Experts urge action on widespread OT vulnerabilities, citing rising state-linked intrusions, water-utility lapses and AI-driven energy-grid risks.
On 16 July 2025, it was announced that the US House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection would convene on 22 July to revisit the Stuxnet worm — 15 years after its deployment — and assess how today’s adversaries can emulate or surpass that landmark attack against critical infrastructure.
Such concerns have been mounting since February 2024, when CISA and allied agencies had warned that Volt Typhoon actors were pre-positioning inside US energy, water and transport networks for potential disruption during a geopolitical crisis. The EPA has since stepped up enforcement after finding over 70% of inspected water utilities out of basic cyber compliance.
According to Robert M Lee, CEO, Dragos, an expert witness invited to the hearing, his firm’s Feb 2025 OT/ICS research had concluded that OT has become a mainstream target, and that even advanced cyber operations had been “employing unsophisticated tactics to compromise and disrupt critical infrastructure.”
Elsewhere, industry voices concur on the urgency of realistic tabletop tests. Dr Eric Schmidt, former CEO, Google, had on 9 April 2025’s House Energy and Commerce Committee about the importance of a secure energy grid for achieving AI dominance: “If China comes to superintelligence first, it changes the dynamic of power globally, in ways that we have no way of understanding or predicting.”
According to Scott Register, VP, Security Solutions, Keysight Technologies, expressed one private-sector concern: “Energy grids are being stretched beyond limits and AI could push up energy prices and create shortages. Energy is essential to powering the boom in AI and this makes it a prime target for threat actors seeking to destabilize AI leadership or dependent critical systems.”
With the US Congress eyeing reauthorization of key cyber statutes later this year, the Stuxnet anniversary hearing highlights a consensus: deterrence now depends less on discovering the next Zero Day vulnerability than on closing everyday OT gaps before adversaries exploit them at scale.
More details from the US House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection hearing will be available at their official website.
