We at Homeland Security Today have once again reached out to our Editorial Board, columnists, and community of subject-matter experts to ask for their assessment of the threats facing the nation in 2025. As our readers know, our experts come from a unique cadre with practical experience who have devoted their careers to defending and protecting America. In this three-part series, we share their assessments of the risks and vulnerabilities that should be at the forefront of our community.
“As much as some things change, some things remain the same.”
These forecasts converge on broad themes that are no surprise to the homeland security community – terrorism, unmanned aircraft systems, cyber risks, threats from China, insider threats – and they also present broader topics, such as the national debt and our healthcare infrastructure, as areas of vulnerability that require immediate attention and focus. The homeland security community is faced with potential risks from numerous political, social, domestic and international threats and must adapt to the evolving technological landscape like artificial intelligence and quantum computing, while maintaining vigilance toward the ongoing threat from the Taliban, Islamic State of Iraq and Syria (ISIS), China, and Russia.
What follows has been categorized into three sections, those forecasts dealing with >>Terrorism (lone actors, ISIS, DVE),
>>Cyber & Advanced Technology (cybersecurity, UAS), and
>>Multidimensional Threats (political polarization, biotechnology, supply chains).
Some assessments are excerpts from the full submissions, but their content will be available in its entirety as well, and we encourage you to follow the links and read the comprehensive information shared here. We also appeal to you to share your thoughts and ideas with us. We prize those “on the ground” and want to be sure that we share information with the community.
Whether a new threat on the horizon or the familiar threat that’s arisen in varied forms over the years, the following collection of assessments is a comprehensive and honest look into our challenges. It’s also a conversation starter for developing the ways we can move forward in our efforts to strengthen our safety and security, and ensure that every facet of homeland security is ready to face and defeat its adversaries.
Advanced Technology
Ransomeware 3.0, Quantum Computing, & Shadow AI
As seen throughout 2024, the United States homeland in 2025 faces an increasingly complex landscape of cyber and advanced technology threats that challenge traditional security frameworks. Nation-state actors, particularly China and Russia, continue to pose the most significant risks through sophisticated cyber campaigns targeting critical infrastructure. For example, China’s “Volt Typhoon” campaign has pre-positioned cyber tools for potential attacks during periods of tension, showing how threats have evolved from simple disruption to strategic positioning for future conflicts.
The emergence of “Ransomware 3.0” represents a concerning development in cyber threats. This variant incorporates multifaceted extortion techniques that simultaneously target both public and private sectors. Additionally, the proliferation of Cyber Crime-as-a-Service (CaaS) platforms democratizes advanced attack capabilities, enabling less-sophisticated actors to execute complex operations. …
More broadly, adversaries are already harvesting encrypted data with the intention of decrypting it once quantum computing capabilities mature, creating a long-term security risk for sensitive information. While fully operational quantum computers remain somewhere out on the horizon, the timeline is narrowing. To mitigate this threat, efforts like the National Institute of Standards and Technology’s Post-Quantum Cryptography Standardization project are critical in developing encryption methods resistant to quantum decryption. This is no longer just a government national security imperative. Any business dealing with sensitive data should be taking steps today to mitigate this future threat.
The rapid advances in artificial intelligence (AI) also present a new range of security challenges. Threat actors, for example, are leveraging generative AI to create convincing deepfakes, enhance phishing campaigns, and automate malware development at unprecedented scales. … The homeland security implications of shadow AI systems are particularly concerning. … Finally, we are seeing a convergence of physical and digital threats that requires increased attention. The use of unmanned aerial vehicles (drones) over critical infrastructure sites poses new risks.
To read the full forecast and how to address these evolving threats, please click here.
Jennifer Ewbank
Former Deputy Director of the Central Intelligence Agency for Digital Innovation
Editorial Board Member, Homeland Security Today
Equipping Law Enforcement with Appropriate Tools to Combat Terrorism & Crime
Trends in crime are deeply concerning and show how offenders increasingly use technology to find and exploit victims, and to communicate with each other within and across international boundaries. It must be our shared objective to ensure that those who seek to abuse technology are identified and apprehended, and that the digital environment becomes more safe, not less.
Two key capabilities are crucial to supporting digital safety.
First, the ability of technology companies to provide to law enforcement investigations – in response to a lawful authority with strong safeguards and judicial oversight – the data of suspected criminals on their respective services, otherwise known as “lawful access.” Second, the ability of technology companies to proactively identify illegal and harmful activity on their platforms. This is especially true in regard to detecting users who have a sexual interest in children, exchange images of abuse, and seek to commit sexual offences or other criminality. The companies currently have the ability to alert the proper authorities with the result that many thousands of children have been safeguarded, and perpetrators arrested and brought to justice.
The proliferation of end-to-end encryption, without appropriate safeguards to ensure the safety of society, undermines the ability of law enforcement to respond effectively to protect the public. Our society has not previously tolerated spaces that are beyond the reach of law enforcement, where criminals can communicate safely, and child abuse, or other criminality, can flourish unabated. We cannot let ourselves be blinded to criminality, wherever it may reside.
It’s therefore vital for governments and the private sector to actively engage, demonstrating a shared commitment to identify harmful and illegal activities, such as child sexual exploitation, and address public safety risks in the digital age.
Patrick J. Lechleitner
Former Acting Director, ICE
Former Executive Assistant Director, HSI
Editorial Board Member, Homeland Security Today
Cyber Vulnerabilities in the Maritime Domain
In 2025, homeland security professionals must remain vigilant in addressing a multifaceted and rapidly evolving maritime threat landscape. Cybersecurity vulnerabilities in port systems, automated cranes, and operational technologies demand robust defenses against state-sponsored actors and cybercriminals seeking to disrupt critical operations. The rise of unmanned systems, including drones and autonomous underwater vehicles, introduces new surveillance and attack capabilities, requiring advanced maritime domain awareness tools and countermeasure strategies. …
Cybersecurity
Integrating automated cranes in maritime ports has revolutionized cargo handling, enhancing efficiency and throughput. However, this reliance on automation and interconnected systems also introduces significant cybersecurity vulnerabilities. Automated cranes operate using complex software, sensors, and Industrial Control Systems (ICS), all potential cyberattack targets. Threat actors, including nation-states and cybercriminal groups, may exploit these vulnerabilities … Homeland security experts must stay alert and enforce strong cybersecurity protocols to safeguard these essential systems from attacks and tampering.
Unmanned Vehicle Systems -– unmanned surface vessels (USV), autonomous underwater vehicle (AUV), unmanned underwater vehicle (UUV)
The increasing use of drones and USVs also presents opportunities and challenges in maritime security. While these technologies can improve surveillance and inspection capabilities, they also can be exploited for smuggling, surveillance, or attacks. … a small autonomous underwater vehicle (AUV) equipped with cutting-edge sensors could map [underwater] cable routes, while more sophisticated devices could carry out sabotage operations undetected.
By integrating advanced technologies, fostering interagency partnerships, and prioritizing proactive measures, homeland security professionals can effectively safeguard the integrity and resilience of critical maritime infrastructure and global trade networks against an increasingly complex array of threats.
For the full forecast, click here.
Bridgett D. Lewis
Manager of Homeland Security, Port of Long Beach
2024 Local Homeland Security Person of the Year, and 2024 Most Valuable Player – State Award as member of California Maritime Security Council Maritime Domain Awareness Subcommittee, GTSC’s Homeland Security Today National Homeland Security Awards
Sophisticated Cyber Threats Lie Ahead
In 2025, cyber threats will become increasingly sophisticated, leveraging advancements in technology such as artificial intelligence (AI), quantum computing and the Internet of Things (IoT). Ransomware remains a dominant threat, with attackers employing double-extortion tactics and targeting critical infrastructure. AI-driven attacks are on the rise, as cybercriminals use machine learning (ML) to create more adaptive malware and execute highly personalized phishing campaigns. …
The major cyber focus areas for practitioners in 2025 should be centered around the following themes, marked by several critical trends and challenges:
- Increased Targeting of National Security and Critical Infrastructure: Cyberattacks on vital sectors like communications, power grids, water supply systems and healthcare facilities are predicted to rise significantly. The damage caused by China-linked attacks (Volt Typhoon and Salt Typhoon) will become more evident and widespread …
- AI-Driven Cyber Threats: AI and ML are increasingly being leveraged by cybercriminals to develop more sophisticated attacks. …
- Rise of IoT Vulnerabilities: The rapid expansion of IoT, fueled by the widespread adoption of 5G, is creating a larger attack surface. …
- Ransomware Evolution: Ransomware attacks are expected to become even more dangerous, shifting from merely encrypting data to targeting the functionality of critical systems. …
- Cybercrime Costs: The financial impact of cybercrime is projected to reach astronomical levels, with estimates suggesting global costs could exceed $10 trillion annually by 2025. …
- Downstream Cyber Victimization …
As these trends unfold, the importance of building resilient systems, improving threat detection and ensuring robust cybersecurity practices across industries will be more crucial than ever.
For the full forecast, click here.
James L. Turgal
Vice President, Global Cyber Advisory, Risk and Board Relations, Optiv Security.
Former Executive Assistant Director, Global Information and Technology Branch; Assistant Director Human Resources Division; Special Agent in Charge, Phoenix Division; Special Agent and Pilot, Federal Bureau of Investigation
Prioritizing Cybersecurity Vulnerabilities
The cyber component of a holistic threat landscape continues to evolve in 2025, presenting homeland security professionals with challenges that are increasingly multifaceted, hybridized, and global in scale. State-sponsored actors and criminal enterprises are converging in their tactics, leveraging advanced tools to exploit vulnerabilities in both critical infrastructure and emerging technologies. With the proliferation of AI, the potential weaponization of autonomous systems, and the specter of quantum computing that could change the encryption globally, the stakes for allied cybersecurity have never been higher.
Among the key concerns this year is the surge in attacks targeting critical infrastructure, such as energy grids, transportation systems, and public communication networks. Recent trends indicate ransomware attacks on critical infrastructure increased by 87% between 2022 and 2024, disproportionately affecting sectors like energy and transportation. Adversaries are exploiting the integration of Internet of Things (IoT) devices and outdated operational technology to create cascading effects across sectors. These attacks not only disrupt services but also aim to erode public trust in essential systems. Homeland security professionals must prioritize real-time threat intelligence sharing and proactive defense mechanisms to counter these risks effectively.
High-profile events – ranging from elections to major sporting events – are increasingly susceptible to combined physical sabotage and digital intrusion. FIFA World Cup events in 2022 faced possible cyber disruptions from targeting ticketing systems to event logistics meant to create chaos, illustrating the compounded risks posed by hybrid attacks. Many more events will require unified physical and executive protection intelligence. In particular, corporate executives attending such events must navigate unique risks, emphasizing the need for integrated security approaches that address both physical vulnerabilities and cyber threats.
The rise of generative artificial intelligence (AI) tools has enabled threat actors to produce hyper-realistic deepfakes and social engineering campaigns at scale. In 2024, Flashpoint cyber threat analysts have estimated that more than 70% of phishing campaigns may have incorporated AI-generated content, significantly increasing their effectiveness. Furthermore, advancements in quantum computing present a long-term risk to current encryption standards. Homeland security professionals must not only prepare for the immediate impacts of AI-driven disinformation but also begin transitioning to post-quantum cryptography standards to secure sensitive communications.
Hybrid threats to the United States, European countries, and many international partners are here to stay, and it’s going to take “whole of society” approaches to address them.
Andrew Borene
Executive Director for Global Security, Flashpoint
Editorial Board Member, European Marshall Center’s Partnership for Peace Consortium
Cybercriminals
If the last few years taught us anything, it’s that cybercriminals are becoming bolder and more tenacious. And it hasn’t been pretty. The ambitious scale of attacks that once were considered to be the domain of foreign states are instead coming from loosely-organized criminal networks. …
So, what does that mean for 2025? For one, ransomware and other extortion-based attack models aren’t going anywhere. While not a major threat to well-resourced federal agencies, ransomware continues to be the number one cyber threat to basically everyone else. States, local governments, schools, businesses, nonprofits, charity organizations, and even individuals are at risk of having their data stolen and held for ransom. The modern ransomware-as-a-service model, or RaaS, means more ill-intentioned actors can enter the fray, and many of them specifically target organizations with a need to get systems back online quickly, like the nation’s critical infrastructure and schools. These organizations are essential to the normal functioning of our country.
Certainly, the open exposure and continued evolution of generative artificial intelligence (GenAI) will continue to play a huge part in the changing threat landscape. … We’ve observed the creation of new GenAI models trained specifically for malicious use, like WormGPT and DarkBard. Expect many more of these, not just for cyber but for physical crimes, including drug trafficking and human trafficking.
And we can’t talk about 2025 without talking about China. The exposure of multiple campaigns in the “Typhoon” family, as named by Microsoft, highlights the lengths to which the Chinese government will go to pre-position itself against perceived threats … Expect to see more of these efforts [to dissuade the U.S. and our allies from getting involved in a potential invasion of Taiwan] exposed in 2025, especially if tensions in the region escalate.
For the full forecast, read here.
Randy Rose
Vice President of Security Operations & Intelligence, Multi-State Information Sharing & Analysis Center (MS-ISAC), Center for Internet Security
The “New Cold War” with China: Potential Escalating Threats in 2025
As we move into 2025, homeland security professionals should be prepared for the possibility of an intensification of the “new Cold War” with People’s Republic of China (PRC). There are indications that Chinese intelligence agencies may increase their efforts to infiltrate United States (U.S.) institutions.[i] These spies could target critical sectors such as defense, technology, and academia, aiming to extract sensitive information and potentially undermine U.S. national security.[ii] Vigilance and enhanced counterintelligence measures will be crucial to counter these potential espionage attempts.
Cyber threats from China also are expected to escalate in 2025. Chinese state-sponsored hackers might employ more sophisticated techniques, leveraging advancements in artificial intelligence to conduct cyber espionage, ransomware attacks, and data breaches. These cyber operations could target both government and private sector networks, aiming to disrupt critical infrastructure and steal valuable intellectual property (IP).[iii] Strengthening cybersecurity defenses and fostering international cooperation will be essential to mitigating these potential threats.
The loss of U.S. IP to China remains a pressing concern. Chinese entities have been repeatedly implicated in extensive IP theft, costing the U.S. economy trillions of dollars. In 2025, these efforts may continue, with Chinese actors focusing on emerging technologies and proprietary research. Homeland security professionals must advocate for robust IP protection policies and collaborate with industry leaders to safeguard American innovations from foreign exploitation.
Given these potential threats, it is imperative for the national security apparatus in 2025 to adopt a Cold War mentality. This shift would involve acknowledging and combating the “unrestricted warfare” that the PRC is engaged in against the U.S. [iv] By recognizing the multifaceted nature of these threats, the U.S. can develop comprehensive strategies to protect its national interests and maintain global stability.
Shane McNeil
Doctoral Candidate at Institute of World Politics (IWP) and founding director of the IWP Sentinel Research Society
Counterintelligence Policy Advisor for the Department of Defense (DoD) Joint Chiefs of Staff
(*all opinions are his own and do not represent those of the DoD or U.S. government).
Unregulated Artificial Intelligence Development
As I have written about and discussed across the globe, unregulated artificial intelligence (AI) development poses several significant security risks to the U.S. One of the primary concerns is the potential for malicious use. Without proper oversight, individuals or groups could exploit AI to launch cyberattacks, disrupt critical infrastructure, or even develop autonomous weapons. The ability of AI to rapidly analyze large amounts of data makes it particularly dangerous in the hands of adversaries who could use it to orchestrate more sophisticated and targeted attacks, potentially bypassing traditional defenses.
Another issue is the amplification of misinformation and social manipulation. AI algorithms are increasingly capable of generating highly realistic fake content, such as deepfakes, and could be used to manipulate public opinion or interfere with democratic processes. Unregulated development could lead to a lack of accountability for those creating these AI systems, making it harder for authorities to track malicious activities or hold individuals responsible for harmful actions.
Lastly, there’s the risk of economic destabilization. AI systems could be employed in ways that undermine industries or exploit labor markets. Without regulation, AI could be used to manipulate stock markets, engage in financial fraud, or exacerbate income inequality by automating large portions of the workforce without providing adequate safeguards for workers. This could lead to widespread economic and social disruptions, further complicating national security concerns.
As a person who was at the initial stage of laser development and applications, as well as advanced semiconductor fabrication techniques, I believe we need to start to develop international safety standards for the use of AI across all nations around the globe to ensure safe deployment of AI-based technologies and systems.
H.E., The Hon., Sir Thomas A. Cellucci, PhD, MBA
Partner, Chairman & CEO, several public and private sector organizations
Former Senior Counselor and First Chief Commercialization Officer, Department of Homeland Security
Increased Use of Unmanned Aircraft Systems
Threat of Unmanned Aircraft Systems
Last year, the United States got its first real exposure to the threat of unmanned aircraft systems (UAS) and the reality that the U.S. is woefully incapable of handling this threat currently. … There is still no operational capability to counter UAS threats in real time. For all of their work and millions of dollars spent, we only have a limited capability to mitigate UAS threats. The biggest vulnerabilities and issues as defined during the incidents in New Jersey were:
- No real command, control and communication structure for Counter UAS (C-UAS). Who’s in charge of the mitigation, federal, state or local authorities? Who is making the decisions and who is speaking for the authorities and at what level?
- Inability to accurately identify and analyze UAS threats in a timely manner.
- Lack of C-UAS systems that are available to protect infrastructure, particularly at the non-Department of Defense (DoD) and state and local levels. There is a lack of authority to use C-UAS systems even if available. Even if they started today and selected C-UAS systems, it would take years to have sufficient numbers to protect critical infrastructure.
The threat of UAS being used as a weapon of destruction will increase significantly in the homeland during 2025. UAS attacks have been used successfully throughout the world and our enemies have witnessed our incapacity to handle this threat. The weakness demonstrated in New Jersey in the response to the UAS threat will only encourage our adversaries to use this “cheap man’s weapon” to exploit our vulnerability. UAVs, such as drones, and UAS are now a fact we must deal with and respond to accordingly.
For the full forecast, click here.
John Halinski
CEO, SRI Group, LLC
Editorial Board Member, Homeland Security Today
Former Deputy Administrator/Deputy Assistant Secretary, Transportation Security Administration
Drone Attacks Against Electrical Infrastructure
The year 2024 saw the growing use of drones in various capacities. Like any technology, drones have evolved to have a dual-use capability for good and bad. We have seen disturbing videos of drones targeting soldiers on the battlelines in Ukraine, which is changing warfare for fielded forces. We have seen drones provide civilians with lifesaving aid, which is changing relief response to hurricanes and other large disasters. … Drones will become more common in 2025 and will be used in more nefarious ways.
What keeps me up at night is how drones can be used to degrade or destroy our electrical infrastructure. If done at the local or regional level, the outcome could have cascading or escalating impacts on other infrastructure sectors, all of which are dependent on electricity to function. As a modern society, the U.S. is heavily dependent on the functioning of its critical infrastructure, especially electricity, which is something we take for granted until we have an outage. All … transformers, transmission lines, and distribution sub-stations are open to the air above and, thereby, are exploitable by drones in a precision manner.
Another challenge that amplifies the threat of drones against our electrical infrastructure is that the U.S. is very reactionary, in that we are good at closing the barn door after the horse has bolted and disappeared over the hill. There are things that can be done to further harden our electrical infrastructure from drone attacks, but they are not cheap. … So, be ready for the rise of the machine, the drone, in 2025.
For the full forecast, click here.
Dr. Mitchell E. Simmons
Lieutenant Colonel, United States Air Force (retired)
Associate Dean and Program Director, Anthony G. Oettinger School of Science and Technology Intelligence, National Intelligence University
(The author is responsible for the content of this article. The views expressed do not reflect the official policy or position of the National Intelligence University, the Office of the Director of National Intelligence, the U.S. Intelligence Community, or the U.S. Government.)
Rising Threats: Unmanned Aircraft Systems (UAS)
Forecasting the threat for homeland security requires that the contributing factors from 2024 and the years before be reviewed. For nearly four years, the deliberate opening of the southern border has allowed gang members; the highest number of persons on the terrorist watch list; and thousands of illegal immigrants of whom we know nothing (often referred to as “gotaways”) to enter the United States. Numerous news articles have reported at least 16 states noting the presence and criminal activity of the Venezuelan gang, Tren de Aragua. The Federal Bureau of Investigation Director Christopher Wray has stated that the U.S. is experiencing a new, high level of threat to homeland security.
Over the past months, the “drone frenzy” has shown how unprepared our country is to detect, identify, classify and mitigate a drone threat. As far back as November 2022, I wrote an article for HSToday, “PERSPECTIVE: What Will It Take to Adequately Counter the UAS Threat?” Two years later, Congress has still refused to provide the necessary authorizations, resources and training to state, local, tribal, and territorial law enforcement. CONGRESS MUST ACT NOW!
Fortunately, the recent drone activity has not appeared to be a threat, but drones are being used by bad actors to stalk/harass individuals; drop contraband into prisons; transport drugs across the border; spy on critical infrastructure; and pose an even greater threat, as demonstrated by the deadly accuracy of commercial, off-the-shelf drones used in Ukraine. National security requires effective airspace awareness. CONGRESS MUST ACT NOW!
As the director of DRONERESPONDERS, I would be remiss if I did not inform our community and the public of the great uses available to public safety via drones. Drones are being used every day to enhance the safety of responders; improve operational effectiveness; provide real-time video situational awareness; de-escalate tense situations; and literally save lives.
One of the biggest trending and most impactful uses of drones presently is the Drone as a First Responder (DFR) Program, where drones are launched from a rooftop within a set operational area at the immediate time of a relevant 911 or police-generated call. These drones usually arrive first and provide crucial information that enhances first responders’ real-time situational awareness. DFR has the most potential to enhance law enforcement’s ability to better and more safely serve their respective communities.
Chief Charles L. Werner (Emeritus-RET)
Director, DRONERESPONDERS Public Safety Alliance
Former Acting Deputy State Coordinator & Senior Advisor, UAS Program, Virginia Department of Emergency Management
Former Fire Chief, Charlottesville, Virginia
Homeland Security Today Person of the Year 2019
Editorial Board Member, Homeland Security Today
Scaling AI for More Efficient and Effective Government
This time last year, as a technology and data professional, I warned that bureaucratic processes, if not streamlined, could inhibit progress on the potential that Artificial Intelligence (AI) can provide to support the homeland security mission. I am still concerned we are not moving fast enough. We cannot keep doing work in the same way and make progress on addressing the pervasive threats facing the nation. We are being outpaced by our adversaries in using AI in all areas.
As the incoming Administration looks to recommendations for a more lean and efficient government, the existing Federal Catalog of AI uses cases presents a potential goldmine. As of December 17, 2024, OMB published the 2024 consolidated inventory on their publicly accessible GitHub site. The catalog includes 37 agency submissions, totaling 1,757 AI use cases. It represents solid progress across the 37 Agencies on improving mission functions with AI and alleviating administrative burden in several mission supporting functions.
DHS differentiated itself in making an investment in a new DHS AI Corps, an effort to hire 50 disciplinary professionals focused exclusively on deploying AI. This investment and leadership by former CIO and Chief AI officer, Eric Hysen, put DHS third in the overall Federal Government rankings. The DHS catalog and the newly staffed AI Corps can act as a force multiplier for addressing the massively complex threat environment facing DHS and the homeland security mission.
For the full forecast, click here.
Donna Roy
Former CIO & COO, Consumer Financial Protection Bureau
Former Executive Director, Information Sharing and Services Office (IS2O), U.S. Department of Homeland Security
Strategic Advisor, National Security Segment, Guidehouse