ISA NATIONAL DEFENSE CYBER THREAT REPORT: THE ELECTRIC GRID

Chinese Hackers Have Infiltrated Our Grid

American cybersecurity faces a significant and immediate challenge. Chinese state-sponsored hackers have embedded themselves in our critical electric utility infrastructure—positioning themselves to potentially disrupt both our economy and our operational national defense capability.

In November, Politico quoted the Chief Information Security Officer of a major critical infrastructure company, stating, “we’re really dealing with an extremely sophisticated nation-state threat actor that will do anything and everything at any price to get a foothold into our critical infrastructure” [1].

 

They Are Already Here

This is not about electric utility outages.  Bad weather and other natural causes knock out our electric systems all the time.  Typically, utility companies can repair and restore service in a matter of hours. Our process for addressing these outages generally works well. This is not about that.

This is about the national defense implications of nation-state attacks on our systems that are happening right now. The FBI has testified before Congress that Chinese hackers are positioning themselves in American infrastructure, preparing to cause real and extended harm at times and locations China decides is the “right” to strike [2]. Former House Select Committee on the Chinese Communist Party Chairman Mike Gallagher described these intrusions as the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants” [2].

Chinese military strategists believe that disrupting critical infrastructure can be more effective than conventional kinetic strikes in modern warfare. Chinese-manufactured transformers with known disruption capabilities have been identified as targeting operational systems that can be undermined to degrade an opponent’s capabilities or coerce political decision-making [7]. This potentially affects the U.S. military’s ability to defend the homeland, support allies, and project power globally. Chinese cyber operations targeting U.S. grid systems are designed to disrupt military supply lines, hinder U.S. response capabilities, and degrade military readiness—particularly in conflict scenarios involving Taiwan [7].

Federal cybersecurity officials have repeatedly warned that these adversaries are willing to “use every tool available, at any cost” to establish persistent access within U.S. critical infrastructure (10).

 

The threat has moved from the theoretical to the actual.

From January to August 2024 alone, there were 1,162 cyberattacks on U.S. utilities—nearly five attacks per day on the infrastructure that powers America [3]. And these represent only the attacks we detected. According to Crown Strike’s 2025 Global Threat Report, Chinese-related cyber operations have increased by 150% across all sectors [7].

The Chinese threat actor known as Volt Typhoon penetrated a Massachusetts power utility and remained undetected in the network for over 300 days—from February 2023 to November 2023 [4]. During that time, they systematically collected data on operational technology systems, learning how our grid functions and identifying potential vulnerabilities.

The McCrary Institute for Cyber and Critical Infrastructure Security reported on November 6, 2025, that state-aligned hacking groups have ramped up espionage, sabotage, and cybercrime operations over the past six months, with activity linked to Russia, China, Iran, and North Korea evolving in scope and technique [6]. CrowdStrike’s 2025 Global Threat Report documents a 150% increase in Chinese-related attacks across all sectors.

 

Utilities Can’t Go “Toe-to-Toe with Nation State Attackers

The response by grid operators to the evolving cyber threat has accelerated dramatically.  They have instituted cross-country resilience exercises, real-time intelligence sharing with federal partners, and the rapid deployment of next-generation threat-detection technologies (12)(13).

However, no private utility — nor even the entire electric power industry — can withstand a determined nation-state adversary on its own. As senior DOE cyber officials have warned, these threat actors will “pursue any vector and exploit any weakness, at any cost,” to gain persistent access to U.S. infrastructure (12).

 

Understanding the Strategic Calculus

Chinese military strategists have recognized that in modern warfare, disrupting power infrastructure can be as effective as conventional military strikes against installations.

Consider a potential scenario involving conflict over Taiwan. Rather than launching conventional military strikes against U.S. bases, adversaries could activate malware already planted in our power grid. Military installations would lose power. Communications would be disrupted. Supply chains would face interruptions. Naval vessels might face challenges leaving port because the systems controlling the harbors are offline. Command centers would operate with degraded capabilities.

While the U.S. military works to restore power and re-establish communications, adversaries could pursue their military objectives. By the time systems are fully restored, the strategic situation could be significantly altered.

 

Digital Compromising of the Electric Grid Directly Affects National Defense

When we discuss threats to our energy and utility sector, we’re addressing the foundation of our national defense capability.

The Department of Defense operates over 500,000 buildings and structures across the United States and around the world. The vast majority of these installations—our military bases, naval shipyards, command centers, and communications hubs—depend almost entirely on the same commercial power grid that foreign adversaries have already penetrated.

Without reliable electricity, critical military functions are compromised. Our shipyards face challenges in building and maintaining the vessels that project American power worldwide. Our command-and-control systems are at risk. Our communications networks become vulnerable. Our advanced missile defense systems require uninterrupted power to function. Our bunkers, designed to withstand direct attack, require operational systems inside them.

The connection is direct: our energy infrastructure doesn’t just support our military—it is an integral part of our military infrastructure. It’s time to reassess what constitutes our national defense and whether the traditional military focus is too narrow. This needs to begin with the next National Defense Authorization Act.

 

The Economics Are Fundamentally Broken

Behind this national security crisis lies an even more fundamental problem: the economics of cybersecurity are structurally unsustainable and favor our adversaries.

Today, nation-state attackers and cybercriminals operate with a staggering asymmetric advantage. Cyber-attack methods are comparatively inexpensive and easy to access – cyber-crime-as-a-service eliminates the need for attackers to have sophisticated technical knowledge.  Nation-state operations have access to the most advanced technology, including AI, and have virtually no budget constraints.   Meanwhile, defenders—particularly critical infrastructure operators like utilities—face an inverted equation that borders on impossible: they must invest massive sums to defend against every conceivable attack vector, achieve near-perfect success rates, and absorb these escalating costs as operational overhead rather than recognized national security investments.

Consider what we’re asking of a regional utility: detect and defend against nation-state attackers with billion-dollar cyber programs, do so while facing a workforce shortage exceeding 500,000 cybersecurity professionals, navigate duplicative and sometimes contradictory regulations that consume resources better spent on actual defense, and somehow remain economically viable while competitors who underinvest in security gain cost advantages. This is not a sustainable model—it’s a recipe for systemic failure.

The current approach subsidizes attackers while penalizing defenders. Nation-state adversaries operate essentially without budget constraints. Meanwhile, utilities shoulder the full economic burden of defense without corresponding support or recognition that their cybersecurity spending directly protects national security. Until we fundamentally restructure these economics, create liability frameworks that properly allocate risk, and eliminate regulatory redundancies that waste defensive resources, we’re simply asking defenders to win an economically unwinnable fight.

The energy sector needs a sustainable economic model for cybersecurity; one built on the recognition that protecting our power grid is not a utility cost center—it’s a national defense imperative that requires commensurate policy and financial support. This needs to begin with the next version of the National Defense Authorization Act (NDAA).

 

The Challenge We Face

We face a sophisticated nation-state adversary with substantial resources and a long-term strategic approach. They’ve already demonstrated their ability to penetrate critical systems and remain undetected for extended periods.

The situation has reached an important inflection point. We need to be realistic about an adversary that has already established a presence in our infrastructure and may be waiting for an opportune moment to act.

Foreign adversaries have already established footholds in our energy infrastructure—which means they have access to systems that support our defense infrastructure. The question is whether we’ll take comprehensive action to address this vulnerability.

Each day we delay addressing this challenge allows adversaries to maintain and potentially expand their presence in our systems, map additional vulnerabilities, and position themselves to cause significant disruption to both our economy and our military readiness.

The time to act is now.

 

 

 

 

ENDNOTES

1. Politico, November 2024. Quote from the CISO of a significant U.S. critical-infrastructure company.
2. U.S. House Select Committee on the Chinese Communist Party. Testimony by FBI officials and statements by Chairman Mike Gallagher. Date and hearing details pending.
3. Cyberattack statistics on U.S. utilities, January–August 2024. Source agency/organization citation pending.
4. Volt Typhoon infiltration of Massachusetts power utility, February–November 2023. Source report likely from CISA, the FBI, or a private cybersecurity analysis firm.
5. Research on Chinese-manufactured power inverters containing unauthorized communications hardware. Specific study/report citation pending.
6. McCrary Institute for Cyber and Critical Infrastructure Security, Report dated November 6, 2025.
7. Analysis of transformer vulnerabilities and strategic targeting by Chinese cyber operations. Includes Crown Strike’s 2025 Global Threat Report.
8. Department of Defense infrastructure statistics: number of U.S. military buildings/structures. Source: GAO/DOD data (exact citation pending).
9. Cybersecurity workforce shortage estimates from ISC² “Cybersecurity Workforce Study” and/or CyberSeek database.
10. U.S. Department of Energy, Grid Security and Resilience Briefings, 2024–2025 summaries of electric-sector threat posture.
11. CISA & DOE Joint Cybersecurity Advisories for the Energy Sector, 2024–2025.
12. U.S. Department of Energy, Office of Cybersecurity, Energy Security, and Emergency Response (CESER). National Electric Sector Cyber Threat Preparedness Briefings, 2024–2025.
13. CISA, “Energy Sector Operational Technology Threat Analysis,” Joint Technical Report, 2024–2025.