Tech Insights
Manual offensive security perspective from Redbot Security.
U.S. Infrastructure Cyberattacks Surge | CISA Cuts Spark Crisis
Over the past three years, the United States has witnessed a disturbing rise in U.S. infrastructure cyberattacks. From water utilities and power grids to public transportation and healthcare systems, cybercriminals and nation-state actors have exploited vulnerabilities across sectors. These attacks not only jeopardize operational continuity but also threaten national security and public safety.
Now, with substantial budget cuts planned for the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. is poised to face even greater cyber risks.
Critical sectors are under sustained pressure
Water, power, transit, telecom, and healthcare systems have all experienced disruptive cyber incidents over the last several years.
Nation-state and criminal activity are converging
Espionage, ransomware, destructive access, and politically motivated disruption are all part of the same infrastructure threat picture.
CISA cuts could reduce resilience
Threat hunting, staffing, election infrastructure support, and information sharing all face pressure at the same time attacks are escalating.
What this means for real-world security
The pattern is clear: the frequency and severity of attacks on critical U.S. infrastructure are escalating. As the nation faces increasingly complex threats from criminal syndicates and foreign adversaries, gutting the primary federal cybersecurity agency is not just short-sighted—it’s dangerous.
Major Critical Infrastructure Attacks (2021-2025)
- Colonial Pipeline Ransomware Attack (May 2021)
The DarkSide ransomware group targeted Colonial Pipeline, the largest U.S. refined oil products pipeline. The shutdown led to panic buying, gas shortages, and a temporary disruption in the fuel supply chain across the East Coast. It marked a watershed moment, bringing the term “critical infrastructure” into mainstream cybersecurity conversations. - MOVEit Data Breach (May 2023)
A vulnerability in the MOVEit file transfer software was exploited by the Cl0p ransomware group, compromising the personal data of over 93 million individuals and affecting more than 2,700 organizations globally, including U.S. federal and state agencies. - Chinese Telecom Network Infiltration (2023–2024)
Hackers from Salt Typhoon, linked to China, infiltrated U.S. telecom networks, accessing communications and sensitive data tied to over a million individuals, including high-level officials. The breach revealed long-term espionage and the fragility of U.S. telecom infrastructure. - Yazoo Valley Electric Power Breach (Summer 2024)
This Mississippi power utility suffered a breach affecting 20,000 residents. Initially attributed to technical issues, the incident was later confirmed as a cybersecurity breach, raising alarms about smaller rural utility providers often overlooked in national security planning. - Volt Typhoon Power Grid Infiltration (2023–2024)
Chinese nation-state actors maintained covert access to U.S. electric grid utilities for nearly 300 days, targeting systems in Massachusetts and potentially across other states. The goal appeared to be pre-positioning for disruptive capabilities in the event of geopolitical conflict. - American Water Cyberattack (October 2024)
A cyberattack disrupted billing and customer service at the nation’s largest water utility. Though water quality remained unaffected, the event exposed key IT/OT integration vulnerabilities that, if exploited further, could threaten physical water systems. - Aliquippa Water Authority Attack (November 2023)
Pro-Iranian group Cyber Av3ngers targeted the Municipal Water Authority of Aliquippa, Pennsylvania, disabling a programmable logic controller (PLC) that controlled water pressure. The attack was politically motivated and showcased the potential for low-cost disruption of municipal utilities. - Solar Power System Vulnerabilities (2025)
Research exposed 46 zero-day vulnerabilities in solar inverters from multiple major manufacturers. These flaws could allow attackers to remotely disrupt power generation and tamper with grid frequency stability. - Trans-Northern Pipelines Ransomware Attack (November 2023)
Though based in Canada, this attack by the AlphV ransomware group on a critical fuel pipeline operator underscored the vulnerability of North American energy infrastructure and cross-border implications of cybersecurity. - Pittsburgh Regional Transit Ransomware (January 2025)
This attack delayed rail car schedules and disrupted operational logistics, showing how digital attacks can translate directly to physical disruption of transit systems. - Oahu Transit Cyberattack (June 2024)
Honolulu’s transit system was hit with a cyberattack that disabled GPS tracking and fare collection. Public frustration surged, and system-wide vulnerabilities were exposed due to lack of redundancy. - Kansas City Transportation Authority Attack (January 2024)
Ransomware disrupted communications and delayed services, affecting both bus and light rail networks. It served as a wake-up call for transportation agencies with legacy systems. - Nationwide Increase in Rail Cyberattacks (2021–2025)
Reports indicate a 200% increase in rail system cyber incidents globally, with the U.S. heavily impacted. Attacks have included interference with scheduling systems, SCADA infrastructure, and signal relay stations. - Hospitals and Healthcare Providers (Ongoing)
Healthcare systems in California, New York, and Texas faced repeated ransomware attacks from groups such as LockBit and Black Basta. Data theft and system outages delayed patient care and caused revenue losses in the millions.
CISA Budget Cuts: A Recipe for Disaster
Despite this surge in cyber threats, the recent U.S. administration has proposed a drastic reduction in CISA’s budget, including:
CISA officials have warned that a 25% reduction in their funding would be “catastrophic,” severely undermining their capacity to detect, mitigate, and respond to cyber threats. The loss of skilled staff, delayed incident response times, and reduced support for state and local partners could further erode national cyber resilience.
Reduced detection and response capacity
Cuts to staffing and threat-hunting capability arrive precisely when infrastructure attacks are becoming more frequent, diverse, and operationally disruptive.
State and local partners may feel the impact first
Smaller utilities, election infrastructure operators, and local transit or water authorities often depend on shared expertise and federal support to stay resilient.
Why this matters in testing
Attacks against infrastructure are no longer abstract IT events. They can affect billing, customer service, GPS tracking, fare collection, water pressure, power generation, healthcare delivery, and operational logistics. That means critical infrastructure security programs need to validate more than patch levels and compliance checklists.
Redbot Security stands at the front lines of cyber resilience, and we urge policymakers and industry leaders to recognize the urgency of this moment before it’s too late. To secure our water, power, transport, and digital ecosystems, we must invest in stronger defenses, not scale them back.
Conclusion
The pattern is clear: the frequency and severity of attacks on critical U.S. infrastructure are escalating. As the nation faces increasingly complex threats from criminal syndicates and foreign adversaries, gutting the primary federal cybersecurity agency is not just short-sighted—it’s dangerous.
To secure our water, power, transport, and digital ecosystems, we must invest in stronger defenses, not scale them back.
Need help validating how your organization would hold up against modern infrastructure-focused cyber threats?
From senior-level manual testing of IT networks and web/mobile applications to advanced red team operations, cloud security, and OT-network assessments, Redbot Security helps critical organizations uncover real-world attack paths before adversaries do.
Redbot Social