Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Future cyberattacks may mimic routine operations, expert warns

(McCrary Institute)

By Don Kauffman

WASHINGTON — Future cyberattacks on U.S. critical infrastructure may not involve ransom notes or obvious system lockouts. Instead, they could resemble standard daily operations right up until they cause physical disruption. This assessment comes from Madison Horn, chief senior advisor for national security and critical infrastructure at World Wide Technology, who discussed the evolving threat landscape on a recent episode of the Cyber Focus podcast.

Horn told McCrary Institute Director Frank Cilluffo that as the cyber industry matures attackers are adjusting their tactics to avoid detection. Rather than developing complex exploits, adversaries are increasingly likely to “live off the land” by utilizing existing network tools and valid processes. Horn described this as a “lazy hacker” methodology, noting that attackers will target the “lowest-hanging fruit” to achieve their objectives with minimal effort.

“I think it’s going to look just like business as normal until we see something in the physical world,” Horn said regarding the potential appearance of future breaches.

The integration of artificial intelligence into industrial operations introduces further complexity. Horn noted that automation is increasingly used to support overloaded workforces, with AI agents granting permissions or managing ticket systems. The challenge arises when human operators implicitly trust these systems. Horn used the analogy of an AI agent offering “poisoned candy” to illustrate how a compromised tool might execute a malicious task that appears legitimate to the user. She explained that because operators often assume the computer is more reliable than themselves, they may overlook subtle data anomalies.

These stealthy intrusions pose risks to interconnected infrastructure sectors. Horn highlighted the dependencies between utilities, stating, “Water needs electricity, electricity needs telcos, and healthcare needs all three.” A failure in one system, such as the electric grid, creates “cascading failures” that can disrupt services across other sectors. Unlike traditional data breaches, Horn suggested these events would interact directly with the physical world.

The practical implication is that organizations may need to adjust what they’re hunting for. If an intrusion is designed to look like “normal,” then detection can’t rely only on obvious red flags. It also means resilience – limiting how far an intruder can go, and how much damage they can do – matters as much as prevention.

To address these vulnerabilities, Horn advised that critical infrastructure operators might need to resist the technology sector’s typical push for speed. “Slow and steady wins the race,” she said, emphasizing the importance of keeping humans in the decision-making loop and ensuring developers document their processes for future auditing.

Horn also urged industry leaders not to let the focus on AI overshadow the eventual arrival of quantum computing, often referred to as “Q Day.” She recommended that organizations incorporate quantum readiness assessments into their current audit processes rather than waiting for a definitive timeline on when encryption standards might be broken.

Click to listen highlighted text!