As seen throughout 2024, the United States homeland in 2025 faces an increasingly complex landscape of cyber and advanced technology threats that challenge traditional security frameworks. Nation-state actors, particularly China and Russia, continue to pose the most significant risks through sophisticated cyber campaigns targeting critical infrastructure. For example, China’s “Volt Typhoon” campaign has pre-positioned cyber tools for potential attacks during periods of tension, showing how threats have evolved from simple disruption to strategic positioning for future conflicts.

The emergence of “Ransomware 3.0” represents a concerning development in cyber threats. This variant incorporates multifaceted extortion techniques that simultaneously target both public and private sectors. Triple extortion tactics – where attackers not only encrypt data but also threaten to leak sensitive information and disrupt operations – are becoming more common. Additionally, the proliferation of Cyber Crime-as-a-Service (CaaS) platforms democratizes advanced attack capabilities, enabling less-sophisticated actors to execute complex operations.

Recent incidents underscore these risks. For instance, ransomware attacks in 2024 targeted healthcare providers like Change Healthcare, causing billions in losses, while breaches at organizations such as National Public Data exposed nearly three billion records, affecting up to 170 mission people. And one must not overlook small and medium-sized enterprises, including educational institutions, hospitals, and charities that also have been heavily targeted in recent years. These cases highlight the growing sophistication and scale of ransomware campaigns.

More broadly, adversaries are already harvesting encrypted data with the intention of decrypting it once quantum computing capabilities mature, creating a long-term security risk for sensitive information. While fully operational quantum computers remain somewhere out on the horizon, the timeline is narrowing. To mitigate this threat, efforts like the National Institute of Standards and Technology’s Post-Quantum Cryptography Standardization project are critical in developing encryption methods resistant to quantum decryption. This is no longer just a government national security imperative. Any business dealing with sensitive data should be taking steps today to mitigate this future threat.

The rapid advances in artificial intelligence (AI) also present a new range of security challenges. Threat actors, for example, are leveraging generative AI to create convincing deepfakes, enhance phishing campaigns, and automate malware development at unprecedented scales. AI-powered phishing attacks in 2024 used personalized messages that bypassed traditional detection systems, and we should expect this trend to continue. Though not widely discussed, the proliferation of unmonitored or unsanctioned AI systems within organizations may compound vulnerabilities. Employees using unauthorized AI tools may inadvertently expose sensitive corporate or personal data to public AI models. These tools often bypass established security frameworks, increasing risks of data breaches and compliance violations. The homeland security implications of shadow AI systems are particularly concerning. Nation-state actors may be able to exploit them to gain persistent access to organizations, while critical infrastructure remains vulnerable if shadow AI interacts with operational technology.

Finally, we are seeing a convergence of physical and digital threats that requires increased attention. The use of unmanned aerial vehicles (drones) over critical infrastructure sites poses new risks. Recent incidents involving drones surveilling energy facilities highlight vulnerabilities in securing physical assets. Economic espionage campaigns – particularly from China – continue targeting emerging technologies and intellectual property through vulnerable supply chains. High-profile breaches in 2024 exposed weaknesses in open-source software ecosystems, emphasizing the need for robust supply chain security measures.

To address these evolving threats, U.S. security leaders should continue to prioritize stronger public-private partnerships. Collaboration between government agencies and the U.S. private sector remains essential for sharing threat intelligence and developing coordinated responses. Leaders should likewise seek to accelerate the adoption of quantum-safe algorithms that will safeguard sensitive data against future decryption risks. Work underway to establish clear AI governance frameworks should be complemented by clear policies for mitigating shadow AI risks in organizations. With critical infrastructure coming under frequent threats of attack, organizations would do well to align with the Cybersecurity and Infrastructure Security Agency’s strategic plan to reduce risks to critical infrastructure through public-private collaboration and improved threat detection. And finally, the nation would benefit from increased focus on training and education to build the country’s cybersecurity – and broader STEM (science, technology, engineering, mathematics) – workforce.