The Pre-Positioning Era: Rethinking OT Defense for an Adversary Who Is Already Inside

For most of the last two decades, operational technology security has been shaped by a single implicit assumption: that the adversary is outside, trying to get in, and that our job as defenders is to detect the attempt and stop it. Firewalls, intrusion detection systems, security operations centers, and incident response playbooks are all built around this picture. It is a picture that no longer matches the threat.

The defining shift of 2026 is not a new malware family or a new vulnerability class. It is a change in adversary behavior. Nation-state actors targeting critical infrastructure are no longer primarily pursuing immediate disruption. They are pursuing quiet, persistent access, preserved patiently for a future moment of their choosing. The industry has adopted a term for this: pre-positioning. And it asks defenders to confront a question that classical OT security was not designed to answer. What do you do when the adversary is already inside, and has been for months, and has no intention of revealing themselves until the moment it matters most?

The evidence of a shift

The 2026 threat reporting is unusually consistent on this point. The 2026 Waterfall Threat Report 2026 documents a relative decline in ransomware against industrial operators alongside a measurable rise in nation-state activity aimed at long-term access. Mandiant's M-Trends from 2026 describes a landscape of faster, more coordinated, and more industrialized campaigns, with an increasing share operating at the pace of intelligence collection rather than smash-and-grab monetization. The Dragos 2026 OT Cybersecurity Year in Review describes adversaries whose tradecraft favors persistence and operational mapping over immediate effect. The U.S. Office of the Director of National Intelligence's 2026 Annual Threat Assessment names pre-positioning explicitly as a concern for Western critical infrastructure, and an industry forecast this year projected that more than a third of global energy and utilities infrastructure will have experienced pre-positioning activity by the end of 2026.

Recent advisories have made the two distinct shapes of this threat unusually visible. The joint CISA, NSA, and FBI advisory on Volt Typhoon, originally issued in February 2024 and reaffirmed in the 2026 ODNI Annual Threat Assessment, describes a People's Republic of China-affiliated group that has maintained access in U.S. critical infrastructure networks for as long as five years, used living-off-the-land techniques rather than malware, and exhibited a pattern of behavior the advisory agencies authors assess with high confidence is inconsistent with espionage. The assessment is that the activity is pre-positioning for disruptive effects to be triggered at a moment of geopolitical choice. This is the canonical case: persistent, quiet, held in reserve.

The Iranian-affiliated activity documented in CISA advisory AA26-097A of April 2026 sits at the opposite end of the spectrum. Its purpose was disruption, not preparation. The operators manipulated PLC project files and HMI displays in U.S. water, energy, and government facilities to produce operational disruption and financial loss, in what the authoring agencies characterize as escalation linked to the U.S.-Israel-Iran conflict. Read together, the two advisories give the clearest available picture of the 2026 threat. A quiet adversary is already inside, and a noisy one is prepared to strike when the moment is judged right. A defensive model that addresses only one of these modes addresses neither.

For Israeli defenders, this landscape is neither surprising nor distant. The State of Israel has been a priority target for state-sponsored OT activity for years, and the relationship between escalation in the region and activity against critical infrastructure is by now well established.

Why pre-positioning defeats detection-centric defense

To understand why pre-positioning is such a difficult defensive problem, it helps to examine what a detection-centric security model actually assumes.

A detection model assumes that adversary activity is noisy. It assumes that an intruder will attempt to escalate privileges, move laterally, exfiltrate data, or deploy tooling, and that each of these actions will produce signals a well-instrumented defender can observe. The model further assumes that the time between intrusion and action is short enough so that alerts are operationally useful.

A pre-positioning adversary violates every one of these assumptions. Initial access is often obtained through mundane means, such as a compromised vendor credential or a misconfigured remote-access path, that do not look anomalous in isolation. Once inside, the adversary does not escalate. They do not move laterally in any pattern that distinguishes them from a legitimate engineer. They do not exfiltrate large volumes of data. They map. They learn the process. They identify the controllers that matter. They document the operational rhythm. And then they wait, sometimes for months, occasionally for years.

Against this pattern, detection is not useless, but it is structurally insufficient. There is nothing unusual to detect until the adversary decides there should be, and by that point the defender is no longer in a detection posture. They are in a response posture, against an adversary who has chosen the timing.

What the shift asks of defenders

If detection cannot be the center of the defensive model, what replaces it? The honest answer is that the center of gravity moves from observation to constraint. The question is no longer only what can we see, but also what can an adversary who is already inside actually do?

This is the architectural logic behind several concepts that have been accumulating weight in OT guidance over the past two years. The IEC 62443 vocabulary of zones and conduits, once treated as a compliance abstraction, becomes an operational tool for asking where an adversary present in one area can reach. The principle of least functionality, applied at the level of protocols and ports rather than applications, becomes a way of ensuring that an adversary with access to a conduit still cannot use it meaningfully. The reduction of implicit trust at the IT-OT boundary, and within OT itself, becomes a way of ensuring that initial access does not imply eventual access to the crown jewels.

None of these ideas are new. What is new is their priority. In a detection-first model, these controls were supporting architecture that made monitoring easier. In a containment-first model, they are the defense itself. Monitoring becomes the verification that the containment is working, rather than the primary line of protection.

There is a parallel shift at the organizational level that deserves explicit mention. A pre-positioning adversary targets the seam between IT and OT not primarily as a technical boundary but as an organizational one. They exploit the fact that vendor access is managed by one team, that engineering workstations sit in one domain while the controllers they configure sit in another, that the change-management process for OT is slower than the identity-management process for IT, and that incident response plans often assume a single owner of the affected environment. Closing these seams is a governance exercise as much as a technical one.

What this means for Israel

Israel occupies an unusual position in this conversation. We are a priority target, we operate under near-continuous pressure, and we have a concentration of technical talent and national coordination capability that few other countries can match. These are genuine advantages. They are also the reason the pre-positioning era is, for Israeli defenders, not a hypothetical future but an operating condition of the present.

The draft National Cyber Protection Law published in January 2026 is, in part, a recognition of this reality. The law's focus on essential organizations across communications, energy, healthcare, hazardous materials, and water infrastructure reflects a correct intuition about where the consequential targets sit. What the law cannot legislate, and what the professional community must supply, is the architectural philosophy that makes compliance into real defense. A baseline control set implemented against an outside-in threat model will not protect against an adversary who is already inside. The same controls, selected and prioritized against a containment-first threat model, will.

This is the adjustment the next several years will ask of us. It is not a call for new technology. It is a call for a sharper picture of the adversary we actually face, and the discipline to let that picture shape our choices.

The first question in every OT defensive review should no longer be how will we see them when they arrive. It should be what can they do if they are already here. The answer to that question, built into the architecture itself, is the work of the coming decade.

Sources

1. CISA, FBI, NSA, EPA, DOE, CNMF. Joint Cybersecurity Advisory AA26-097A: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across U.S. Critical Infrastructure. April 7, 2026.

2. Waterfall Security Solutions. Threat Report 2026.

3. Dragos. 2026 OT/ICS Cybersecurity Year in Review.

4. Mandiant. M-Trends 2026.

5. U.S. Office of the Director of National Intelligence. Annual Threat Assessment of the U.S. Intelligence Community, 2026.

6. International Electrotechnical Commission. IEC 62443 Series: Security for Industrial Automation and Control Systems.

7. NIST. Special Publication 800-82 Rev. 3: Guide to Operational Technology Security.

8. National Cyber Directorate, Prime Minister's Office. Draft National Cyber Protection Law, 5786-2026. January 22, 2026.