I spend my days dissecting the layers of infrastructure to spot where the cracks might let in the flood. Right now, with geopolitical tensions simmering and tech advancing at breakneck speed, those cracks are widening in places like our fuel refineries, water treatment facilities, and power grids; systems that seem rock solid until a threat actor finds the weak link. The truth is, skipping proper operational technology security is not just an oversight; it is an invitation to crippling exploits, whether from foreign states plotting long-game disruptions or domestic players chasing chaos or cash. [1]
The SAFE LiDAR Act, introduced on December 10, 2025, by Rep. Raja Krishnamoorthi, offers a clear example of how to tackle these vulnerabilities. LiDAR, or Light Detection and Ranging, works like an advanced radar system, emitting thousands of laser pulses per second to reflect off objects and calculate distances, building accurate 3D representations of the surroundings. It powers self-driving cars to detect and avoid obstacles, helps surveyors create detailed land maps, or assists drones in inspecting remote pipelines. Chinese companies lead the worldwide LiDAR market, sparking fears of embedded flaws for spying or disruption. The legislation calls for ending new acquisitions from nations like China, Russia, Iran, or North Korea within three years and purging current installations over five years, including options for academic exceptions or key national waivers. The Commerce Department would form a team to evaluate future threats, positioning this as a sensible defense against intelligence gathering and tampering with supply chains. Krishnamoorthi stressed that this tech might give authoritarian regimes a hidden gateway into American networks, consistent with the House Select Committee on the CCP’s prior moves, such as the September prohibition on federal transport funds for foreign LiDAR and last year’s drive for company blacklists. [2]
The emphasis on LiDAR reveals more profound weaknesses in our vital sectors, where OT, the specialized tools overseeing physical actions like regulating flows, monitoring pressures, and managing switches, often misses out on strong defenses, inviting abuse. Lacking steps like isolated networks, secure data transfers, or consistent checks for flaws, attackers can turn these oversights into major damage. Foreign governments excel at this, planting quiet footholds for later use. China’s Volt Typhoon, for example, has burrowed into U.S. energy and water OT since at least 2023, ready to spark blackouts or pollution if needed, as the 2025 U.S. Intelligence Community report details. [3] Russia-backed teams target open ports like VNC to tweak utility functions, possibly tainting water or stopping fuel pumps, per CISA’s December 9 warning. [4] Iran-aligned groups plant code to overload electrical setups, akin to their 2024 strikes on partner countries. [5] A real-world example is Russia’s 2015 Ukraine grid assault, where OT access darkened homes for 230,000 people; a parallel on U.S. refineries might drive up costs or trigger spills. [6] Likely tactics include distant orders to spike pipeline pressures for bursts or shift water chemicals to address health threats; all possible via linked systems, allowing jumps from hacked office tech and threat actors living off the land to go unseen.
Domestic threats compound the issue, using weak OT for revenge or gain. Internal bad actors, like unhappy workers, might remotely tweak settings for breakdowns, as in the 2021 Florida water hack, where a hacker boosted lye to harmful levels. [7] Activists could swamp control systems to make points, while hackers encrypt OT for payoffs, stalling everything. The 2021 Colonial Pipeline closure halted East Coast gas for days. [8] The Justice Department’s December 9 bust of a Russia-connected person for infrastructure hits shows how local enablers boost overseas dangers. Still, independent U.S. cases like the 2024 NoName057(16) water plant boast homegrown power for destruction. [9] Without safe patching, standard reviews, or separate setups, these attacks escalate from minor blips to broad financial and/or safety messes faster than you can say powned PLC.
The potential race to refine heightens these fears. As sanctions ease under ongoing negotiations, U.S. refineries optimized for heavy Venezuelan crude could see increased throughput, but many operate on legacy OT susceptible to remote exploits. U.S. has seized a tanker and imposed new sanctions, leading to supply disruptions and reduced exports. This could affect potential business opportunities due to increased tensions and infrastructure vulnerabilities. Hydrocarbon Processing’s November analysis found that 42 percent of U.S. energy firms are facing weaponized AI and phishing attacks, underscoring the urgency of upgrades before ramping up production. [13] Brookings’ November report advocates resilience measures in energy against state threats. [14] Hastening without fortified OT is like accelerating a vehicle with faulty brakes, effective in the short term, disastrous in the long term.
AI datacenters add another layer of supply chain peril, where undetected threats could embed in unexpected components. These hubs, crammed with servers and GPUs for model training and inference, source hardware globally, increasing the risk of compromised components from adversarially linked vendors. A rigged chip or firmware could enable data leaks or operational halts, as warned in OWASP’s 2025 AI risk framework. [15] Verifiable trends show supply chain attacks doubling in 2025, with malware injected into software dependencies for data center tools, according to Cyble reports. [16] Probable exploits include a hostile supplier planting backdoors during assembly, allowing espionage on processed data or triggering failures under load; harder to spot without end-to-end vetting, echoing the previous SolarWinds nightmare fuel but tailored to AI scale.
Locals near these sites continue to experience strife. In the past three weeks, over 230 environmental groups demanded a U.S. moratorium on December 8, highlighting unsustainable resource drains. [12] Arizona’s Chandler City Council unanimously rejected a center on December 12 amid resident complaints about noise and grid overload. [13] Florida’s Palm Beach County postponed votes on December 12 for deeper impact reviews on land and water. Job creation is minimal; 1,000-ish during construction, dropping to 50-200 for maintenance, offering little offset to humming disturbances, water guzzling in arid zones, or bill spikes from power demands, as Stateline November 17 detailed. [12]
To leverage AI without catastrophic fallout, viable options exist that balance innovation and responsibility. Source from verified domestic suppliers to minimize chain embeds, and mandate audits for hardware integrity. Locate centers in cooler regions with renewable energy grids, such as solar, which could help keep residential energy costs steady or even lower by decentralizing generation and reducing the burden on the grid from large consumers who often secure reduced power rates through incentives and custom utility contracts. Adopt immersion cooling to slash water use by 90 percent and opt for modular expansions with community consultations to address local impacts. Enforce pre-build environmental assessments for air quality and noise, as HBR November recommends for mitigating “digital smog.” [14] These approaches let AI advance without eroding trust or resources through balanced, actionable strategies.
The SAFE LiDAR Act is a solid step to fortify our mappings and chains. The intelligent response is to extend that diligence to AI builds and OT exposures, prioritize segmentation, encryption, and audits, because that is the command and control our resilience requires.
Sources:
Hindi 
English 
French 