Ai-driven Threats from Foreign State Actors in Critical Infrastructure

In recent months, critical infrastructure operators, including utilities and their supply chains, have experienced increasing cyberattacks from foreign state-sponsored groups like Volt Typhoon. These attackers exploit vulnerabilities in public-facing appliances such as VPNs and firewalls to infiltrate systems. AI-driven techniques further augment these attackers' capabilities, allowing them to perform lateral movement, credential dumping, and privilege escalation while remaining undetected.

Why This Matters: NERC CIP 13 regulations now emphasize supply chain risk management, recognizing that securing just the utility itself is no longer sufficient. Attackers frequently target supply chains to pivot into operational environments, putting energy and water infrastructures at serious risk, as evidenced by recent breaches at American Water and Halliburton.

This session will explore how AI enhances state-sponsored attackers' ability to bypass security measures, the risks of IT-to-OT crossover, and strategies for defending against these evolving threats. We will also cover how segmenting and securing critical applications like Active Directory can help prevent attacks from spreading into operational environments.