When the Levee Breaks: A Global Trend of Cyber-Physical and Cyber-Operational Attacks Against Critical Infrastructure and Future Implications on the Great Power Competition

Cyber-physical systems (CPSs) refer to systems that connect computers, communication channels, and physical devices. They lie at the heart of today’s critical infrastructure. CPSs are currently one of the most targeted systems of adversarial actors operating in the cyber domain. Cyber-physical and cyber-operational attacks on critical infrastructures via attacks on CPSs have the potential to damage physical infrastructure assets and have widespread consequences for national security as well as the society. We analyzed 427 publicly reported cyber-physical and cyber-operational attacks conducted against critical infrastructures globally between January 1, 1992, and July 9, 2021. We find that of the attacks that can be attributed to an actor type, state actors (including state-affiliated and state-supported actors) were found to be the predominant actors that conduct cyber-physical attacks while state and non-state actors occupied approximately same ratio of attacks for cyber-operational attacks. We also find espionage to be the most statistically significant motivation for the state actors to conduct cyber-physical and/or cyber-operational attacks. Additionally, we find rivalry between the attacker and the target to be the most statistically significant international security relevant variable. Finally, we provide an assessment of the implications of cyber-physical and cyber-operational attacks on critical infrastructure in the contexts of current and future irregular warfare and great power competition.

View Publication