America Must Better Prepare for a Critical Infrastructure Cyber Battlefield

Modern warfare is no longer confined to traditional battlefields. Increasingly, the front lines run through energy grids, water treatment plants, and other systems that keep society running.

During a recent podcast conversation, Moon explained that critical infrastructure has become a prime target for both nation-state and criminal cyber operations.

Full episode:

CYBR.SEC.CAST Episode 65: ICIT’s Valerie Moon

The ICIT executive director discusses the importance of government internships, training programs, and public-sector experience in developing cybersecurity professionals.

CYBR.SEC.MediaBill Brenner

Conflicts such as the war between Russia and Ukraine and the Iran War have demonstrated how cyberattacks against energy systems and utilities can accompany conventional military operations.

Moon noted that the United States faces similar risks. Intelligence officials have repeatedly warned that foreign adversaries have attempted to position themselves within U.S. infrastructure networks in preparation for potential future conflict.

The U.S. government organizes its infrastructure protection efforts across 16 critical sectors, ranging from transportation and energy to financial services and water systems. Each sector is supported by a designated federal agency responsible for coordinating risk management.

But protecting these systems is complicated by resource constraints, especially among smaller utilities and municipalities.

Related:

Five Security Pros Dedicated to Protecting Critical Infrastructure

Here are five people who are taking the lead in making critical infrastructure more resilient in the face of nation-state attacks.

CYBR.SEC.MediaBill Brenner

The War With Iran Is Now Being (Partially) Fought in Data Centers, Defense Networks, and Telegram Chats

While Iranian drones were taking out Amazon’s data centers in the Gulf, Tehran’s hackers were already inside U.S. banks, airports, and defense networks — and they got there weeks before the first missile flew.

CYBR.SEC.MediaGeorge V. Hulme

AI-Generated Code Is Already Running Critical Infrastructure

Embedded systems are already running AI-generated code. Security leaders now face scale, speed, and regulatory risk gaps.

CYBR.SEC.MediaGeorge V. Hulme

Moon highlighted the water sector as one of the most vulnerable areas. Many water utilities serve small communities and operate with limited budgets and minimal IT staff. In some cases, a single employee may be responsible for plant operations, compliance, physical security, and basic IT management.

“They’re not ignoring cybersecurity because they don’t care,” Moon said. “They simply don’t have the resources.”

This makes smaller infrastructure operators attractive targets for both cybercriminals and nation-state actors.

Host Sam Van Ryder pointed out that funding often sits at the center of the problem. Local infrastructure systems are funded through utility payments, making significant cybersecurity investments politically difficult.

Moon believes collaboration between government, academia, nonprofits, and volunteers will be essential to improving infrastructure security.

Programs that connect cybersecurity experts with under-resourced utilities are already beginning to emerge, offering technical support and training where it is needed most.

Ultimately, Moon emphasized that infrastructure defense is no longer simply a technical issue — it is a core national security concern in an increasingly unstable geopolitical environment.