By Chuck Brooks, President of Brooks Consulting International
In recent years, cyber attacks on the nation’s critical infrastructure have been relentless. In 2025, that pattern unfortunately continues as emerging technologies such as artificial intelligence are being adapted in the attacker tool chests. Due to the participatory, open and accessible nature of democratic societies, safeguarding vital infrastructure is a challenging task. As IT and industrial control systems become more digitally connected (and interdependent), critical infrastructure is confronted with a complex and ever-changing range of cybersecurity issues.
The private sector owns around 85% of the essential infrastructure in the U.S., while the public sector regulates it. This includes defense, oil and gas, electric power grids, healthcare, utilities, communications, transportation, education, banking, and finance. In order to operate and safeguard vital infrastructure, the public and private sectors must collaborate closely. Public-private cooperation success is dependent on information-sharing, planning, investment in emerging technologies, and allocation of resources coordinated by both the public and private sectors in a special working partnership.
The prosperity of the U.S. is dependent on critical infrastructure, and tackling its dangers necessitates a strong, well thought-out security plan that involves collaboration between the public and private sectors. The same security components that safeguard physical security also defend cybersecurity: layered vigilance, preparedness and resilience.
Learn more about the ins and outs of government cybersecurity and meet GovCon Expert Chuck Brooks at the 2025 Cyber Summit this Thursday, May 15!
AI Enters the Cyber Realm
AI tools have significantly exacerbated the cyber threats against critical infrastructure. In order to develop adaptive threats that may elude conventional security measures, such as sophisticated malware and automated phishing attempts. AI is currently being used by cyber criminals to automate processes like fabricating fake company profiles and using big language models to create more convincing spear-phishing messages. State-sponsored cyberattacks are on the rise, and AI is being used to hone these attacks on vital infrastructure, especially in industries like energy and telecoms.
State-sponsored cyberattacks targeting key infrastructure in the United States are on the rise, according to the FBI. Deputy Assistant Director Cynthia Kaiser described how Chinese state-sponsored cyber groups employ AI throughout their assault operations. She admitted that these endeavors don’t always result in success, but AI makes them faster and more effective. Cyber criminals are increasingly sophisticated in their operations, targeting sectors such as government, telecommunications, electricity and water, often remaining undetected for extended periods.
At a panel discussion at the RSAC Conference 2025 titled “AI and Cyber Defense: Protecting Critical Infrastructure,” federal representatives talked about the continuous cybersecurity threats that jeopardize various aspects of critical infrastructure and the steps that may be taken to reduce those risks.
What Is Critical Infrastructure?
Critical infrastructure is a very broad term that encompasses 16 categories, according to Rob McHenry, acting director at the Defense Advanced Research Projects Agency, who spoke at the panel. These include chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, medical and public health, information technology, nuclear (reactors, materials, waste), transportation, and water.
According to McHenry, there are over 55,000 separate water processing districts in the U.S., demonstrating the size of each of those categories alone. Another panel participant, though, described how the U.S. has over 300,000 traffic lights, each of which is supplied by a different independent vendor with a different firmware and software version. The fact that many of these signals are (or make use of) older goods is not even taken into consideration.
Recently, there were serious regional and global concerns about the extent and velocity of the power outage that left a sizable portion of Spain and Portugal without electricity. It was found that the incident was not a cybersecurity problem, but it did highlight how vulnerable electrical systems are.
The basic fact is that the infrastructure of the U.S. electrical grid is also not up to date to meet the demands of the new data era and the expanding computational demands. It is also extremely vulnerable to physical threats, natural disasters and cyberattacks, all of which could have catastrophic outcomes. The energy ecosystem depends on ‘the grid’ for a number of critical infrastructures, including stock markets, data centers, telecommunications, medical care, food and agriculture, water, and satellite ground systems.
Cyber Aggression Toward CI
Cyber attacks on the energy industry are on the rise, mostly due to technological and geopolitical factors. 67 percent of respondents to a Sophos study of 275 IT and cybersecurity executives from the energy, oil and gas, and utilities sectors in 14 countries stated that their companies had experienced a ransomware assault over the previous 12 months. In 2024, the non-profit international regulatory body known as the North American Electric Reliability Corporation, a.k.a. NERC, which upholds industry standards in the U.S. and Canada, stated that cyberattacks are growing more frequent on American power systems. Electrical networks are becoming more vulnerable by almost 60 points every day, according to NERC.
In order to survive the growing threats of cybersecurity, many of the Supervisory Control and Data Acquisition, or SCADA, networks that power firms employ to control their industrial systems must be updated and reinforced.
That will require investments in innovative technology and processes. It’s challenging to defend vital IT, operational technology and industrial control systems against cyberattacks. They all have different entry points, operational frameworks, and a range of both new and legacy technology. It is frightening how many connected devices make up the Internet of Things and the Internet of Industrial Things. Hackers’ opportunities for surface attacks on all digital infrastructures are being redefined by the trends of hardware and software integration and the expansion of networked sensors.
Cyber Attacks From Abroad
Last year, the People’s Republic of China launched a state-sponsored cyberattack called Salt Typhoon that compromised sensitive systems and revealed weaknesses in vital telecommunications infrastructure by infiltrating at least eight U.S. communications corporations. This was a component of a large-scale espionage operation that has impacted numerous nations. The incident emphasizes how urgently strong cybersecurity frameworks are needed to guard against growing threats to the telecom industry.
Ransomware is still a preferred method of attack on key industries because it is lucrative. It involves criminal gangs often supported by state sponsors. NTT Security Holdings’ 2024 Global Threat Intelligence Report states as much. Financial services, supply chains, and critical infrastructure are the area’s most at danger from ransomware. Because service interruptions can have a life-altering impact, the top industries that threat actors target need near-perfect uptime. This increases the likelihood that they will pay a ransom to regain access to their critical systems and data.
Recently, ransomware operations targeting businesses in the healthcare and public health sector and other critical infrastructure sector institutions were launched as part of North Korean state-sponsored cyber activities.
Because of these incidents, the U.S. government has been giving risk management and threat detection a higher priority in order to protect against increasingly sophisticated malware and automated attacks that target critical infrastructure. This is due to the vulnerabilities to national security and the evolving threat matrix of hackers, which is enhanced by newer technology tools like AI.
How Can the U.S. Protect Itself?
An efficient risk management strategy requires information exchange that enables industry and government to stay up to date on the most recent ransomware, phishing, malware, viruses, insider threats and denial of service assaults. Increasing operational resilience against this threat requires giving repairing known exploited vulnerabilities top priority. The success of event mitigation also depends on the working protocols for resilience and lessons learned that are established through information exchange.
According to the Cybersecurity and Infrastructure Security Agency, “The safety and security of the nation depends on the ability of critical infrastructure owners and operators to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. We must accept that it’s a whole of community responsibility to prepare and secure the nation’s critical infrastructure and protect the vital services it provides, so when something does happen, we are better able to respond to and recover from any impacts. We can do this by building resilience into our preparedness planning year around [sic] by understanding the threat landscape and assessing risks; creating and exercising actionable plans; and continually adapting and improving based on lessons learned.”
There is much to protect when it comes to critical infrastructure. There will always be weaknesses in an ecosystem that combines digital and physical communication, and a breach or misconfiguration can have disastrous consequences. Protecting critical infrastructure requires understanding and mitigating AI threats, reducing changing risks and being more resistant to intrusions. Preparedness and resilience are the key ingredients of that urgent quest.
