When big cyberattacks hit small towns

Podcast Episode Summary: Click Here – "When big cyberattacks hit small towns" (November 25, 2025)

Overview

This episode of "Click Here," hosted by Dina Temple-Raston in collaboration with NPR’s 1A and host Jen White, investigates a pressing cybersecurity trend: foreign hackers—particularly state-affiliated groups from China—targeting small-town American utilities and infrastructure. Through a detailed case study of Littleton, Massachusetts, the episode explores how local governments are increasingly vulnerable as federal cyber defenses and funding shrink, and why these small towns matter to global adversaries preparing for future geopolitical conflict.

Main Discussion Themes

1. Rise of Cyberattacks on Small-Town Infrastructure

Increasing Commonality ([01:01]):
- Small municipal utilities (water, power, 911 dispatch systems) across America are being probed and infiltrated by sophisticated foreign actors, especially Chinese state-sponsored groups like Volt Typhoon.
- Unlike typical ransomware attacks, these infiltrations aim for long-term reconnaissance and strategic access, not immediate financial gain.

Quote:
B: "They're trying to understand how things connect for a rainy day when they might need them." ([01:01])

2. Motivation: Laying Groundwork for Geopolitical Conflict

Not Theft, but Pre-positioning ([01:46]):
- Mapping local systems allows adversaries to exploit vulnerabilities, enabling sabotage (e.g., turning off water or power near military bases) if tensions escalate—especially concerning a potential US-China conflict over Taiwan.

Quote:
B: "They're not looking to cash out right away. They're trying to understand how things connect for a rainy day when they might need them." ([01:01])

3. Who Defends Local Infrastructure?

Fragmented Responsibility ([02:44]):
- Larger cities have dedicated security teams, but in smaller towns, IT and cybersecurity duties fall on already overstretched staff with little formal cyber expertise.
- The Cybersecurity and Infrastructure Security Agency (CISA) previously provided crucial grants, vulnerability testing, and threat intelligence to these localities.
Federal Support withering ([03:35]):
- Recent government reorganizations have reduced state and local grant funding, slashed CISA’s workforce, and reassigned key experts, leaving municipalities more exposed.

Quote:
B: "A lot of that safety net has been fraying...the so-called Department of Government Efficiency folded CISA into a smaller unit." ([03:35])

4. Real-World Example: Littleton, Massachusetts

The Incident Unfolds

Initial Contact ([12:08–14:09]):
- Nick Lawlor, head of Littleton’s utility, receives a suspicious call informing him the FBI is investigating a hack.
- Skeptical, Nick verifies with the FBI and meets two real federal agents, learning about Volt Typhoon's targeted incursions.

Quote:
F: "I Googled both their names...was this the spy Daniel King that was in here?...I'm thinking in my head, do these two guys just go to the store and buy suits?" ([07:12]; [14:41])

Discovery & Response ([15:16–17:50]):
- Nick learns Littleton's systems were infiltrated, probably via an unpatched router managed by a third-party IT vendor.
- Dragos, a cybersecurity firm, finds "weird traffic" to Chinese IPs ([17:03]).
- Fortunately, strong firewalls and separation between IT and OT (operational technology) meant hackers couldn't control physical systems, just IT resources.

Quote:
F: "We changed IP addresses, we changed structure. We got multi-factor authentication across the board, now new firewalls." ([19:10])

Aftermath ([19:19–21:19]):
- Littleton overhauls its systems, passes rigorous tests from CISA, and restores confidence—but Nick describes persistent unease and increased vigilance.

Quote:
F: "Once they're in...I don't think you ever sleep the same at night thinking that, you know, did they somehow leave something somewhere you didn't find?" ([19:38])

Why Littleton and Small Towns?

Proximity to critical assets (e.g., military facilities) and their standardized setups make small utilities tempting targets—for real damage or as dress rehearsals for larger attacks.
The homogeneity of modern utility tech means a technique tested on a small system could scale to larger targets.

Quote:
_E (John Burns): "It's cheaper for an adversary to test their tools on a smaller target....I would probably go test it on a small utility or a small water company to test to make sure that my compromise tools work." ([22:48])

5. Systemic Weakness in US Cyber Defense

Distributed and Inconsistently Secured Networks ([06:06]):
- US infrastructure is decentralized and handled by a patchwork of small networks, making holistic defense challenging compared to countries like China.

Quote:
B: "We're a bunch of little tiny networks." ([06:06])

Declining Awareness and Transparency ([26:31]):
- Even a year after Littleton's compromise, many utility professionals remain unaware of Volt Typhoon.

Quote:
F: "This is a full year after we had been compromised...about half have heard about Volt Typhoon." ([26:31])

6. Policy and Strategic Implications

Effects of Federal Pullback ([33:06]):
- The rollback of federal cybersecurity programs like the Multi-State Information Sharing and Analysis Center (MS-ISAC) reduces localities' ability to monitor threats and coordinate responses.

Quote:
B: "One of the big things that the Trump administration cut was the Multi-State Information Sharing and Analysis Center..." ([33:06])

Attackers' Calculations ([34:16]):
- Cyberattacks are favored by adversaries because they're deniable and provoke ambiguous responses, making them "the perfect weapon."

Quote:
_B: "Attribution is really hard...it's a gray attack." ([34:57])

Notable Participants and Perspectives

Nick Lawlor, Head of Littleton’s utility, provides a detailed, personal account of suspicion, detection, and ongoing anxiety after the attack.
John Burns, Threat Hunter at Dragos, highlights the technical realities and broader trends in infrastructure-targeting attacks.
Sue Gordon, former top intelligence official, explains why increased system order and consolidation paradoxically increase vulnerability.
Brandon Wales, ex-CISA executive, emphasizes the need to pressure technology manufacturers and the importance of operational scale in modern security.

Memorable Quotes

"They blend in and then they might grab some files that look interesting to them. Then they get off...Every couple months, I think they're coming back in. 'Okay, yep, good. That door's still open.'"
— Nick Lawlor ([20:53])

"What we do to protect the critical infrastructure has got to be done taking into account the fact that when you make it more orderly, you make it...more attackable."
— Sue Gordon ([24:15])

"There are two types of companies in the world, one that have been infiltrated and compromised by the Chinese and one that doesn't know it yet."
— Nick Lawlor quoting James Comey ([27:22])

Key Timestamps

01:01 — Pattern of foreign infiltration in US utilities
03:35 — Federal cuts to CISA and grant programs
07:12–14:09 — Littleton, MA: the hack unfolds
15:16–17:50 — Discovery, investigation, and technical remediation
19:19–21:19 — How and why Littleton was targeted; psychological impact
24:15 — Sue Gordon on policy balance and vulnerability
26:31 — Ongoing lack of awareness about Volt Typhoon
33:06 — Impact of federal resource and coordination cuts
34:16–35:24 — Cyber as a deniable, ambiguous weapon
38:50 — Practical advice for small utilities and tech industry responsibility

Conclusion

This episode vividly illustrates how cyber threats have shifted from distant, abstract risks to direct threats against small, familiar communities—often with little warning and sometimes inadequate defenses. The Littleton case is a microcosm of a nationwide challenge: fractured infrastructure, eroding federal support, and the ever-present, often invisible, hands of foreign adversaries laying groundwork for strategic advantage. The stories and voices here underscore the need for transparency, persistent vigilance, and smarter, systemic solutions at every level—from small-town America to Washington, D.C.

Podcast Episode Summary: Click Here – "When big cyberattacks hit small towns" (November 25, 2025)

Overview

Main Discussion Themes

1. Rise of Cyberattacks on Small-Town Infrastructure

Increasing Commonality ([01:01]):
- Small municipal utilities (water, power, 911 dispatch systems) across America are being probed and infiltrated by sophisticated foreign actors, especially Chinese state-sponsored groups like Volt Typhoon.
- Unlike typical ransomware attacks, these infiltrations aim for long-term reconnaissance and strategic access, not immediate financial gain.

Quote:
B: "They're trying to understand how things connect for a rainy day when they might need them." ([01:01])

2. Motivation: Laying Groundwork for Geopolitical Conflict

Not Theft, but Pre-positioning ([01:46]):
- Mapping local systems allows adversaries to exploit vulnerabilities, enabling sabotage (e.g., turning off water or power near military bases) if tensions escalate—especially concerning a potential US-China conflict over Taiwan.

Quote:
B: "They're not looking to cash out right away. They're trying to understand how things connect for a rainy day when they might need them." ([01:01])

3. Who Defends Local Infrastructure?

Fragmented Responsibility ([02:44]):
- Larger cities have dedicated security teams, but in smaller towns, IT and cybersecurity duties fall on already overstretched staff with little formal cyber expertise.
- The Cybersecurity and Infrastructure Security Agency (CISA) previously provided crucial grants, vulnerability testing, and threat intelligence to these localities.
Federal Support withering ([03:35]):
- Recent government reorganizations have reduced state and local grant funding, slashed CISA’s workforce, and reassigned key experts, leaving municipalities more exposed.

Quote:
B: "A lot of that safety net has been fraying...the so-called Department of Government Efficiency folded CISA into a smaller unit." ([03:35])

4. Real-World Example: Littleton, Massachusetts

The Incident Unfolds

Initial Contact ([12:08–14:09]):
- Nick Lawlor, head of Littleton’s utility, receives a suspicious call informing him the FBI is investigating a hack.
- Skeptical, Nick verifies with the FBI and meets two real federal agents, learning about Volt Typhoon's targeted incursions.

Quote:
F: "I Googled both their names...was this the spy Daniel King that was in here?...I'm thinking in my head, do these two guys just go to the store and buy suits?" ([07:12]; [14:41])

Discovery & Response ([15:16–17:50]):
- Nick learns Littleton's systems were infiltrated, probably via an unpatched router managed by a third-party IT vendor.
- Dragos, a cybersecurity firm, finds "weird traffic" to Chinese IPs ([17:03]).
- Fortunately, strong firewalls and separation between IT and OT (operational technology) meant hackers couldn't control physical systems, just IT resources.

Quote:
F: "We changed IP addresses, we changed structure. We got multi-factor authentication across the board, now new firewalls." ([19:10])

Aftermath ([19:19–21:19]):
- Littleton overhauls its systems, passes rigorous tests from CISA, and restores confidence—but Nick describes persistent unease and increased vigilance.

Quote:
F: "Once they're in...I don't think you ever sleep the same at night thinking that, you know, did they somehow leave something somewhere you didn't find?" ([19:38])

Why Littleton and Small Towns?

Proximity to critical assets (e.g., military facilities) and their standardized setups make small utilities tempting targets—for real damage or as dress rehearsals for larger attacks.
The homogeneity of modern utility tech means a technique tested on a small system could scale to larger targets.

5. Systemic Weakness in US Cyber Defense

Distributed and Inconsistently Secured Networks ([06:06]):
- US infrastructure is decentralized and handled by a patchwork of small networks, making holistic defense challenging compared to countries like China.

Quote:
B: "We're a bunch of little tiny networks." ([06:06])

Declining Awareness and Transparency ([26:31]):
- Even a year after Littleton's compromise, many utility professionals remain unaware of Volt Typhoon.

Quote:
F: "This is a full year after we had been compromised...about half have heard about Volt Typhoon." ([26:31])

6. Policy and Strategic Implications

Effects of Federal Pullback ([33:06]):
- The rollback of federal cybersecurity programs like the Multi-State Information Sharing and Analysis Center (MS-ISAC) reduces localities' ability to monitor threats and coordinate responses.

Quote:
B: "One of the big things that the Trump administration cut was the Multi-State Information Sharing and Analysis Center..." ([33:06])

Attackers' Calculations ([34:16]):
- Cyberattacks are favored by adversaries because they're deniable and provoke ambiguous responses, making them "the perfect weapon."

Quote:
_B: "Attribution is really hard...it's a gray attack." ([34:57])

Notable Participants and Perspectives

Nick Lawlor, Head of Littleton’s utility, provides a detailed, personal account of suspicion, detection, and ongoing anxiety after the attack.
John Burns, Threat Hunter at Dragos, highlights the technical realities and broader trends in infrastructure-targeting attacks.
Sue Gordon, former top intelligence official, explains why increased system order and consolidation paradoxically increase vulnerability.
Brandon Wales, ex-CISA executive, emphasizes the need to pressure technology manufacturers and the importance of operational scale in modern security.

Memorable Quotes

"They blend in and then they might grab some files that look interesting to them. Then they get off...Every couple months, I think they're coming back in. 'Okay, yep, good. That door's still open.'"
— Nick Lawlor ([20:53])

"What we do to protect the critical infrastructure has got to be done taking into account the fact that when you make it more orderly, you make it...more attackable."
— Sue Gordon ([24:15])

"There are two types of companies in the world, one that have been infiltrated and compromised by the Chinese and one that doesn't know it yet."
— Nick Lawlor quoting James Comey ([27:22])

Key Timestamps

01:01 — Pattern of foreign infiltration in US utilities
03:35 — Federal cuts to CISA and grant programs
07:12–14:09 — Littleton, MA: the hack unfolds
15:16–17:50 — Discovery, investigation, and technical remediation
19:19–21:19 — How and why Littleton was targeted; psychological impact
24:15 — Sue Gordon on policy balance and vulnerability
26:31 — Ongoing lack of awareness about Volt Typhoon
33:06 — Impact of federal resource and coordination cuts
34:16–35:24 — Cyber as a deniable, ambiguous weapon
38:50 — Practical advice for small utilities and tech industry responsibility

wavePod

Powered by Wave AI

Summary

Overview

Main Discussion Themes

1. Rise of Cyberattacks on Small-Town Infrastructure

2. Motivation: Laying Groundwork for Geopolitical Conflict

3. Who Defends Local Infrastructure?

4. Real-World Example: Littleton, Massachusetts

The Incident Unfolds

Why Littleton and Small Towns?

5. Systemic Weakness in US Cyber Defense

6. Policy and Strategic Implications

Notable Participants and Perspectives

Memorable Quotes

Key Timestamps

Conclusion

Summary

Overview

Main Discussion Themes

1. Rise of Cyberattacks on Small-Town Infrastructure

2. Motivation: Laying Groundwork for Geopolitical Conflict

3. Who Defends Local Infrastructure?

4. Real-World Example: Littleton, Massachusetts

The Incident Unfolds

Why Littleton and Small Towns?

5. Systemic Weakness in US Cyber Defense

6. Policy and Strategic Implications

Notable Participants and Perspectives

Memorable Quotes

Key Timestamps

Conclusion