable logic controller (PLC)