FBI warns edge and operational-technology gear are being targeted by nation-state actors

Josh Blanchard and Tashiana Bridal said attackers are living at the network edge—routers, switches and VPN concentrators—and that these devices often lack logging and automated patching, making intrusions harder to detect.

"That's where they're now living," Blanchard said of adversaries targeting edge devices. He emphasized that network defenders have hardened endpoints, but the scale and manageability problems of edge devices have shifted the operational focus.

Leatherman cited multiple operations and recent campaigns to illustrate the risk: "Cyclops Blink... Operation Dying Ember... Veil Typhoon and Salt Typhoon and Flax Typhoon," and warned that actors can weaponize known vulnerabilities for routers and switches within hours. "We have recent examples within 12 hours or 24 hours in which these nation state threat actors are gonna weaponize... for routers, firewalls, switches, VPN concentrators," Blanchard said.

Panelists recommended concrete steps: maintain an accurate inventory of internet-facing and OT systems; plan for replacement of end-of-life devices and budget accordingly; add logging on OT systems and test manual fallback controls to permit operations without networked automation. "The first time that your OT operators are talking to IT shouldn't be when there's a critical incident," Bridal said.

They cautioned about third-party appliances and supply chains: organizations should review contractual access to logs and remote-management tools and avoid giving unnecessary privileged access. When third parties host logs or provide remote services, contracts should specify notification and access rights so incident response can proceed without delay.

The briefing included several sector examples—SolarWinds, Hafnium and Kaseya—to underscore how supply-chain and outsourced-services compromises can create cascading impacts across many organizations.