Comply or collapse: Why President Trump’s Golden Dome for America depends on securing operational technology
The U.S. military is the most sophisticated fighting force in modern history. However, that doesn’t mean there have not been moments of unforced failure or unexpected setbacks. The surprise attack on Pearl Harbor, the Chinese intervention in Korea, and the fall of Kabul as recently as 2021: all of these episodes were driven by a failure to account for the capabilities, technologies, and cunning of an adversary.
With the threat of near-peer conflict at its highest since the end of the Cold War, President Donald Trump’s Golden Dome missile defense system is critical to protecting our homeland and deterring broader conflict. In an age where U.S. national security depends on more than just a nuclear arsenal but on timely, accurate access to information made possible by dominance in the cyber and space domains, it’s no question that Operational Technology (OT) systems are a warfighting imperative across every aspect of Golden Dome. To defend against such rapidly evolving threats, including countermeasures against unmanned aerial systems, we must leverage zero-trust principles to protect OT systems, the digital networks, and automated devices that control defense-critical systems.
The tools exist today to build a robust zero-trust framework for Golden Dome and its components. Therefore, what’s the problem?
Our nation is confronting adversaries with virtual capabilities to inflict significant harm on all citizens through cyberattacks on OT systems in water, power, communications, positioning, and other critical infrastructure we rely on for survival.
While many across the Department of War (DOW) leadership view securing OT as a serious issue, weapon system and program management offices treat cybersecurity requirements as unfunded mandates outside key performance parameters, with few accountability mechanisms in place. History provides examples of the danger of not securing OT. Recall that Sandworm (Russian hackers) carried out cyberattacks on the Ukrainian grid before invading the Crimean Peninsula in 2014. The reality of our strategic vulnerability is that the OT supporting Golden Dome’s installations, sensors, and weapons must be digitally secure to prevent physical disruption or sabotage.
The same cyber threats persist for DOW’s weapon systems and supporting assets, which remain largely unaccounted for, unsegmented, and exposed to adversaries like the Chinese Communist Party (CCP), who have affirmed their intent to disrupt or sabotage our military operations, logistics, and communications. This problem has metastasized over many decades because these systems were not designed with modern cybersecurity threats in mind.
While the DOW’s business systems are prime targets for espionage, our depot and shipyard automated systems, airfield fuel distribution systems, and water and power systems each represent an operational strategic attack vector. Where the Cold War required us to harden our physical infrastructure to achieve force protection, today’s equivalent is enforcing zero trust and other cybersecurity performance factors for Golden Dome. The Secretary of War, working with U.S. Northern Command, the Space Force, and the Missile Defense Agency, must prioritize defending Golden Dome’s OT systems, as they’re integral to mission assurance.
Golden Dome planners must prioritize funding to create and sustain cyber protections, as well as leadership accountability for timely results. Step one is a well-crafted, integrated policy framework that mandates zero-trust principles as a backbone for Golden Dome. This policy must ensure that we discover, validate, microsegment, and continuously monitor every digitally enabled asset that interacts with the system, whether it is IT or OT. It needs to be embedded in the cybersecurity statement of work and included as a go/no-go evaluation criterion in the statements of need for every component, leveraging the Comply-to-Connect program. This policy must also outline a deployment timeline consistent with the system’s initial and full operational capabilities.
Step two involves expressly budgeting for the zero-trust principles and ensuring that funding protections are mandatory system requirements; anything less dooms the effort to failure.
Step three means following through: Sustaining zero-trust and other cyber protections throughout the life cycle of Golden Dome must be elevated to a mission-critical status, with command-level visibility and defined performance metrics tied to readiness assessments. Operational commanders must be empowered and held accountable for cyber readiness, rather than merely passing a Cyber Operational Readiness Assessment (CORA) audit to maintain access to the Department of Defense Information Network (DODIN). Given our understanding of the threats facing Golden Dome, failing to accomplish these three steps will jeopardize mission success.
Cyber vulnerability is not an IT problem; it’s an operational challenge for commanders. Understanding this new “art of war” and its implications for the national security assets under their charge is crucial for every commander.
The bottom line is that this is a question of finite resources, of priority and will. DOW leadership and Congress must ensure that an unambiguous policy is in place for securing this system of systems, leveraging the success of the Comply-to-Connect program. Next, allocate and protect the funds needed to adapt, deploy, and sustain zero-trust security for the core system and its components as they come online. Finally, make this a commander’s issue: demand urgency, demand visibility, hold teams accountable, and integrate cyber into all aspects of operations and readiness. Tomorrow’s conflicts will demand a dynamic approach that allows the U.S. military to account for all adversarial assets, not only on land, sea, and air, but in the cyber and space domains as well.
Rep. Pat Fallon represents Texas’ Fourth Congressional District. He is a member of the House Armed Services, Oversight, and Intelligence Committees.
