Hidden Surveillance Threats to U.S. Critical Infrastructure

How industrial espionage evolved from IP theft to infrastructure sabotage.

Joseph M. Saunders
Oct 15, 2025
Hacktivist Peshkov
istock.com/Peshkov

For decades, U.S. manufacturers worried primarily about Chinese intellectual property theft. 

Engineering blueprints disappeared. 

Proprietary processes were reverse-engineered. 

Trade secrets walked out the door.  

China’s goal was to acquire technology so that it could compete. But starting around 2014, those efforts began to shift to something far more insidious. Today, China is executing hidden surveillance operations designed to map, monitor, and ultimately disrupt American critical infrastructure.

In a September 2025 joint statement, a wide-ranging group of government agencies issued a warning about Salt Typhoon and the nation-state backed group’s focus on targeting telecommunications, government, transportation, lodging, and military infrastructure networks with a goal of maintaining persistent access.

Every industrial equipment manufacturer, critical infrastructure operator, and embedded systems developer needs to understand that China plays the long game. They are building a map of our infrastructure, our people, and our dependencies to exploit years from now.

Surveillance as Strategic Positioning

China’s surveillance efforts expand well into the world of critical infrastructure. Huawei embedded routers inside 5G networks, positioning them to survey traffic and gather trends about communications patterns and people. 

More recently, Salt Typhoon revealed indicators of compromise within telecommunications equipment globally, targeting government personnel and senior leaders. Rather than immediate disruption, the goal was to map the network of who talks to whom, when, and about what.

The Salt Typhoon campaign demonstrates just how patient and well-resourced these operations are. When comparing China's cyber operations, the U.S. is outnumbered pretty significantly - 50 to one. The Salt Typhoon team—likely dozens of operatives working on coordinated subprojects globally—compromised at least ten major telecommunications companies across the United States, Southeast Asia, and Africa. 

They maintained access for at least two years before detection in fall 2024.

What makes this particularly insidious is how they exploited the infrastructure of surveillance itself. The attackers targeted lawful intercept systems, or the mechanisms telephone companies use to comply with court-ordered wiretaps under the Communications Assistance for Law Enforcement Act (CALEA). 

If you create processes that enable backdoor entry, you have to think about how a bad actor can turn that process to their advantage. China flipped lawful intercept on its head, essentially snooping on the snoopers and stealing data that had already been collected for legitimate law enforcement purposes. They accessed transcripts of important telephone conversations without ever needing to touch a mobile phone or the physical telephone network.

But here's what industrial equipment manufacturers need to understand. These actors weren't just collecting conversation content. The metadata provides the blueprint of what's happening. 

It reveals patterns of communication, identifies which individuals and organizations are important, and maps relationships across infrastructure. For industrial operations, similar metadata from embedded systems, control networks, and supply chain communications creates an equally valuable intelligence picture.

Another example is the U.S. ban targeting Chinese LIDAR components and related software in U.S.-manufactured autonomous systems due to national security risks. The concern was systematic surveillance of trends across the United States, including tracking law enforcement, emergency response vehicles, and government fleet movements. Every data point contributes to a comprehensive picture of American critical infrastructure and operations.

The Industrial Equipment Vulnerability

For manufacturers of industrial equipment, embedded systems, and automation technology, the implications are stark. Under economic espionage, undermining economic activity in a country does cause harm to the prosperity of companies. It can lead to the theft of intellectual property. And if it's targeting critical infrastructure, it can undermine a country or government’s ability to provide basic services to the public.

Adversaries are actively:

  • Mapping software supply chains to identify dependencies.
  • Monitoring systems to understand operational patterns.
  • Collecting data that seems innocuous today but becomes strategic intelligence tomorrow.
  • Pre-positioning access for disruption at a time of their choosing.

Consider the power grid. One of the biggest vulnerabilities is the ability to manipulate demand, like creating surges when they don't naturally exist or forcing brownouts when systems are already stressed. But to execute that attack effectively, you first need years of surveillance data. What are the peak demand times? Which distributed energy resources are most relied upon? How does the grid respond to various conditions?

That's the data being collected today to enable tomorrow’s attacks.

Emerging Frontiers: Drones and Beyond

The surveillance game continues to evolve. Drone technology represents another frontier where the ability to collect position data, surveil operations, and exploit devices even when other detection signals are unavailable creates new vulnerabilities. 

It's a cat and mouse game playing out in real-time in Ukraine, where avoiding detection has become as important as the drone's primary mission. The lessons from that conflict are being studied intensely by both defenders and adversaries. Industrial operators need to question whether systems are designed with the assumption that someone might already be watching.

Surveillance threats to U.S. critical infrastructure focus on the long-term. Critical infrastructure operators need to take the same view to safeguard against present and future threats.

  • Assess Your Software Supply Chain: Every component, vendor, and connection point is a potential surveillance vector. Understanding the security posture of your suppliers is just as important as assessing your own.
  • Think Beyond Operational Security: Traditional industrial security focuses on preventing unauthorized access and ensuring uptime. Modern threats require thinking about what data systems generate, where it goes, and what patterns it might reveal over time.
  • Recognize the Timeline: Adversaries are collecting data today to enable attacks five or ten years from now. A strong security posture needs to account for long-term exposure, not just immediate threats.
  • Engage Vendors on Embedded Security: The PLCs, HMIs, and embedded systems that control industrial operations were often designed in an era when security was an afterthought. Those systems need hardening against memory-based exploits and surveillance backdoors that can persist for years undetected.

Nation-state adversaries are patient, well-funded, and playing a different game than traditional cybercriminals. They're not looking for immediate payoff, but planning strategic ways to disrupt critical infrastructure and any industrial advantage that the U.S. may have.

The long game requires long-term thinking. Our adversaries understand this. The question is: do we?

Latest in Safety
Fixing Congested/Underutilized Loading Docks
Sponsored
Fixing Congested/Underutilized Loading Docks
June 2, 2026
Ep562
Manufacturing Defect Could Cause 88K Harleys to Spray Oil
June 3, 2026
I Stock 636545300
A Lot of 'Recycled' Plastic Is Being Burned Overseas
June 3, 2026
The company logo is shown on the grille of an unsold 2026 F-series pickup truck on the lot of a Ford dealership Sunday, Nov. 2, 2025, in Littleton, Colo.
Ford Recalling Nearly 420,000 Vehicles for Seat Belt Issue
June 3, 2026
Related Stories
Christina Williams, right, hugs Tracy Cook during a candlelight vigil honoring the victims of a blast at an explosives plant, Accurate Energetic Systems, Sunday, Oct. 12, 2025, in Waverly, Tenn.
Safety
Painstaking Investigation to Follow as Authorities Name 16 Killed in Tennessee Plant Blast
Smoke fills the air as debris covers the ground and vehicles after a powerful blast ripped through a military explosives manufacturing plant in Hickman County, Tenn., on Friday, Oct. 10, 2025.
Safety
16 People Died In Blast At Tennessee Explosives Factory Early Friday, Sheriff Says
The logo for the Tesla Supercharger station is seen in Buford, Ga, April 22, 2021.
Safety
Tesla's So-Called Full Self-Driving Technology Faces Another Investigation
Building AI-Powered Operations and Systems That Win
Sponsor Content
Building AI-Powered Operations and Systems That Win
More in Safety
Bringing the Power of Video AI Tools to the Plant Floor
Sponsored
Bringing the Power of Video AI Tools to the Plant Floor
Video AI agents uncover production floor risks, including missing PPE, idle workstations and operational bottlenecks.
June 2, 2026
Ep562
Safety
Manufacturing Defect Could Cause 88K Harleys to Spray Oil
It's like "shaking up a bottle of coke and then uncapping the lid."
June 3, 2026
I Stock 636545300
Operations
A Lot of 'Recycled' Plastic Is Being Burned Overseas
And causing widespread pollution linked to health problems.
June 3, 2026
The company logo is shown on the grille of an unsold 2026 F-series pickup truck on the lot of a Ford dealership Sunday, Nov. 2, 2025, in Littleton, Colo.
Safety
Ford Recalling Nearly 420,000 Vehicles for Seat Belt Issue
Replacing and expanding on two previous NHTSA recalls.
June 3, 2026
AP Photo/John Raoux
Operations
Blue Origin Says Rocket Explosion Spared Fuel Tanks, Key Launch Pad Parts
CEO says, "We will fly again before the end of this year."
June 2, 2026
Giantexlounge
Safety
Lounge Chairs Recalled Due to Amputation Risk
One person has been injured.
June 1, 2026
Yellow police tape is seen on May 27, 2026 outside the Longview, Wash. paper mill where a deadly chemical tank failure occurred.
Safety
How Chemical Tank Disaster Struck at Heart of Washington State Mill Town
Generations of families have worked in the local mills.
June 1, 2026
Flooring
Safety
Why Industrial Flooring Is Shifting From Maintenance Expense to Strategic Safety Asset
The global industrial flooring market in 2025 is already valued at more than $5 billion.
May 29, 2026
Maxresdefault
Safety
Wisconsin Castings Supplier Suffers 'Significant Fire Event'
The company provides parts to Harley-Davidson, ZF Group and Dana Inc.
May 29, 2026
Soldiers and airmen from the Washington National Guard's 10th Homeland Response Force offer support to first responders following an implosion of a chemical tank at Nippon Dynawave pulp and paper mill on Thursday, May 28, 2026, in Longview, Wash.
Safety
Crews Recover 6 of 9 Victims Missing After Washington Chemical Tank Rupture
It's one of the deadliest U.S. workplace accidents in recent decades.
May 29, 2026
A Blue Origin New Glenn rocket explodes during an engine-firing test on Thursday, May 28, 2026, in Cape Canaveral, Fla.
Safety
Blue Origin Rocket Explodes on Launch Pad
WATCH: The company is searching for the root cause.
May 29, 2026
Longview Fire Department Battalion Chief Matt Amos speaks at a press conference in Longview, Wash., Tuesday, May 26, 2026, at the site of a paper mill where a chemical tank failure killed at least one person and left others unaccounted for.
Safety
West Coast Chemical Emergencies Raise Questions About Safety of Massive Industrial Tanks
Here's what to know.
May 28, 2026
Ep559
Safety
Boiler-Related Explosion at International Paper's NC Plant Injures Multiple Workers
The company has closed the facility.
May 28, 2026
Water is sprayed on a damaged tank at GKN Aerospace in Garden Grove, Calif., on Sunday, May 24, 2026, after the tank containing a chemical used to make plastic parts overheated Thursday.
Safety
Fears Remain as California Residents Evacuated Due to Chemical Tank Threat Return Home
50,000 people fled as officials warned of the potential for a catastrophic explosion.
May 28, 2026
Damage is seen at Nippon Dynawave Packaging Co., after a tank containing hazardous liquid imploded, on Tuesday, May 26, 2026, in Longview, Wash.
Safety
Likely Death Toll Rises to 11 After Washington Paper Mill Tank Rupture
New information regarding the incident has been revealed.
May 28, 2026