Iranian cyber actors’ use of brute force and other techniques to compromise organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors.

It seems they’ve abstracted the term “critical infrastructure” to refer to the organizations that perform critical functions within society, not necessarily the networks running nuclear power plants.

But also, commercial entities don’t exactly have access to NSA encryptors… so your alternative is to disconnect everything. And that’s not feasible.