Cyber attacks against the United States are no longer isolated events or technical headaches. They are now powerful tools of national strategy used by foreign governments, criminal networks, and ideological groups.

A new report explains how these attacks have changed from simple hacks into coordinated campaigns aimed at shaping global politics, weakening U.S. institutions, and putting pressure on American decision-makers.

This blog highlights the key takeaways for leaders responsible for national security, public policy, and critical infrastructure resilience.

Takeaway 1: Cyber A****ttacks Are Now Tools of Geopolitics

Cyber operations have become a normal part of how countries compete with one another. Research shows that cyber activity rises sharply during moments of geopolitical tension.

Data in the report shows that when the Geopolitical Risk Index spikes, cyber incidents against U.S. government systems and critical infrastructure increase by 35–45% in the following months. In simple terms: when global politics heat up, so do cyber attacks.

These operations are used to:

• Signal political intent
• Undermine U.S. confidence
• Prepare the digital battlefield for future conflicts
• Cause pressure without triggering open war

This marks a shift from cyber being a “side channel” to being central to national competition.

Takeaway 2: Attackers Want Long-Term Access — Not Quick Wins

Many of today’s most dangerous threat actors do not want to “smash and grab.” Instead, they quietly sneak into networks and stay there for months or years.

Groups like Volt Typhoon and APT41 — both linked to Chinese threat actors — break into power grids, telecommunications, and federal systems and then hide their presence, waiting for a future crisis when disruption could be more valuable.

Why does this matter?

Because having foreign adversaries already inside critical networks:

• Reduces U.S. decision-making freedom
• Gives hostile states leverage
• Increases risk during geopolitical emergencies

Takeaway 3: The Most Targeted Sectors Are Also the Most Essential

Energy, healthcare, government, water systems, and transportation all face the most aggressive targeting by threat actors.

Here are the biggest concerns:

Energy

Adversaries infiltrate electric grids to prepare for potential future disruption. Example: Volt Typhoon compromised engineering workstations and SCADA networks inside a major utility.

Healthcare

Ransomware attacks are skyrocketing, up 64% this year compared to last. Criminal groups like ALPHV/BlackCat have shut down hospitals and exposed massive amounts of sensitive medical data.

Government networks

Supply chain attacks are increasing, with the MOVEit incident compromising multiple federal agencies.

Transportation

Ransomware halted operations at a major U.S. port for five days, disrupting national supply chains.

Water systems

Ideologically motivated groups target water plants to generate fear and public panic.

The pattern is clear: attackers choose the targets that create the biggest social, political, and economic impact.

Takeaway 4: How Attackers Break In — And Why It Works

Policymakers often ask: “How do these hackers even get in?”

1. Stolen or abused credentials (logins) are now the #1 entry point
2. Exploiting vulnerabilities in public-facing software
3. Supply chain compromises allow attackers to reach the government through vendors and contractors

Initial access brokers (criminal groups who sell stolen logins) have become powerful enablers, especially in government and healthcare sectors, where access-for-sale has risen up to 900%.

Once inside, attackers move laterally through systems and increasingly jump from IT networks into operational technology (OT), such as power grid controls and water treatment systems.

This makes cyber incidents far more dangerous because they can directly affect physical infrastructure.

Takeaway 5:** The Next Five Years Will Be Even More Challenging**

• AI will supercharge attacks making them faster, stealthier, and more automated.
• Supply chain attacks will grow attackers will target developer tools and software pipelines.
• Industrial systems (OT/ICS) will become prime targets as they connect more deeply to the cloud.
• Space infrastructure (satellites, GPS, undersea cables) will become new cyber battlefields.
• Quantum computing risks will drive “steal now, decrypt later” campaigns.

These developments mean policymakers must prepare for cyber threats that are strategic, not merely technical.

**What Policymakers Should Do **

1. **Make identity security the top priority: **Implement zero-trust architecture, strong authentication, and continuous verification.
2. **Secure the software supply chain: **Require SBOMs, strengthen vendor controls, and expand third-party oversight.
3. Harden industrial control systems (ICS/OT): Increase visibility, segmentation, and anomaly detection.
4. Prepare for AI-enabled threats: Invest in AI-driven defenses, red-teaming, and secure model development.
5. Build national cyber resilience: Plan for rapid recovery and enforce meaningful consequences for attackers.

Cyber Security Is Now National Security

Cyber threats are no longer just a technical problem. They are a strategic challenge tied to geopolitical competition, economic stability, and public trust. The U.S. must treat cyber resilience as a core national capability, equal to military readiness and foreign diplomacy.

Policymakers who understand this landscape — and act on it — will shape America’s security in the decade ahead.