Critical Infrastructure Faces Threats from Both Politically and Criminally Motivated Actors
What is Critical Infrastructure and Why Does It Matter?
The importance of critical infrastructure lies in its role as the foundation of nearly every aspect of life in modern society.[1]Critical infrastructure refers to the networks, systems, and assets which comprise 16 sectors including transportation, healthcare, communications, energy, dams, information technology, and emergency services.[2] These sectors form the backbone of daily life. If targeted by malicious actors, whether state or criminal, the consequences could be catastrophic, leading to widespread disruption, economic decline, and even the loss of life.[3] Moreover, given what the Cybersecurity and Infrastructure Security Agency (CISA) has dubbed the “interconnected ecosystem” of these sectors,[4] a threat to one is a threat to many. This paper discusses the potential threats to critical infrastructure from state and non-state actors so that American citizens may better understand the significance and vulnerability of their infrastructure. Further, understanding this significance may equip citizens with resiliency should these threats become reality by mitigating uncertainty and the depth of the unknown.
To state this significance plainly, an attack upon critical infrastructure structures could potentially debilitate America’s economy, national security, and public health.[5] For example, the energy sector, comprised of a complex network of oil, electricity, and natural gas resources, is an enabling force behind hospitals, economies, and private homes. [6] A successful attack on the energy infrastructure – such as the 2021 Colonial Pipeline ransomware attack – can ripple across other sectors, proving the vulnerability of this multifaceted web of connectivity.[7] This particular attack shut down a major fuel pipeline, leading to fuel shortages, price hikes, and widespread panic as several governors declared states of emergency.[8] This attack highlighted how quickly an attack can disrupt daily functions.
Similarly, consider the potential consequences which could emerge from an attack on the dams sector. Dams are crucial for energy generation, flood control, and water storage.[9] Attacking these structures could trigger widespread water shortages, disrupt agricultural production, create economic decline, and even cause disastrous flooding;[10] such an attack would be felt across every level of society, from individuals to cities to entire states. A single cyber-attack targeting a critical infrastructure could have the power to unravel the fabric of daily life, impacting the safety and well-being of Americans in both the short-term and the long-term.
Emerging Threats to Critical Infrastructure
Political Motivations
Foreign state actors such as China, North Korea, Russia, and Iran increasingly utilize cyber-attacks to achieve their political objectives,[11] which principally concern relative advantage in a competitive, strategic environment.[12] The DHS Homeland Threat Assessment 2025 states that these actors target critical infrastructure because they “perceive these sectors would have cascading impacts on US industries and our standard of living.”[13] By targeting critical infrastructure, these actors can weaken a rival nation’s will to fight (defined by RAND in conjunction with the human element of war and why some states choose to continue fighting while others don’t[14]), disrupt its ability to function effectively, and further their own political objectives.[15] For example, Russia has used cyberattacks to disrupt American support for Ukraine,[16] while Iran has targeted American infrastructure in relation for American support of Israel.[17] Cyberattacks in these cases allow for a form of asymmetric warfare, wherein adversaries utilize contrasting strategies to achieve victory;[18] in these cases, Russia and Iran utilize cyber strategies to inflict damage on their adversary’s society and undermine their national will to fight.
Furthermore, this threat is compounded by the increasing use of non-state actors (NSAs) to carry out these attacks on behalf of the state.[19] By outsourcing cyber operations to non-state groups, states avoid attribution while still achieving their political ends.[20] For instance, the cybercriminal group Killnet (which has expressed strong support for Russia), claimed responsibility for a DDoS (distributed denial-of-service) attack on a U.S. airport as a retaliation for American support of Ukraine.[21] By outsourcing cyber operations, state actors can extend the influence and reach of their operations through proliferation[22] and diplomatic impunity (given that the cybercriminals may not be directly attributed to the state).
Even when working independently from state actors, NSAs can remain tandem with or sympathetic to a state’s political objectives.[23] Political motivations instigating attacks can manifest as hacktivism, nationalism, or opposition to the continuity of America’s democratic processes,[24] or cyberterrorism (defined by Dorthy Denning as unlawful cyberattacks intended to “intimidate or coerce… in furtherance of political or social objectives).[25] The cyberworld offers unprecedented vulnerability to be exploited on behalf of one’s political objectives given the comprehensive damage that can be achieved through a single attack.[26] As Thomas Schelling’s “Diplomacy of Violence” suggests, threatening a nation’s critical infrastructure may be just as effective as kinetic warfare in achieving its ends.[27] The ability to threaten a state with ‘hurt’ is fundamentally coercive; in a digital age, one no longer needs to capture a territory, but merely be capable of destroying it.[28]
Criminal Motivations
While political motivations are a significant factor, criminal motivations – particularly financial gain – are also a driving force behind cyberattacks on critical infrastructure.[29] The rise and proliferation of sophisticated transnational criminal organizations (TCOs) have made them formidable threats to critical sectors.[30] Through digital technologies, TCOs can extend beyond their local communities to threaten and defraud entire cities.[31] In particular, ransomware attacks offer an easy opportunity to extort money from those targeted.[32] Ransomware attacks on the healthcare sector doubled in 2023, disrupting medical procedures and forcing hospitals to abort critical services.[33] The American Hospital Association has called for enhanced protection involving law enforcement, military and intelligence assets, and legislature[34] to guard citizens from these criminal attacks.
The intertwined nature of critical infrastructure means that a threat to one is a threat to others. For example, attacking the energy grid can disrupt communication networks, hospitals, and economies, as well as usher in widespread destabilization.[35]Currently, Voltzite is a new malware which reconnoiters U.S.-based electric companies, impacting transmission and distribution[36]and threatening the security and reliability of power generation across the U.S.[37] Should Voltzite choose to strike, the damage will extend far beyond the physical networks of electric companies. The more sophisticated cybercriminals become, the more potential there is for catastrophic damage which threatens both national security and public safety.
Conclusion
The vulnerabilities of critical infrastructure offer a significant foothold for exploitation, not only from foreign adversaries but also from criminal actors. To be prepared to meet these threats, American citizens must understand the significance of critical infrastructure and the need to safeguard them. Institutional resiliency is developed through fostering improvisation and adaptability;[38]this may begin through mitigating uncertainty by shifting as many ‘unknowns’ to ‘knowns’ as one is able in the cyber realm and developing ‘scripts’ (i.e., mapping possible recoveries) should critical infrastructure be seriously attacked. Moreover, resiliency preparation may also begin with increasing public awareness of the potential targets and tactics used by malicious actors, and what the aims of these actors may be to allow for a proactive rather than reactive response. By recognizing the interconnectedness of critical infrastructure and the potential impact of a single cyberattack (not merely on the physical infrastructure but also on citizenfaithin essential infrastructure[39]), the U.S. can better prepare to face challenges in the future and actively strengthen security today.
Journal: The Sentinel Journal
Author: Clara Grace Cowden
ORCID: 0009-0006-5017-8482
Published: 16 December 2024
DOI: 10.5281/zenodo.14247779
Photo by Hyundai Motor Group: https://www.pexels.com/photo/men-and-women-sitting-in-front-of-computers-and-a-large-screen-19317897/
[1] CISA, “Critical Infrastructure Security and Resilience,” America’s Cyber Defense Agency, CISA, accessed 2 November 2024, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience.
[2] Ibid.
[3] CISA, “Critical Infrastructure Sectors,” America’s Cyber Defense Agency, CISA, accessed 2 November 2024, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience.
[4] CISA, “Critical Infrastructure Security.”
[5] Ibid.
[6] CISA, “Energy Sector,” America’s Cyber Defense Agency, CISA, accessed 2 November 2024, https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/energy-sector#.
[7] Jen Easterly and Tom Fanning, “The Attack on Colonial Pipeline: What We’ve Learned and What We’ve Done Over the Past Two Years,” America’s Cyber Defense Agency, CISA, 7 May 2023, https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years.
[8] Clifford Krauss, “How the Colonial Pipeline Became a Vital Artery for Fuel,” The New York Times, 10 May 2021, https://www.nytimes.com/2021/05/10/business/colonial-pipeline-ransomware.html.
[9] CISA, “Dams Sector,” America’s Cyber Defense Agency, CISA, accessed 2 November 2024,
[10] Ibid.
[11] Homeland Security, “Homeland Threat Assessment 2025,” Office of Intelligence and Analysis, 2 October 2024, https://www.dhs.gov/sites/default/files/2024-10/24_0930_ia_24-320-ia-publication-2025-hta-final-30sep24-508.pdf. Pg 22-23.
[12] Thomas F. Lynch III, “Major Findings on Contemproary Great Power Competition,” Strategic Assessment 2020 (NDU Press: National Defense University Press, 4 November 2024), xv-xxvii, https://ndupress.ndu.edu/Portals/68/Documents/Books/SA2020/SA-2020_Major-Findings.pdf?ver=Xs7nfD9DexHnZc-XpYB2FA%3d%3d, pg xvi.
[13] Homeland Security, “Homeland Threat,” pg. 21.
[14] McNearney et al, “What is Will to Fight and Why Does It Matter?” in National Will to Fight: Why Some States Keep Fighting and Others Don’t, edited by McNearney, et al, Rand Corporation (28 September 2018), https://www.rand.org/pubs/research_reports/RR2477.html, pg 1.
[15] Homeland Security, “Homeland Threat,” pg. v.
[16] Ibid, pg. 23.
[17] Ibid, pg. 22.
[18] RAND, “Asymmetric Warfare,” RAND Corporation, accessed 26 November 2024, https://www.rand.org/topics/asymmetric-warfare.html.
[19] David Klepper, “Cyber criminals are increasingly helping Russia and China target the U.S. and allies, Microsoft says,” AP News, 15 October 2024, https://apnews.com/article/microsoft-russia-china-iran-israel-cyberespionage-cyber-d3a22dd2dcea32615ac15ed4fb951541.
[20] CISA, “Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure,” America’s Cyber Defense Agency, CISA, 9 May 2022, https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a.
[21] CISA, “Russian State-Sponsored.”
[22] Klepper, “Cyber criminals.”
[23] Homeland Security, “Homeland Threat,” pg 22.
[24] Homeland Security, “Homeland Threat,” pg 22.
[25] Terrorist Threats to the United States, House Special Oversight Panel on Terrorism, (23 May 2000) (Statement of Dorothy Denning), https://irp.fas.org/congress/2000_hr/00-05-23denning.htm.
[26] CISA, “Cyber Threats and Advisories,” America’s Cyber Defense Agency, CISA, accessed 26 November 2024, https://www.cisa.gov/topics/cyber-threats-and-advisories.
[27] Thomas Schelling, “The Diplomacy of Violence,” in Arms and Influence, edited by Thomas Schelling (JSTOR: Yale University Press, 1966). https://www.jstor.org/stable/j.ctt5vm52s.4, pg 2.
[28] Schelling, “The Diplomacy of Violence,” pg 7-8.
[29] Homeland Security, “Homeland Threat,” pg. 23.
[30] National Security Council, “Transnational Organized Crime: A Growing Threat to National and International Security,” The White House: President Barack Obama, accessed 26 November 2024, https://obamawhitehouse.archives.gov/administration/eop/nsc/transnational-crime/threat.
[31] National Security Council, “Transnational Organized Crime.”
[32] Industrial Cyber, “Targeting Critical Infrastructure: Recent Incidents Analyzed,” Industrial Cyber, 30 June 2024, https://industrialcyber.co/analysis/targeting-critical-infrastructure-recent-incidents-analyzed/.
[33] DNI, “Ransomware Attacks Surge in 2023; Attacks on Healthcare Sector Nearly Double,” Cyber Threat Intelligence Integration Center, accessed 2 November 2024, https://www.dni.gov/files/CTIIC/documents/products/Ransomware_Attacks_Surge_in_2023.pdf. Pg 1.
[34] John Riggi, “Ransomware Attacks on Hospitals Have Changed,” AHA Center for Health Innovation, accessed 2 November 2024, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed#:~:.
[35] Eli Chachak, “How Cyber Attacks Can Disrupt Power Supply,” CyberDB (blog), The Cyber Research Databank, accessed 26 November 2024, https://www.cyberdb.co/how-cyber-attacks-can-disrupt-power-supply/.
[36] Dragos, “Voltzite,” Dragos, accessed 2 November 2024, https://www.dragos.com/threat/voltzite/.
[37] Industrial Cyber, “Targeting.”
[38] Fernando F. Suarez and Juan D. Montes, “Building Organizational Resilience,” Harvard Business Review, November-December 2020, https://hbr.org/2020/11/building-organizational-resilience.
[39] National Security Council, “Transnational Organized Crime.”
 |
|