• Neeve
  • Posts
  • ⚔️Critical Infrastructure Fortifies Against AI-Enhanced Warfare

⚔️Critical Infrastructure Fortifies Against AI-Enhanced Warfare

Fines, leaks, and hacks—key cyber updates

Author

Alison Bridge
August 19, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

CISA collaborates with international partners to release "Foundations for OT Cybersecurity: Asset Inventory Guidance," providing systematic approach for protecting industrial control systems across energy, water, and manufacturing sectors from escalating cyberattacks.

  • Framework utilizes ISA/IEC 62443 standards with asset classification into Zones and Conduits for enhanced security management

  • Organizations must track 14 high-priority attributes including MAC addresses, IP addresses, protocols, criticality ratings, manufacturer data

  • Developed through collaborative sessions with 14 organizations across Energy Sector oil/gas, electricity, and Water/Wastewater sectors

  • Assets classified as high-criticality (requiring network segmentation), medium-criticality (robust monitoring), low-criticality (basic security)

  • Integrates CISA KEV Catalog and MITRE CVE database for continuous threat assessment and real-time process monitoring

  • Addresses vulnerabilities in legacy systems, weak authentication, insufficient segmentation, insecure OT protocols like Modbus and DNP3

🤔 The Bigger Picture:

CISA's comprehensive OT framework provides facility managers with structured approach to securing building automation systems, HVAC controls, and industrial processes. This guidance enables organizations to build defensible architectures while maintaining operational continuity, directly supporting smart building security strategies that Neeve customers need for protecting integrated building management systems.

🏢 Intelligent Security Bridges Smart Facility Management Across Multiple Sites

Security professionals and facility managers can now unlock unified environments that enhance operational efficiency, reduce energy consumption, and protect critical infrastructure by integrating intelligent cameras with central management platforms.

  • Central intelligence manager platforms enable real-time building system data access, predictive maintenance scheduling, and comprehensive operational insights

  • Intelligent cameras function as multipurpose sensors supporting safety management, operations, network management, and property management

  • Hybrid cloud architecture with smart edge devices simplifies remote management while easing IT workload through automated lifecycle updates

  • Advanced analytics include object detection, cross-line detection, occupancy monitoring for tracking movement and assessing real-time conditions

  • Live equipment audits in data centers and utility spaces reduce downtime while visual data overlays combine video with operational labels

  • Integration detects risks other sensors miss: combustible materials in utility rooms, missing lockout devices, cabinets left open

🤔 The Bigger Picture:

Intelligent security integration transforms traditional building management by combining video surveillance with operational technology monitoring. Facility managers gain comprehensive oversight of critical infrastructure spaces like telecommunications closets, utility huts, and building systems, enabling rapid fault detection and enhanced safety protocols essential for modern smart building operations.

Defense contractors face persistent AI-driven cyberattacks targeting decentralized supplier networks, with autonomous agents compromising third-party vendors to degrade national military capabilities through accumulated operational disruptions.

  • AI agents autonomously compromise email systems, cloud services, remote desktops across hundreds of suppliers lacking resources to patch vulnerabilities

  • Attacks appear as "normal" disruptions (delayed deliveries, corrupted files) while accumulating damage over time to weaken fleet readiness

  • Single missile costs millions and hits one target; AI-powered cyberattack costs almost nothing and can disrupt entire economies

  • Adversaries deploy continuous pressure campaigns below kinetic conflict threshold, making attribution slow or impossible

  • Traditional deterrents fail against autonomous campaigns that learn, adapt, evolve faster than human defenders can respond

  • Defense contractors must deploy AI-powered agents to exploit their own environments before attackers do

🤔 The Bigger Picture:

AI-powered supply chain attacks against defense infrastructure signal broader threats to critical facility operations that depend on third-party vendors and contractors. Building operators must assess their own supplier ecosystems for cybersecurity gaps, as AI-enhanced attacks can infiltrate building automation networks through compromised maintenance contractors, equipment vendors, and cloud service providers.

Further Alerts & Insights

🎭 Ransomware Actors Blending Legitimate Tools with Custom Malware

Crypto24 ransomware group demonstrates sophisticated evolution by seamlessly combining legitimate administrative tools like PSExec and AnyDesk with custom malware to execute precision strikes. The group targets financial services, manufacturing, and technology sectors across Asia, Europe, and the US, using living-off-the-land tactics and strategically timing attacks during off-peak hours to minimize detection while maximizing impact.

🤖 AI Agents Highly Vulnerable to Hijacking Attacks

Research from Zenity Labs reveals widespread vulnerabilities in AI agents from Microsoft, Google, and OpenAI that allow attackers to exfiltrate data and manipulate workflows with minimal user interaction. Demonstrations showed how ChatGPT, Microsoft Copilot Studio, Salesforce Einstein, and Google Gemini could be compromised to steal sensitive conversations, leak CRM databases, and turn AI assistants into insider threats targeting users with social engineering attacks.

💰 Financial Impact from Severe OT Events Could Top $300B

New report from Dragos and Marsh McLennan warns that catastrophic cyber events disrupting operational technology could cause nearly $330 billion in annual global losses. Business interruption costs alone would exceed $172 billion in a 1-in-250-year tail event, with indirect losses from supply chain disruptions representing the greatest underestimated risk. Manufacturing companies often focus cybersecurity budgets on IT networks while underestimating OT business interruption impacts.

🏭 Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products

Rockwell Automation released patches for critical and high-severity vulnerabilities affecting industrial automation products including FactoryTalk, Micro800 PLCs, and ControlLogix systems. Key fixes include CVE-2025-7972 allowing attackers to disable FTSP token validation, Azure RTOS remote code execution flaws, and CVE-2025-7353 enabling remote code execution in ControlLogix products. CISA published corresponding advisories warning of potential risks to industrial control systems.