Defending the United States Against Critical Infrastructure Attacks: A Critical Infrastructure Survey and Hypothetical Campaign of Cascading Impacts

January 2025 No Comments

Speakers: Tom Wingfield & Bridget Kane (RAND)

Date: 4 February 2025

Speaker Session Summary

SMA hosted a speaker session with Tom Wingfield (RAND) and Bridget Kane (RAND) as part of its SMA General Speaker Series.

Stable and secure critical infrastructure—systems or assets essential to society—serve as a key component of national security and daily life in the United States. Mr. Wingfield and Ms. Kane emphasized that while most US citizens take the safety of critical infrastructure for granted due to its reliability, adversaries have exploited and continue to exploit vulnerabilities where possible. Additionally, a successful attack on one critical infrastructure sector can create cascading effects across others as damage and disruption spread. 

Ms. Kane identified seven key critical infrastructure sectors: transportation, energy, financial services, healthcare, communications, water, and municipal services. She stressed that failures in these sectors do not occur in isolation. For example, the COVID-19 pandemic affected many sectors at once, disrupting societal cohesion, logistics, and other essential functions, demonstrating how protecting critical infrastructure requires a whole of nation effort. Although eliminating all risks is impossible, proactive measures can significantly reduce the impacts of attacks when they occur.  

Mr. Wingfield outlined a five-phase framework illustrating how an adversary might target US critical infrastructure in an hypothetical case study. Three of these phases focus on civilians and hope to delay or hinder the nation’s response. These efforts include reducing political readiness and impeding military mobilization. The fourth phase emphasizes cyberattacks designed to weaken US defenses, while the final phase involves shock-and-awe tactics to force a strategic pause. Mr. Wingfield underscored that time is the most critical factor in an adversary’s success. A clear, objective-driven framework is essential for an effective US response. Additionally, effective sourcing, well-defined orders, and efforts to build societal resilience will play key roles in mitigating the impact of an attack on critical infrastructure. 

To read more of Mr. Wingfield’s and Ms. Kane’s research on vulnerabilities in US critical infrastructure, please see their RAND articles, entitled “Threats to Critical Infrastructure: A Survey” and “Defending the United States Against Critical Infrastructure Attacks: Exploring a Hypothetical Campaign of Cascading Impacts.”

Speaker Session Recording

Briefing Materials

Biographies: 

Tom Wingfield is a senior international and defense researcher in RAND’s Department of Defense & Political Sciences. An international lawyer, his expertise is in the strategic and policy aspects of the cyber domain and the information environment. He has done extensive international and security cooperation work, and has been a professional military educator and administrator. He was the Deputy Assistant Secretary of Defense for Cyber Policy from 2019 to 2021, responsible for implementing the DoD Cyber Strategy and coordinating issues and actions across the Department of Defense, the Interagency, and the international community. Earlier, he served as the Acting Chancellor and Dean of Faculty and Academic Programs at the College of Information and Cyberspace. Wingfield previously served as Professor of Cyber Law at CIC. He is an acknowledged expert in the use of force in cyberspace who initiated and served on the drafting committee of the Tallinn Manual on the International Law Applicable to Cyberwarfare (Cambridge, 2013). He has taught and managed faculty at the National Defense College in Abu Dhabi, UAE, the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany, and the US Army Command and General Staff College. A former naval officer, Wingfield holds two law degrees from Georgetown University Law Center, a J.D. and an LL.M.  He is a founding member of the Roundtable on Military Cyber Stability, a Track 1.5 effort to involve senior national security experts from China, Russia, and the US in strategic cyber stability discussions and research projects.

Bridget Kane is an information scientist at RAND. She specializes in intelligence, surveillance, and reconnaissance topics and has worked primarily with the Intelligence Community (IC) in the creation of analytic products and technical strategies. Since joining RAND, her work has focused on the evaluation of artificial intelligence (AI)-enabled technology and processes, the modernization of sense-making, critical infrastructure, and cybersecurity. She began her career as a Machine Learning Engineer at Booz Allen Hamilton.  Applications of her past work include contributions to the development of business intelligence environments for the IC, improvements to multi-INT analytic efficiency through the creation of large-scale natural language processing and network analysis tools, and the generation of a personnel risk management platform for those working in vulnerable conditions. Kane holds a Master of Urban Spatial Analytics from the University of Pennsylvania and a B.S. in Anthropology, Minor in African Studies with certificates in GIS and Remote Sensing from the University of Pittsburgh.

Comments

Submit A Comment