Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

The China threat: Inside PRC targeting of U.S. infrastructure and security

(DoD photo by Glenn Fawcett)

From telecommunications attacks to compromising operational technology and challenging the United States in technological advances, Threat Beat takes you inside the threats posed by China with comprehensive coverage and exclusive video – beginning with the McCrary Task Force on the People’s Republic of China deep dive into the Typhoon cyber campaigns.

Code Red: A Guide to Understanding China’s Sophisticated Typhoon Cyber Campaigns

In recent years, the United States and its allies have faced an unprecedented surge in sophisticated cyber operations linked to the People’s Republic of China (PRC). These state-sponsored cyber incursions mark a decisive shift in Beijing’s cyber strategy beyond traditional espionage and data theft toward embedding disruptive capabilities within U.S. critical infrastructure. The intent and impact behind this activity, collectively referred to as the “Typhoons” by Microsoft, is deeply troubling. This evolution signals China’s preparation for potential future conflict and a persistent escalation in the cyber domain against the United States, in which cyber operations could be used to degrade logistics, delay deployments or pressure U.S. decision-makers through attacks on civilian lifeline systems. Taken together, the Typhoons represent a combination of disruption, operational preparation of the battlefield, espionage and criminal behavior. 


Code Red: Breaking down China’s cyber offensive of Volt, Salt and Flax Typhoons

China is already inside U.S. systems. That’s the message from the McCrary Institute’s latest report — and this Cyber Focus episode breaks it down. From Volt Typhoon to Salt and Flax, these cyber campaigns aren’t isolated attacks. They’re part of a coordinated strategy by the Chinese Communist Party to prepare the battlefield, exploit infrastructure gaps and undermine U.S. resilience before a conflict even begins. Host Frank Cilluffo sits down with RADM Mark Montgomery (Ret.), Brad Medairy and Bill Evanina — co-chairs of the report — to explain what China’s targeting, why they want us to know they’re there, and how the U.S. can push back. They also tackle deterrence failure, why AI is accelerating the threat, and what needs to change before it’s too late.


A DJI Phantom drone flies during Remagen Ready 24-1, at Fort Cavazos, Texas, on Oct. 31, 2023. (U.S. Army photo by Spc. Jacob Nunnenkamp)

Drones, data and critical infrastructure: Why the Knownsec incident should raise concern 

The Knownsec reporting suggests that internal documents – some allegedly containing operational details and references to infrastructure, networks and assets spanning more than 20 countries – may have been exposed. Although the authenticity remains unverified, the incident underscores a persistent concern: Organizations that rely on connected technologies to collect, store or transmit operational data face heightened cybersecurity risk, especially when those systems may be accessible to foreign actors, L. Scott Parker, former chief of UAS security at CISA, writes. This risk grows sharper when viewed through the widespread use of Chinese-manufactured drones such as DJI, which dominate the global commercial market and are widely employed by U.S. infrastructure operators. These platforms are not merely aircraft; they are ICTS equipped with high-resolution sensors, onboard processors, storage modules and wireless connectivity.


We’ve seen what China’s ‘Typhoons’ can do. We can’t wait to prepare for the next attack

The Volt Typhoon and Salt Typhoon hacking campaigns attributed to China have established footholds in the critical networks that power our economy and safeguard our communities, John Katko writes. This pre-positioning within U.S. infrastructure is designed to give China the ability to disrupt essential services and impair readiness in the event of a conflict, while also mapping the digital and physical systems that support their operation. Our cyber defenders have observed the scale, sophistication and frequency of these attacks with growing concern – and by all three measures, the threat is almost certain to intensify. It is critical that policymakers and infrastructure operators take every lesson they can from these attacks and improve our defenses with the same urgency.


RSAC 2025: Cyber threats, red lines and the China challenge with Rob Joyce

On this episode of Cyber Focus, host Frank Cilluffo sits down with Rob Joyce, former NSA Cybersecurity Director and longtime leader in national cyber operations, to unpack some of the most pressing cybersecurity threats facing the United States today. Recorded live at RSA, the discussion ranges from Chinese pre-positioning in critical infrastructure to the blurred lines between espionage and cyber warfare. Joyce lays out a three-pronged framework for national cyber strategy, reflects on lessons from the counterterrorism playbook, and warns about the shifting attack surface — from endpoints to network infrastructure and cloud identity. The conversation closes with a call for better coordination, clearer definitions, and a whole-of-nation approach to impose real cost on adversaries.


McCrary Institute Director Frank Cilluffo chats with Booz Allen Executive Vice President Brad Medairy at a July 31, 2025, port security event in Washington. (McCrary Institute)

Ports must prepare now for ‘forever war’ with cyber threats, including infrastructure targeting from China

Vulnerable ports must prepare for “forever war” with malicious cyber actors who eye the sector – with frequently outdated systems supporting critical civilian and military operations – as ripe for attack, experts said at an event urging imperative action to better secure maritime infrastructure. The McCrary Institute for Cyber and Critical Infrastructure Security, which runs Threat Beat, and Booz Allen hosted the discussion to launch the report “Anchored in Zero Trust: Taking Action to Create Resilient U.S. Port Infrastructure” and spotlight its findings and recommendations.

McCrary Institute Director Frank Cilluffo said that few security challenges are “more burning, front and center, than our ports – to both our economy and our national security.” Dave Forbes, director of cyber-physical defense at Booz Allen, said the goal of the report’s release is to raise awareness of port security, stimulate discussion about mitigations and get critical information to as many stakeholders as possible. “Adversaries are already inside of our port infrastructure,” he said, as Chinese-manufactured cranes coupled with outdated operational technology (OT) and IT legacy systems continue to raise concerns about readiness at ports.


How storytelling shapes strategy: Peter W. Singer on China, cyber and the future of conflict

In this episode of Cyber Focus, host Frank Cilluffo speaks with Peter W. Singer, strategist at New America, professor at Arizona State, and founder of Useful Fiction. They revisit Singer’s influential book Ghost Fleet and examine how the strategic landscape—particularly U.S.-China competition—has shifted over the past decade. Singer discusses China’s military reorganization and the lessons it’s drawing from the war in Ukraine. He also explores how AI is reshaping the nature of cyber threats. The conversation highlights the growing intersection of cyber, physical, and cognitive warfare. Singer explains how storytelling can make complex strategies easier to understand and more likely to drive change. He emphasizes the need for cross-domain thinking and a more dynamic approach to building the cybersecurity workforce.


The Big Eddy-Knight Transmission Project, seen under construction on June 17, 2015, runs between Wasco County, Ore., and Klickitat County, Wash., to meet increased demand from a hot spot for energy-intensive data centers. (Department of Energy)

Artificial intelligence’s thirst for power demands greater focus on cybersecurity of the energy sector

Behind the scenes of every new artificial intelligence (AI) app and program is a staggering amount of energy needed to power its data centers. We’re already in the throes of the AI revolution and with unprecedented energy demand comes the increased need for proactively protecting the energy sector from cyber adversaries like the People’s Republic of China (PRC). The increased demand for power is coming quickly. Today, AI accounts for just 14% of global data center electricity demand, but that will double in the next two years alone, according to Goldman Sachs. By the end of the decade, we will need a whopping 165 times as much energy to support the explosion of AI, growth that comes with an estimated cost of $720 billion in electric utility investment.


How NSA caught a Chinese zero-day in just 2 weeks

NSA’s Kristina Walter shares on Cyber Focus how her team helped uncover a Chinese zero-day targeting U.S. defense contractors — thanks to deep collaboration with ISPs, cloud providers, and industry partners.


U.S. Air Force Technical Sgt. Craig Spencer, 446th Maintenance Squadron journeyman, cuts titanium with a cutting wheel at Joint Base Lewis-McChord, Washington, on Feb. 21, 2025. (U.S. Air Force photo by Master Sgt. Heather Clements)

Minerals security measures needed to withstand growing demand in critical sectors, report warns

AI is particularly driving demand for minerals used in batteries and copper. If the U.S. recycled all scrap copper instead of exporting it — with 40% of our copper scrap exports going to China in 2023 — the need to import copper could be reduced to 14% of U.S. demand and could meet 40% of the country’s total demand, according to The State of Critical Minerals Report 2025 from the Payne Institute for Public Policy at the Colorado School of Mines. Dramatic growth in demand for various critical minerals also fuels black markets and “gray market” activity that may reach into the billions of dollars. China “is only one actor among many” that could be transporting undeclared “hidden in plain sight” minerals from countries of origin to global hubs. 


China, clean energy and the future of U.S. energy security with Harry Krejsa

In this episode of Cyber Focus, host Frank Cilluffo sits down with Harry Krejsa, Director of Studies at Carnegie Mellon University’s Institute for Strategy and Technology. Krejsa, a former Pentagon and White House cyber strategist, discusses his latest report, Sunshield, which highlights the intersection of cybersecurity, U.S.-China competition, and grid security. The conversation explores how China’s cyber operations exploit technical debt in U.S. critical infrastructure, the cybersecurity risks and opportunities in the energy transition, and how the rapid buildout of AI-driven power demand presents both new challenges and unique opportunities. Krejsa outlines strategic actions the U.S. must take to secure its energy future and broader critical infrastructure against Chinese cyber threats.


A U.S. Coast Guardsman assigned to Coast Guard Station Houston jumps onto the bow of a response boat-small while escorting the motor vessel Zhen Hua 29 down the Houston Ship Channel July 27, 2023. The Zhen Hua 29 crew delivered three neo-Panamax ship-to-shore cranes to Port Houston, the largest U.S. port for waterborne tonnage. (U.S. Coast Guard photo by Petty Officer 3rd Class Perry Shirzad)

Coast Guard calls for better OT security to mitigate ‘significant supply-chain risk’ posed by Chinese cranes

The fourth annual Cyber Trends and Insights in the Marine Environment (CTIME) report said that “supply-chain risks and other observed vulnerabilities exist within ship-to-shore cranes manufactured in China” as better technology on vessels has expanded the attack surface. “While there are significant operational benefits, this creates cybersecurity risks that did not exist before,” the report states. “Cyberattacks impacting a company’s enterprise network are now far more likely to impact shipboard Information Technology (IT) systems and potentially impact vessel operations.” The report also notes an “uptick in cyber incidents and CPT missions involving cloud systems and services,” blamed in part on “a misunderstanding of security responsibilities” as a majority of MTS organizations now utilize the cloud.


Click to listen highlighted text!