8-minute read | 1,750 words
What to know this week
US surveillance system experiences a major cyber incident.
The Federal Bureau of Investigation (FBI) suspects China compromised major amounts of sensitive data.
CISA issues warning regarding Iranian-affiliated hacking.
Several governmental agencies co-published an advisory warning critical infrastructure companies of ongoing suspected Iranian hacking efforts targeting industrial control systems.
This week's full stories
FBI announces major cyber incident.
THE NEWS
Last week the FBI announced a cyber intrusion into the agency’s surveillance systems. In this self-described “major incident,” the FBI believes that Chinese-affiliated hackers targeted the system which stored sensitive law enforcement information.
Due to the scale and severity of the hack, the FBI has classified the event as a “major incident” under the Federal Information Security Modernization Act (FISMA) statute. For context, FISMA requires agencies to report internal incidents to lawmakers within seven days if the event is “likely to result in demonstrable harm” to national security. Further, under FISMA guidelines, events are deemed major if it involves personally identifiable information being exfiltrated and/or compromised or if the event creates risks to national security, public confidence, civil liberties, or foreign relations.
While the FBI has declined to comment on the recent designation, it did point to an early statement on the matter, reading:
The “FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond.”
When making that comment in March, the FBI stated that the attackers were able to infiltrate the agency by “leveraging a commercial Internet Service Provider’s vendor infrastructure.”
Senator Mark Warner, a leading member of the Senate Intelligence Committee, commented on the incident, stating:
“This incident is yet another stark reminder that the threat from sophisticated cyber adversaries like China has not gone away - in fact, it’s growing more aggressive by the day.”
THE KNOWLEDGE
While the details of this hack are still unclear and developing, this would mark the third major Chinese-linked cyber attack in only a few years. Previously, two other advanced persistent threats, dubbed Volt Typhoon and Salt Typhoon, were able to compromise critical infrastructure sectors and telecommunication providers respectively.
In 2024, the United States (US) alongside several international intelligence partners issued a warning about Volt Typhoon’s efforts to target critical infrastructure. While these warnings were issued in 2024, experts believe that these hacking efforts could be traced back to 2021, if not longer. In these hacks, Volt Typhoon would use malicious software and exploit vulnerabilities to infiltrate internet-connected systems within critical infrastructure sectors, such as wastewater and energy, which had the potential to significantly disrupt power and water facilities and create significant economic harm. Though the incident was addressed and new cybersecurity requirements were put into place to prevent similar incidents from occurring again, a second major incident occurred in 2024.
Salt Typhoon was another major cyber incident where Chinese-affiliated hackers were able to compromise large swaths of telecommunications infrastructure. In the attack, the hackers were able to exploit technical vulnerabilities, infiltrate communication networks, and gain access to large amounts of records detailing where, when, and with whom people were speaking. Additionally, there were reports that the attackers were also able to access the contents of phone calls and text messages as well.
Coupling this latest incident with these recent major attacks, it is clear that Chinese state-sponsored hacking activities have become an increasingly aggressive trend that the US has been struggling to counter.
THE IMPACT
While state-sponsored hacking is not new, the recent wave of Chinese-linked intrusions signals a shift in both scale and impact. Rather than focusing on corporate theft or espionage, these attacks have aimed to undermine government operations, public trust, and national security.
This most recent breach is particularly significant as it suggests that even some of the US’s most advanced agencies are vulnerable to supply chain attacks. If these attackers were able to access significant amounts of sensitive information, the consequences will likely extend far beyond data loss as it could expose confidential sources, investigation methods, or create long-term operational blind spots.
For businesses, these attacks are likely not going to target them directly; however, the downstream effects could. Attacks against telecommunication providers, critical infrastructure, or other key systems could easily compound into supply chain disruptions, degraded communications, or other significant impacts. Given these impacts, businesses need to be able to operate in a world where attacks like these are not a potential chance, but something that is likely to occur over the next few years, especially if new cybersecurity regulations and requirements are not mandated.
CISA releases advisory warning about Iranian-affiliated cyber attacks.
THE NEWS
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) published a new cybersecurity advisory warning about Iranian-affiliated cyber actors targeting critical infrastructure. In the advisory, CISA warns that Iranian hackers are looking to target internet-connected programmable logic controllers (PLCs), which are oftentimes used in industrial computers to control and run critical infrastructure systems.
More specifically, Iranian hackers are already exploiting logic controllers developed by Rockwell Automation/Allen-Bradley and are looking to target PLCs from other companies. In the advisory, CISA advises companies to remove this software from direct internet exposure and check activity logs for any suspicious behaviour. CISA also noted that these attacks are similar to ones carried out in 2023 by the Iranian hacking group known as CyberAv3ngers.
Kimberly Mielcarek, the Vice President of the North American Electric Reliability Corporation, commented on the matter, stating:
“Our Watch Operations team is actively monitoring the grid, while we continue to coordinate closely with the Department of Energy, the Electricity Subsector Coordinating Council, and our federal and provincial partners.”
The advisory was jointly produced by CISA, the National Security Agency, the FBI, Cyber Command, the Department of Energy, the Environmental Protection Agency, and the Cyber National Mission Force.
THE KNOWLEDGE
Since war broke out between the US and Iran, the two sides have been waging both a traditional war alongside an asymmetrical one in cyberspace. One of the key stress points within the US has been Iranian actors targeting various critical infrastructure sectors.
Earlier in the conflict, the Center for Strategic & International Studies (CSIS) published a report detailing the Iranian hacking activities at the time. The group noted that major cyber activities included:
- Disabling the nation’s domestic internet capabilities to diminish visibility and communications.
- Engaging in reconnaissance efforts to support kinetic operations.
- Launching destructive attacks, including hacktivism, against a broad range of nations to deface websites and offline services.
However, since these early actions, these efforts have continued to escalate. For example, DigiCert noted that since the conflict began, they tracked over 5,500 cyberattacks launched by over fifty Iranian-affiliated groups. Additionally, Iran also claimed responsibility for hacking Stryker, a Michigan-based medical technology company as well as installed destructive ransomware on another healthcare company to shut it out of its own network.
Though there may be a temporary two-week ceasefire in the region, it is unclear if this deal will hold. If it does not, it is highly likely that Iran will continue to deploy increasingly disruptive and damaging cyber attacks.
THE IMPACT
Even with the Trump administration’s two-week ceasefire, CISA’s advisory demonstrates that Iran’s cyber campaign has the potential to severely impact critical infrastructure sectors within the US. These attacks on PLCs carry the potential for devastating real-world operational consequences including equipment damage, safety risks, and widespread service outages.
Additionally, given the number of agencies attached to this security advisory, this notice indicates that Iranian actors have the capacity to launch significantly disruptive operations that impact a wide array of domestic infrastructure sectors. Organizations within the industrial space should assume that they are potential targets, even if they do not utilize systems listed in the advisory, and take steps to ensure security and recovery systems are as secure as possible.
This Week's Caveat Podcast: Privatizing cyberspace.
Dave Bitner and Ben Yelin look into two key stories. Dave brings a story breaking down the privatization of cyberwarfare and how this trend will likely complicate oversight processes, create counterintelligence risks, and fuel cyberarms races across the world. Ben has a story from Georgia where residents in Dunwoody have begun to cut ties with Flock Safety, a security firm. Consumers are concerned that Flock’s video cameras are vulnerable to hacker exploitation and customer data is not being handled appropriately.
OTHER NOTEWORTHY STORIES
Trump administration proposes expanding Chinese tech crackdown.
What: The Federal Communications Commission (FCC) wants to expand the import ban on Chinese-made technologies.
Why: On Friday, the FCC proposed banning the importation of Chinese-manufactured equipment from a group of manufacturers. The FCC is looking to expand on a previous ban list, which included Huawei, ZTE, Hytera, Hikvision, and Dahua.
With the proposal, the agency stated that it had concluded that:
“Prohibiting the continued importation and marketing of previously authorized equipment added at that time is necessary to protect national security by mitigating risks to the US communications sector.”
Under the proposal, the FCC would still permit the usage of equipment already purchased.
APR 3, 2026 | Source: Reuters
OpenAI publishes an AI policy blueprint.
What: OpenAI has published a policy blueprint for regulating artificial intelligence (AI).
Why: On Monday, OpenAI published a new blueprint for regulating AI. In this blueprint, OpenAI proposes that regulations need to both build an open economy and support the development of a more resilient society. Within these two goals, OpenAI proposes some of the following regulations:
- The expansion of the energy grid.
- The creation of auditing regimes for frontier AI models.
- Creating a public wealth fund.
- Modernizing the tax base.
With this document, OpenAI does acknowledge these ideas are not meant to be fixed policies, but rather act as a starting point for a broader conversation to push for more concrete AI regulations.
In the document, the blueprint wrote:
“Industrial policy can play an important role when market forces alone aren’t sufficient - when new technologies create opportunities and risks that existing institutions aren’t equipped to manage.”
APR 6, 2026 | Source: OpenAI
Ireland considers new surveillance bill.
What: Ireland is considering a bill that would legalize spyware use by police.
Why: On Tuesday, reports emerged that Ireland is considering a new law, which, if passed, would allow law enforcement to utilize spyware including commercial spyware. The bill, known as the Communications (Interception and Lawful Access) Bill, would update the nation’s existing surveillance law allowing its powers to now apply “to all forms of communications.” This update would include encrypted messages as well as related metadata.
Aljosa Ajanovic, policy advisor at European Digital Rights, commented on bill stating:
“Ireland’s proposal fits into a worrying broader European and global trend towards the normalization of spyware use.”
APR 7, 2026 | Source: Tech Policy Press