US Utilities Warn of Grid Cybersecurity Risks Amid Federal Funding Shortfalls
Utility executives and grid security analysts have warned Congress that U.S. federal funding for cybersecurity is not keeping pace with the increasing threat of nation-state cyber intrusions, particularly from Chinese actors. Leaders from investor-owned utilities, rural cooperatives, and national laboratories testified that Chinese hackers are already embedded within U.S. energy infrastructure, and that the next wave of attacks is likely to exploit persistent resource gaps, especially in rural systems and outdated operational technology. The testimony highlighted that modern cybersecurity defenses require significant upfront investment and ongoing funding, which many utilities—especially rural cooperatives—struggle to secure.
The warnings come as researchers and officials describe a threat environment shaped by nation-state adversaries conducting pre-positioning campaigns, embedding themselves in operational technology networks in preparation for potential destructive attacks. Despite Congressional authorization for Department of Energy grants aimed at bolstering rural and municipal utility cybersecurity, the release of these funds has been delayed, further undermining the sector's readiness to defend against sophisticated cyber threats targeting critical infrastructure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
House subcommittee hears warnings of Chinese access in U.S. energy systems
Utility executives and grid security analysts told a House Energy and Commerce subcommittee that Chinese threat actors are already embedded across U.S. energy infrastructure and are pre-positioning in operational technology environments. They warned that adversaries are exploiting supply-chain and trusted-vendor relationships and that current federal support is not keeping pace with the threat.
DOE cybersecurity grants to rural and municipal utilities remain undistributed
Witnesses said Department of Energy cybersecurity grants intended for rural electric cooperatives and municipal utilities had not yet been released to awardees. They warned the delays were leaving smaller utilities exposed as they struggle to fund and sustain modern defenses.
Administration proposes FY2026 cuts to DOE cyber and grid resilience programs
The administration's FY2026 budget request proposed reductions to Department of Energy cybersecurity spending, including cuts to CESER and broader grid modernization and resilience funding. Utilities said the proposed reductions would weaken support for defending critical energy infrastructure.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Chinese State-Linked Cyber Intrusions Targeting US Water Utilities
Hackers associated with China have gained unauthorized access to the IT networks of hundreds of small and medium-sized water utilities and other critical infrastructure providers across the United States. These intrusions are believed to be part of a broader strategy to position Chinese actors to sabotage American water and power supplies in the event of a geopolitical conflict, particularly if tensions escalate over Taiwan. U.S. officials have been aware of this threat for over two years, and recent reporting has brought renewed attention to the scale and persistence of these cyber operations. The targeted utilities are often located in rural areas and small towns, which typically lack the cybersecurity resources and expertise of larger metropolitan systems. The operational technology (OT) systems that control water treatment and distribution are especially vulnerable due to their increasing automation and remote accessibility. The risk is compounded by a significant resource gap, as many of these utilities struggle to defend against sophisticated nation-state threats. Efforts to bolster defenses have included the launch of two non-profit initiatives aimed at supporting critical infrastructure operators, but these programs face their own limitations. One of the non-profits has paused its activities to recalibrate its approach, while the other is only able to provide assistance in a limited number of states due to resource constraints. The threat underscores the broader challenge of protecting critical infrastructure in the United States, where many essential services are managed by small organizations with limited budgets. The potential for cyber sabotage of water and power systems raises concerns about the resilience of civilian infrastructure in the face of international conflict. U.S. government agencies have issued warnings and guidance to utilities, but implementation of robust security measures remains inconsistent. The situation highlights the need for increased investment in cybersecurity for critical infrastructure, particularly in rural and underserved areas. The ongoing threat from Chinese-linked hackers demonstrates the strategic importance of water and power utilities as potential targets in modern cyber warfare. The exposure of these vulnerabilities has prompted calls for greater public-private collaboration and federal support. The risk is not limited to water utilities, as other sectors of critical infrastructure may face similar threats from state-sponsored actors. The revelations serve as a wake-up call for the urgent need to address cybersecurity gaps in essential services. The possibility of coordinated attacks on infrastructure during a geopolitical crisis could have far-reaching consequences for national security and public safety. The current state of preparedness among small utilities is insufficient to counter the scale and sophistication of the threat. The situation remains dynamic, with ongoing efforts to assess and mitigate the risks posed by foreign cyber actors.
Mar 21, 2026
US Cybersecurity Policy and Preparedness Efforts for Critical Infrastructure and Government Networks
U.S. lawmakers and agencies are advancing multiple efforts to sustain and strengthen cybersecurity capabilities, with some federal authorities at risk of lapsing if Congress fails to avert a government shutdown. Nextgov/FCW reported that the **Cybersecurity Information Sharing Act of 2015**—which provides liability protections to enable private-sector sharing of threat intelligence with the government—and the **National Cybersecurity Protection System** (a federal civilian network intrusion-detection and prevention capability) were both tied to Department of Homeland Security funding legislation and faced imminent expiration absent reauthorization. The same DHS legislative vehicle was also described as key to reauthorizing the **State and Local Cybersecurity Grant Program**, which has provided **$1B** to improve cybersecurity at state and local entities. In parallel, Congress is considering sector-specific measures to improve resilience in energy and utility environments, while the Department of Energy continues operational readiness exercises. Nextgov/FCW highlighted proposed legislation including the **Pipeline Cybersecurity Preparedness Act** (DOE-led programs to improve pipeline/LNG cybersecurity, information sharing, and incident response coordination) and the **Rural and Municipal Utility Cybersecurity Act** (expanding grant and technical assistance for smaller utilities, with **$250M** proposed for FY2026–2030 and protections for sensitive shared cyber information). Separately, Industrial Cyber reported on DOE’s annual **Liberty Eclipse** exercise on Plum Island, which uses an isolated grid environment to train utilities and partners to detect, respond to, and recover from simulated attacks including **ransomware** and stealthy compromise scenarios spanning IT/OT and real-time operations teams.
Mar 21, 2026
US Critical Infrastructure Security and Modernization Initiatives
US critical infrastructure faces increasing threats from both aging technology and sophisticated nation-state adversaries, prompting urgent calls for modernization and enhanced security. Experts highlight the unique challenges of operational technology (OT) environments, such as legacy systems and limited budgets, and discuss Tennessee's ambitious efforts to become the most secure state by hardening its power grids, water systems, and industrial controls. Nationally, organizations like the Institute for Critical Infrastructure Technology (ICIT) are advocating for a comprehensive vision to strengthen and modernize critical infrastructure by 2026, emphasizing the need for greater awareness, investment, and resilience against both physical and cyber threats. Recent incidents underscore the severity of the threat landscape, with Chinese state-sponsored actors reportedly pre-positioning themselves within US water utilities and other essential services, moving beyond espionage to potential disruptive and destructive operations. The growing vulnerability of basic services, such as electricity and water, has become a political and security flashpoint, with rising costs and overdue bills compounding the risks. These developments have drawn attention from policymakers, industry leaders, and the public, reinforcing the necessity for coordinated action to protect the nation's critical infrastructure from evolving cyber and physical threats.
Mar 21, 2026