Federal agencies are facing a growing cybersecurity challenge as operational technology systems converge with traditional IT environments.

Michael Overstreet, director of security solutions engineering for U.S. public sector at Cisco, joined Federal News Network’s Cyber Leaders Exchange 2025 to discuss how agencies can manage this complex threat landscape and avoid serious consequences.

The convergence of IT and OT has expanded the attack surface across federal networks. Devices that were once isolated, like heating and air conditioning systems and airport sensors, are now network-connected and often cloud-enabled. That connectivity brings both efficiency and risk, Overstreet said.

“Now, those things are very smart enabled, and they reach back to maybe an application running in a cloud,” he said. “That opens the door for an adversary to take advantage of a way into the network.”

Be aware that OT devices open the door to new threats

As agencies modernize their infrastructure, the integration of smart devices into operational environments has become routine, he said. These devices, once standalone systems, now communicate across networks and interface with cloud applications.

While this connectivity improves efficiency and data sharing, it also introduces vulnerabilities that adversaries can exploit, Overstreet pointed out. The shift from isolated to interconnected systems means that a breach in one device could potentially compromise an entire network segment.

The problem is compounded in classified environments where insider threats remain a top concern, Overstreet added. OT systems in secure facilities may be segmented, but they’re not always isolated. That creates new vectors for data exfiltration and disruption, especially when agencies lack visibility into how these devices operate, he said.

“You can’t protect what you can’t see,” Overstreet said. “If you don’t understand what’s coming on the network, discover those and continuously monitor those devices’ activities on the network, you can’t defend it.”

Cisco is working to address these challenges by offering a unified security architecture that spans both IT and OT domains. Overstreet pointed to tools like Cyber Vision, Identity Services Engine, and Secure Firewall as part of a broader strategy to implement zero trust and enforce segmentation.

Make visibility and segmentation central to defense

Overstreet emphasized that visibility is the cornerstone of any effective cybersecurity strategy. Without a clear understanding of what devices are present and how they behave, agencies are left blind to potential threats.

Cisco’s approach involves continuous monitoring and dynamic segmentation, allowing administrators to isolate suspicious activity before it spreads, he said. This strategy not only helps protect sensitive data but also ensures operational continuity in mission-critical environments.

The company’s recent acquisition of Splunk adds another layer of insight that permits agencies to monitor network behavior in real time and respond to anomalies more effectively, Overstreet said. He emphasized the importance of building trust across the entire environment, from switch to cloud to endpoint, and aligning with federal standards like those from the National Institute of Standards and Technology and FedRAMP.

Artificial intelligence and automation are also playing an increasingly larger role in federal cybersecurity. Cisco has been using machine learning for years, but Overstreet said newer generative and agentic AI models are helping analysts move from reactive to proactive defense.

That includes training AI systems to follow playbooks and enforce policy automatically to reduce the risk of human error during incident response. But Overstreet cautioned that technology alone isn’t enough. Agencies need skilled personnel who understand IT and OT systems as well as the cybersecurity principles that govern them.

Take proactive approach to security

The evolution of AI in cybersecurity is transforming how federal agencies respond to threats. Instead of waiting for alerts and manually investigating incidents, analysts can now rely on intelligent systems that detect anomalies and initiate response protocols. Cisco’s integration of AI into its security stack enables predictive analytics that help agencies anticipate attacks before they occur. This proactive stance is especially valuable in environments where downtime or data loss could have national security implications.

Finding people with the skills to manage in this environment can be challenging. Overstreet described the ideal candidate as someone with cross-domain expertise, comfortable with TCP/IP and cloud infrastructure but also familiar with SCADA protocols and zero trust frameworks. Collaboration and communication are just as important, especially as IT and OT teams are forced to work together more closely.

Training and hands-on experience are key to building that workforce. Overstreet said certifications can help, but real-world exposure is the best teacher. Agencies should invest in tabletop exercises and incident simulations to prepare their teams for the unexpected.

Looking ahead, Overstreet highlighted several emerging technologies that could reshape the IT-OT interface. Advances in identity-based zero trust, quantum-resistant cryptography and embedded threat detection at the industrial edge are all on the horizon.

AI will continue to move closer to OT environments, enabling faster and more precise responses to malicious activity, he said. The goal? Build resilient architectures that support operational continuity, even in the face of evolving threats.

Overstreet’s message was clear: “The complexity of modern federal networks demands a unified approach to security that blends technology, strategy, and human capability.”

