In this report, the authors discuss threats to seven classes of critical infrastructure and put forward a hypothetical case study to examine several phases of an adversarial attack on the United States. The attack is intended to constrain U.S. decisionmaking, disrupt military deployment, and impose strategically relevant costs on the civilian populace.

Defending the United States Against Critical Infrastructure Attacks

Exploring a Hypothetical Campaign of Cascading Impacts

Bridget R. Kane, Stephen Webber, Katherine H. Tucker, Sam Wallace, Joan Chang, Devin McCarthy, Dennis Murphy, Daniel Egel, Tom Wingfield

ResearchPublished Jun 11, 2024

In this report, the authors discuss threats to critical infrastructure (CI) and put forward a hypothetical case study to examine several phases of an adversarial attack on the United States. The attack is intended to constrain U.S. decisionmaking, disrupt military deployment, and impose strategically relevant costs on the civilian populace.

The authors aggregate CIs into seven classes to demonstrate how an attack on any one of these categories can have outsized effects because of interdependencies between infrastructure assets, systems, and networks.

Because of the interconnected nature of CI systems, damage to one system can adversely affect another. This may lead to a cascading hazard, producing disruptions across geographic boundaries and CIs. The authors draw on reports of recent attacks on U.S. CI systems to inform the case study. These real-world events demonstrate interdependencies, probable effects, and challenges that could arise from future potential adversarial action targeting infrastructure in the homeland. Finally, the authors recommend actions to reduce the likelihood and severity of disruptions to U.S. CI in the event of attacks by a capable adversary.

Key Findings

Critical infrastructure protection is a whole-of-nation challenge for which the United States is unprepared

  • Because of the interconnected nature of critical infrastructure systems, damage to any one system can adversely affect another; this may lead to a cascading hazard, producing disruptions across geographic boundaries and critical infrastructures.

Attacks on critical infrastructure would rapidly stress national defense resources

  • This stress would create acute tensions in resource management for which policymakers would have to prioritize, sequence, and deconflict many lines of effort.

Attacks on critical infrastructure would challenge the resilience of U.S. society in a novel way

  • It is essential that policymakers not only prepare for attacks directed against critical infrastructure but also anticipate the social and political effects that an adversary intends to produce and take steps to reduce or even reverse those effects.

Recommendations

  • Federal and state, local, tribal, and territorial governments and private-sector CI stakeholders should work together to plan, resource, train, and exercise their detection and response capabilities, including their processes and mechanisms to achieve unity of effort in preparedness and response.
  • Given the possibility that attacks on CI could stress national defense resources, the federal government should ensure that all departments and agencies are resourced and postured appropriately to fulfill the government's homeland defense and force projection missions—simultaneously, if needed.
  • The whole country must build societal resilience. A capable adversary might conduct attacks on U.S. CI to gain advantage in a potential conflict, seeking to narrow policymakers' decision space, delay or degrade military mobilization, and influence public opinion.

Topics

Document Details

Citation

RAND Style Manual

Kane, Bridget R., Stephen Webber, Katherine H. Tucker, Sam Wallace, Joan Chang, Devin McCarthy, Dennis Murphy, Daniel Egel, and Tom Wingfield, Defending the United States Against Critical Infrastructure Attacks: Exploring a Hypothetical Campaign of Cascading Impacts, RAND Corporation, RR-A2397-3, 2024. As of April 30, 2025: https://www.rand.org/pubs/research_reports/RRA2397-3.html

Chicago Manual of Style

Kane, Bridget R., Stephen Webber, Katherine H. Tucker, Sam Wallace, Joan Chang, Devin McCarthy, Dennis Murphy, Daniel Egel, and Tom Wingfield, Defending the United States Against Critical Infrastructure Attacks: Exploring a Hypothetical Campaign of Cascading Impacts. Santa Monica, CA: RAND Corporation, 2024. https://www.rand.org/pubs/research_reports/RRA2397-3.html.
BibTeX RIS

Research conducted by

This research was prepared for the Office of the Director of National Intelligence and conducted within the International Security and Defense Policy Program of the RAND National Security Research Division.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.