July 2025 marked 15 years since Stuxnet revealed the world’s first known digital attack designed to cause physical damage. To mark the anniversary, the U.S. House Homeland Security Committee’s Subcommittee on Cybersecurity and Infrastructure Protection convened a hearing titled “Fully Operational: Stuxnet 15 Years Later and the Evolution of Cyber Threats to Critical Infrastructure.”
This session focused on OT cybersecurity, evaluating how well the nation has advanced in OT security and what gaps remain across critical infrastructure.
Lessons From Stuxnet Still Resonate
Witnesses opened with a reminder of why Stuxnet still matters.
Today’s OT Threat Landscape
The hearing highlighted the evolution from one nation‑state operation to a broader, persistent threat environment:
Dr. Nate Gleason (Lawrence Livermore National Lab) added that adversaries are pre‑positioning on U.S. critical infrastructure, making faster adoption of monitoring, detection, and lab‑to‑field technology transitions essential.
Policy Priorities and Recommendations
Tatyana Bolton (OT Cybersecurity Coalition) and other witnesses focused on what Congress should do to strengthen OT resilience:
The Takeaway: Defense Is Possible, But the Clock Is Ticking
Fifteen years after Stuxnet, Congress is confronting a familiar reality: critical infrastructure remains vulnerable, and the OT domain is still under‑prioritized.
The hearing sent a clear signal that visibility, inventory, and monitoring in OT networks must move from best practice to baseline. As Bolton summarized, reauthorizing information‑sharing and grant programs will be critical steps—but sustained collaboration and investment are what will determine whether the next 15 years look different from the last.
You can watch the full hearing here:
Full Hearing Video – “Stuxnet 15 Years Later” (House Homeland Security Committee)