Resilience: The Key to Withstanding AI-Driven Cyberattacks on Critical Infrastructure

Cybersecurity experts warn that the threat of AI-enhanced cyberattacks on critical infrastructure is no longer science fiction, as recent events highlight vulnerabilities in national systems. In November 2024, a cyberattack on DP World—one of Australia’s largest port operators—forced the shutdown of key terminals for three days, disrupting supply chains and delaying cargo movement nationwide.

While the breach exploited a known vulnerability in DP World Australia’s corporate network, experts caution that the situation could become far more dangerous if adversaries were to deploy autonomous AI agents to infiltrate control systems. Such an AI-powered attack could map operational technology networks in real time, escalate privileges, and coordinate shutdowns across multiple facilities within minutes—potentially crippling seaports, power grids, and other critical infrastructure.

“Agentic AI is the next frontier,” said Jamie Moles, senior technical manager at ExtraHop. He noted that even a seemingly simple phishing attack could serve as a gateway for an AI agent to move laterally across systems if proper safeguards are not in place.

Critical infrastructure, already burdened by aging legacy systems, is particularly at risk. Alex Yevtushenko, co-founder and CEO of Salvador Technologies, stated, “Critical infrastructure, especially national systems, often relies on outdated legacy technology, which is particularly vulnerable. AI-driven automation of malicious code only amplifies these weaknesses.”

The financial and societal consequences of such attacks could be catastrophic. Healthcare ransomware incidents, for example, cost hospitals $21.9 billion in downtime losses between 2018 and 2024, according to a report by Comparitech. Experts warn that attacks on critical infrastructure not only result in financial loss but also threaten public safety and national security. AI-enhanced attacks could disrupt emergency services, contaminate water supplies, and halt internet access, among other devastating outcomes.

Given these risks, experts argue that traditional prevention-focused cybersecurity strategies must be augmented with an emphasis on resilience. Resilience in this context refers to the ability to detect breaches swiftly, restore operations in seconds, and minimize overall disruption. Yevtushenko stressed, “Organizations need to focus on resilience—ensuring that even if an attack occurs, they can recover in seconds, not hours or days.”

Both Moles and Yevtushenko highlighted the growing role of AI in defense. AI-driven monitoring systems can perform expansive behavioral analysis and anomaly detection, enabling rapid automated responses to contain breaches. However, Yevtushenko cautioned that while AI can enhance defenses, attackers will also harness its capabilities, meaning that resilience and rapid recovery remain paramount.

In addition to technological upgrades, experts call for regulatory reforms and better training for critical infrastructure operators. “Governments must take a three-pronged approach: disrupting cybercriminal operations with stricter penalties and international cooperation, supporting organizations in integrating AI into their cybersecurity strategies, and educating operators with advanced security tools and continuous training,” said Yevtushenko.

As both attackers and defenders race to leverage AI, the message is clear: the future of critical infrastructure security hinges on building systems that not only prevent breaches but also recover rapidly when incidents occur. With AI-driven cyberattacks on the horizon, resilience may prove to be the most decisive factor in maintaining national security and economic stability.

Photo Credit: DepositPhotos.com