Putting systems online that should be offline...it’s one of the riskiest moves a business can make. But it’s also one of the most tempting.
First, some definitions. By “online” I don’t just mean connected to the internet. I mean any system or device that can send or receive data to or from a remote device, where “remote” simply means not on the same premises. Definitions matter, for they ultimately shape a mental model to address problems.
So why is putting critical systems online dangerous? Because it opens them to attack vectors they were never designed to handle, including nation-state actors. These aren’t just hypothetical risks, but breaches and downtime that can cost $10M–$100M, or worse: human lives.
And yet… there’s a reason companies are doing it anyway.
The Business Case for Going Online
Digitization brings clear advantages: faster diagnostics, more responsive maintenance, tighter data loops between edge systems and AI-driven platforms. In some industries, this can unlock $3M+ in annual value. The very move that introduces risk can also deliver more uptime, more insight, and more profit.
This is the paradox of digitizing critical systems. It’s risky. But ignoring it is even riskier, because you will be left behind. It is like wishing away steam engines during the industrial revolution.
So What Do We Do?
If we’re going to connect critical systems, we need to do it right. And that starts with four fundamental questions:
Is the data coming from or going to the right system?
Is the data in the right state?
Is the data safe from adversaries?
Is the system and data always available?
If these sound familiar, it’s because they map directly to the CIA Triad—Confidentiality, Integrity, and Availability—with a critical fourth addition: identity. Because if identity fails, everything else fails with it.
Let’s be blunt:
Without strong identity, a bad actor can impersonate a trusted system, device, or human.
Without integrity, data can be poisoned.
Without confidentiality, adversaries can harvest data for strategic sabotage.
Without availability, everything stops.
So what really matters?
Three things: identity management, encryption, and resilience.
Get These Three Right, And You Can Digitize Safely
Yes, there are countless threats: MITM, denial-of-service, supply-chain compromises. But the truth is, all of them exploit weaknesses in one of those three domains.
Strong identity + strong encryption = no MITM.
Strong identity + resilience = denial-of-service resistance.
Strong identity + data safety = supply-chain defense.
I’m not saying perfecting these three is easy. I’m saying that if we did perfect them, digitizing critical systems wouldn’t be dangerous at all.
This isn’t wishful thinking. It’s a mental model. Understanding why things break is the first step to building something safe and reliable.
Why This Matters
Unfortunately, many are pushing dangerous advice. They treat a 5G link or a diode as a magic bullet. But if the system lacks resilience, it’s still vulnerable to DoS. If identity management is weak, the diode doesn’t matter. If the supply chain is compromised, 5G is irrelevant.
Basic security measures might suffice in some scenarios, but that doesn’t make them universally adequate. Especially in sensitive environments where the stakes are much higher.
We need to stop mistaking partial solutions for complete answers. First, we must precisely define and understand the problem, before we can arrive at a meaningful solution.
Don’t settle for checkbox security. Understand the risks and build systems to survive them.
