Blog

Why America's Critical Infrastructure Isn't Ready for the Next Attack

Copia CEO Adam Gluck has co-authored a new article on a threat most executives underrate until it reaches them: cyberattacks. His co-authors are Lars Erik Schönander, Copia’s business operations lead, and Josh Levine, director of technology and statecraft at the Foundation for American Innovation.

Consider what happened to Stryker. At the start of the US-Iran conflict, attackers compromised a single Microsoft Intune admin account at the medical device maker and used it to wipe roughly 200,000 devices and disrupt internal communications. A single account at a Fortune 500 company. If a firm with that much budget and expertise can be brought down this way, the article asks an uncomfortable question: what stops everyone with less?

This is not theoretical. A decade of attacks on Ukraine’s grid shows how a determined adversary can cripple physical infrastructure. Iranian-linked groups are now probing US sites directly.

Barring any changes, these attacks will only get easier. The piece points to red-team findings that Anthropic’s Mythos model located and exploited zero-day vulnerabilities in every major operating system it was tested against. At the same time, open-source Chinese AI models are gradually developing similar cyber capabilities, with fewer safeguards. 

For the diverse, often-neglected operational technology behind power, water, and factories, the old comfort of security by obscurity is running out. Capable models are becoming widely available, and the systems least able to patch are the ones most exposed. So what can be done about it, without new mandates or a sprawling federal grant program? The authors make a specific case, grounded in incentives that already exist. 

Read the full article here.