Securing a Regional Utility’s OT Network

The following is an illustrative scenario, drawn from the kinds of challenges a regional utility faces, to show how owner-controlled trust applies to operational technology. No customer is named, and the account is qualitative.

A regional utility runs grid, water, and renewable assets monitored by an estate of operational technology — controllers, sensors, and cameras spread across substations and remote sites. Much of that equipment cannot run a security agent: it lacks the resources for encryption or a programmable interface, or runs legacy systems that can no longer be patched. At the same time, national cyber leaders have warned that state-sponsored actors have pre-positioned inside compromised routers and smart hardware, and the hardware already inside the network may itself be the threat. The utility could not afford to take operations offline, and a wholesale replacement of field equipment was out of the question.

Rather than replace the OT, the utility placed US-made, Cyber-Assured Pods and Portals in front of it. Each device was protected simply by connecting it behind a Pod, with no software installed on the device itself — whatever connected behind it joined a private, owner-controlled network. Adoption used the utility’s own network key, created and held on its own devices, exchanged out-of-band so nothing was exposed to the internet and no IT ticket was needed. The encryption keys stayed with the utility; no one else, including Faction, held them. The control plane sat off the public internet, leaving the network invisible to attackers.

• Grid, water, and renewable OT brought inside an owner-controlled network without agents on the devices
• Devices made reachable only from inside the network, removing the public-internet attack surface
• Every connection cryptographically verified before access — no shared passwords, no anonymous connections
• Deployment alongside existing infrastructure, mitigating compromised hardware already in place

The utility extended Zero Trust to equipment that had been outside any endpoint security model — without disrupting operations and without rip-and-replace. Field devices that could not defend themselves now sit behind assured hardware on a network the utility owns and controls, invisible to outside attackers and resilient against adversaries who pre-position in the supply chain. The keys remained with the utility throughout. Control, and peace of mind, over critical infrastructure that keeps essential services running.