COMMENTARY: Across the country, military bases quietly support our national security and local prosperity. Places like Fort Bragg in North Carolina aren’t just platforms for power projection; They are deeply woven into the social and economic fabric of the regions where they are located. Fort Bragg alone contributes an estimated $8.8 billion annually to North Carolina’s economy.Also read:Without clear ownership, resilience efforts remain fragmented, slow, and ineffective.Most cybersecurity frameworks remain centered on traditional IT environments, offering little practical guidance for OT systems. Even when Congress mandates progress, implementation is fractured across silos. This breakdown in coordination puts people, missions, and infrastructure at risk.Military installations are wired for risk. Securing them demands a strategy rooted in clear governance, operational urgency, and human-centered purpose. At this crossroads of national defense and daily life, decisive action reinforces mission readiness and our responsibility to those who serve.
More than 500 military installations—comprising thousands of sites and hundreds of thousands of buildings—serve as places where service members and their families live, work, and raise their children. These bases are far more than training grounds; they are communities where schools operate, families settle, and futures are built. Like in any American town or city, the infrastructure supporting these places meets people’s foundational needs. That same infrastructure also sustains military readiness, and today, it faces mounting cyber threats.
Separated by design, reconnected by necessity
Military bases were originally built away from civilian centers to protect local populations and comply with the Law of Armed Conflict, which requires distinction between combatants and civilians. Over time, however, these intentionally separate facilities have been reconnected through electrical grids, rail lines, water systems, telecommunications, and broadband into the very civilian infrastructure they were designed to remain apart from.These connections—essential to daily life on base—now serve as entry points for adversaries. Foreign actors, particularly China, have already infiltrated U.S. critical infrastructure. They are embedding themselves deep within these systems, quietly positioning for maximum impact when the moment arises.China’s Volt Typhoon campaign illustrates this strategy in action. When American Water—the utility servicing 18 military installations—was targeted by a cyberattack in late 2024, the effects rippled across mission-critical military and community-serving systems.Critical systems in the dark
Inside every installation, an invisible nervous system keeps the lights on, the fuel flowing, the airfields safe, and the facilities running. This operational technology (OT)—from HVAC systems in barracks to access controls and water purification—forms the backbone of readiness and mission assurance.Yet these systems remain largely unmanaged, unmonitored, and fragmented across commands and contractors. The Department of Defense lacks a unified inventory of these assets, and no enterprise-level strategy exists to secure them at scale. These interconnected cyber and physical systems are essential to daily operations and remain exposed to adversarial disruption.The governance gap
Responsibility for cyber defense at military installations is distributed across a crowded field:- U.S. Cyber Command,
- The military services,
- Base commanders,
- Local utility partners,
- and civilian agencies.
A human-centered mandate
At the Institute for Critical Infrastructure Technology (ICIT), we define critical infrastructure not only by its role in national defense, but by its role in sustaining lives. People depend on clean water, reliable electricity, healthcare access, secure housing, and stable communications daily.Military installations are at the crossroads of these two perspectives on critical infrastructure. They represent national assets and human ecosystems—small cities with young families, working spouses, and transitioning veterans. Safeguarding them maintains operational continuity and ensures the daily security of those who serve.Our strategy must be grounded at this crossroads. By safeguarding installations, we protect our ability to mobilize and project power and deliver on our promise to care for those who defend it.What must happen now
The urgency is clear, and the roadmap is within reach. The Department of Defense must:- Integrate OT and cyber-physical systems into enterprise cybersecurity frameworks.
- Define clear ownership and accountability across installation, engineering, and cyber leadership.
- Map and monitor critical systems with the same rigor applied to kinetic threats.
- Train defenders and operators to manage these hybrid environments with confidence.
- Treat cyber resilience as both mission-essential and people-essential.




