WASHINGTON — Hackers linked to Russia’s government launched a cyberattack last spring against municipal water plants in rural Texas. At one plant in Muleshoe, population 5,000, water began to overflow. Officials had to unplug the system and run the plant manually.
The hackers weren’t trying to taint the water supply. They didn’t ask for a ransom. Authorities determined the intrusion was designed to test the vulnerabilities of America’s public infrastructure. It was also a warning: In the 21st century, it takes more than oceans and an army to keep the United States safe.
A year later, countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes — and the chances that a cyberattack could cause significant economic damage, disrupt vital public systems, reveal sensitive business or government secrets, or even escalate into military confrontation.
The confluence of events has national security and cyber experts warning of heightened cyberthreats and a growing digital arms race as countries look to defend themselves.
At the same time, President Donald Trump has upended America’s digital defenses by firing the four-star general who led the National Security Agency, shrinking cybersecurity agencies and slashing election cybersecurity initiatives.
Businesses now are increasingly concerned about cyberattacks, and governments have moved to a war footing, according to a report this month by NCC Group, a British cybersecurity firm.
“The geopolitical dust is still settling,” said Verona Johnstone-Hulse, a London-based expert on government cybersecurity polices and the report’s co-author. “What the new normal looks like is still not yet set.”
Many in the U.S. are already calling for a more muscular approach to protecting the digital frontier.
“Hybrid war is here to stay,” said Tom Kellermann, senior vice president of cyberstrategy at Contrast Security. “We need to stop playing defense — it’s time to make them play defense.”
Vulnerabilities have grown as people and businesses use connected devices to count steps, manage finances and operate facilities such as water plants and ports. Each network and connection is a potential target for foreign governments or the hacking groups that sometimes do their bidding.
Espionage is one motive, demonstrated in a recent incursion linked to hackers in China. The campaign known as Salt Typhoon sought to crack the phones of officials, including Trump, before the 2024 election.
These operations seek entry to sensitive corporate or government systems to steal secrets or monitor personal communications. Such information can be hugely valuable by providing advantages in trade negotiations or military planning. These hackers try to remain hidden for as long as possible.
More obvious intrusions can serve as a warning or deterrent, such as the cyberattacks targeting the Texas water plants. Iran also has shown a willingness to use cyberattacks to make political points.
The cyberattacks that frighten experts the most burrow deeply into telephone or computer networks, inserting backdoors or malware for later use.
National security experts say this was the motivation behind a recent attack from China called Volt Typhoon that compromised telephone networks in the U.S. in an effort to gain access to an unknown number of critical systems.
China could potentially use these connections to disable key infrastructure — power plants, communication networks, pipelines, hospitals, financial systems — as part of a larger conflict or before an invasion of Taiwan, national security experts said.
“They can position their implants to be activated at a date and time in the future,” said Sonu Shankar, a former researcher at Los Alamos National Laboratory who is now chief strategy officer at Phosphorus Cybersecurity.
National security officials will not discuss details, but experts interviewed by The Associated Press said the U.S. no doubt has developed similar offensive capabilities.
China has rejected U.S. allegations of hacking, accusing America of trying to “ smear ” Beijing while conducting its own cyberattacks.
Wars in Ukraine and the Middle East. Trade disputes. Shifting alliances. The risk of cyberattacks goes up in times of global tension, and experts say that risk is now at a high.
U.S. adversaries China, Russia, Iran and North Korea also have shown signs of cybercooperation as they forge tighter economic, military and political relationships.
Speaking to Congress, Director of National Intelligence Tulsi Gabbard noted that Iran has supplied drones in exchange for Russian intelligence and cybercapabilities.
“Russia has been the catalyst for much of this expanded cooperation, driven heavily by the support it has needed for its war effort against Ukraine,” Gabbard told lawmakers.
Amid global fears of a trade war after the tariffs that Trump has imposed, supply chains could be targeted in retaliation. While larger companies may have a robust cyberteam, small suppliers that lack those resources can give intruders easy access.
And any tit-for-tat cycles of cyberconflict, in which one country hacks into a sensitive system as retaliation for an earlier attack, come with “great risk” for all involved, Shankar said. “It would put them on the path to military conflict.”
At a time when national security and cybersecurity experts say the U.S. should be bolstering its defenses, Trump has called for reductions in staffing and other changes to the agencies that protect American interests in cyberspace.
For example, Trump recently fired Gen. Timothy Haugh, who oversaw the NSA and the Pentagon’s Cyber Command.
The U.S. faces “unprecedented cyber threats,” said Virginia Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee. He has asked the White House to explain Haugh’s departure. “How does firing him make Americans any safer?” Warner said.
Also under Trump, the U.S. Cybersecurity and Infrastructure Security Agency placed on leave staffers who worked on election security and cut millions of dollars in funding for cybersecurity programs for local and state elections. His administration eliminated the State Department’s Global Engagement Center, which tracked and exposed foreign disinformation online.
The CIA, NSA and other intelligence agencies also have seen reductions in staffing.
The administration faced more questions over how seriously it takes cybersecurity after senior officials used the popular messaging app Signal to discuss sensitive information about upcoming military strikes in Yemen. Gabbard later called the episode a mistake.
The officials in charge of America’s cybersecurity insist Trump’s changes will make the U.S. safer, while getting rid of wasteful spending and confusing regulations.
The Pentagon, for instance, has invested in efforts to harness artificial intelligence to improve cyberdefenses, according to a report provided to Congress by Lt. Gen. William J. Hartman, acting commander of the NSA and Cyber Command.
The changes at the Cybersecurity and Infrastructure Security Agency come as its leaders consider how best to execute their mission in alignment with the administration’s priorities, a CISA statement said.
“As America’s Cyber Defense Agency, we remain steadfast in our mission to safeguard the nation’s critical infrastructure against all cyber and physical threats,” the statement read. “We will continue to collaborate with our partners across government, industry, and with international allies to strengthen global cybersecurity efforts and protect the American people from foreign adversaries, cybercriminals, and other emerging threats.”
Representatives for Gabbard’s office and the NSA didn’t respond to questions about how Trump’s changes will affect cybersecurity.
Despite shifting alliances, a growing consensus about cyberthreats could prompt greater global cooperation.
More than 20 nations recently signed on to an international framework on the use of commercial spyware. The U.S. has signaled it will join the nonbinding agreement.
There’s also broad bipartisan agreement in the U.S. about the need to help private industry bolster defenses.
Federal estimates say the cybersecurity industry needs to hire an additional 500,000 professionals to meet the challenge, said Dean Gefen, former chief of cybertraining for Israel’s Defense Intelligence Technological Unit. He’s now the CEO of NukuDo, a cybersecurity training company.
“Companies need effective guidance from the government — a playbook,” Gefen said. “What to do, what not to do.”
