Recent remarks from former NSA cybersecurity director Anne Neuberger highlight a concerning reality: if a cyberattack were to target critical US infrastructure today, it might very well cause widespread collapse. Speaking at the AI Expo for National Competitiveness, Neuberger expressed deep concerns over the current state of US cybersecurity resilience, citing reductions in workforce and outdated technology as major vulnerabilities.
The Fragile State of US Critical Infrastructure Security
According to Neuberger, the US’s critical infrastructure is dangerously exposed, especially if a sophisticated cyberattack were to occur. She pointed out that recent budget cuts under the Trump administration have severely impacted the Cybersecurity and Infrastructure Security Agency (CISA), leading to a depleted workforce and increased vulnerabilities. This reduction in talent and resources threatens the ability to defend essential systems that power utilities, transportation, and communication networks.
Neuberger emphasized that much of the existing infrastructure relies on outdated technology, much of which was not designed for internet connectivity. For example, operational systems often lag behind IT systems in cybersecurity protections, creating chasms for cybercriminals and nation-states to exploit.
The Role of AI and Digital Twinning in Strengthening Defenses
In light of these vulnerabilities, Neuberger advocates for increased adoption of AI technologies to fortify critical infrastructure. She highlighted that AI could be instrumental in evaluating legacy systems, discovering weak points, and automating threat detection. Digital twinning—creating virtual replicas of physical systems—could also be pivotal for simulating attacks and testing defenses in real time before real-world exploitation occurs.
Neuberger argued that AI-driven solutions could compensate for the staffing shortages caused by budget cuts, providing targeted and efficient security measures. She stressed that deploying AI in critical systems is not just a matter of efficiency but a necessity for resilience against increasingly sophisticated adversaries.
The Impact of Budget Cuts and Workforce Attrition
Since the Trump administration’s efforts to reduce government spending on cybersecurity, CISA has faced widespread layoffs, leading to a “brain drain” of experienced professionals. The agency’s budget has been slashed by approximately 17%, or around $491 million, which resulted in the loss of a third of its staff. This decline hampers the agency’s ability to monitor, detect, and respond to cyber threats effectively.
Neuberger warned that these cuts leave US infrastructure vulnerable to exploitation by hostile nation-states and cybercriminal groups. She underscored that without a robust and well-staffed cybersecurity workforce, the country’s defenses could crumble in the face of a major attack.
Critical Vulnerabilities and Recent Exploits
Amidst this precarious situation, several vulnerabilities remain unpatched and exploitable. For instance, CISA recently added the CVE-2025-3935 vulnerability in ConnectWise’s ScreenConnect to its Known Exploited Vulnerabilities catalog. This flaw, with a CVSS score of 8.1, involves deserialization issues allowing attackers to breach systems.
Other notable vulnerabilities include:
- CVE-2021-32030 in ASUS routers, with a CVSS score of 9.8, which allows for authentication bypasses.
- CVE-2024-56145 affecting Craft CMS, leading to remote code execution.
- Qualcomm chipset vulnerabilities (CVEs 2025-21480 and 21479), which could cause memory corruption and unauthorized command execution.
These vulnerabilities highlight how unpatched systems remain a major threat vector, especially when defense budgets are strained.
Rising Threats from Malware and State-Sponsored Actors
In addition to vulnerabilities, malware campaigns and botnets continue to pose serious threats. The FBI has issued warnings about Badbox 2.0, a revived botnet targeting Android streaming devices and IoT gadgets like digital picture frames. Meanwhile, Kaspersky has detected a new Mirai variant targeting DVRs, exploiting CVE-2024-3721, an OS command injection flaw.
These threats are often exploited to create botnets for malicious activities, including DDoS attacks and data theft. With around 50,000 exposed vulnerable systems, the risk of widespread infections remains high, especially with attackers selling access to compromised devices.
