The Ukrainian military authorized a drone strike on an electric grid in Russia’s Kursk region on Sept. 29. Ukraine’s security services claimed the attack was necessary because the grid station powered important Russian military facilities. There were no casualties reported, but Russian officials said the electric grid caught fire, causing power loss at five settlements and a hospital.
This is hardly the first attack on the energy sector during the conflict. Targeting critical infrastructure in a war is a gray area due to its civilian nature — in the United States for example, approximately 80% of critical infrastructure is privately owned. But what happens when such infrastructure might serve a military purpose?
The idea these are legitimate military targets is a facet of total war, a 19th century doctrine that calls for winning a war by any means necessary, utilizing the entire nation’s resources and civilian population for the war effort. The enemy’s civilian assets and infrastructure are considered for attack if they are deemed part of the war effort. This is opposed to limited war, where fighting occurs strictly between military forces.
World War II devastated civilians. The idea of a total war that could now feature nuclear weapons provoked widespread fear, so limited war was viewed again as the preferred method of fighting most of the time. Even so, during the Iran-Iraq War of the 1980s, the United States found itself in hot water with the International Court of Justice for an attack on Iranian oil tankers. The court ruled that the attacks were an unlawful use of force, specifically stating that attacking Iranian tankers was not “necessary to protect the essential security interests of the U.S.”
That may have been the thinking in 1987. But if conventional warfare in 2023 is going to see targeting the energy sector as acceptable on a case-by-case basis, what other facets of civilian infrastructure might be deemed legitimate targets?
The critical manufacturing sector has historically been a huge part of military planning. During World War II, for instance, the Detroit auto industry built American trucks, tanks, and planes. Today’s defense industrial base has many designated manufacturing partners, but these are still in the private sector, regardless of their military support function.
Somewhat similar to Ukraine’s attack on the Russian electric grid, in 2019 the Yemeni-based Houthi armed group claimed responsibility for a drone attack on a Saudi Aramco-owned oil field, disrupting the Kingdom’s energy sector.
In the annals of Israeli military history, there is a long history of attacks both alleged and confirmed, designed to keep nuclear power to a bare minimum in the Middle East. Some highlights include an attack on an Iraqi nuclear reactor in 1981, an attack on a Syrian nuclear site in 2007, and the Stuxnet cyber attack against Iran’s nuclear endeavors, which carried on from approximately 2007 to 2010.
Maybe tank factories and potential nuclear weapons facilities of Middle East dictators are a little too obvious in their military connections, but what about other sectors, perhaps commercial facilities? Areas like shopping centers, entertainment venues, hotels, and other sites for mass gatherings are often favored by terrorist organizations that don’t follow the norms of conventional warfare, instead aiming to strike soft targets with lots of people. In a world where total war is acceptable, a belligerent state’s strategy might also seek to target an enemy nation’s economy and manpower to hurt its war effort.
The U.S. is fortunate geographically, with friendly borders and two big oceans that make any Red Dawn scenario of the U.S. being invaded by a conventional force unlikely. Yet its critical infrastructure is still vulnerable to attack in the physical and cyber realms.
As with the Russian electric grid, American power plants are vulnerable. In the middle of the night in April 2013, an individual or group broke into the Metcalf transmission substation in California. Over the course of a half hour, the perpetrators damaged 17 generators by firing at least 100 rounds of high-powered ammunition into them. It took 27 days to repair the generators.
The physical vulnerability of the Metcalf site is not unique. In 2022 the Department of Homeland Security warned law enforcement of the vulnerability of such sites, citing their attractiveness as targets given “interdependency with other infrastructure sectors.” The DHS warning noted there could be a cyber attack from Russia against the U.S. energy sector, should Washington intervene against its invasion of Ukraine.
The American chemical sector is also vulnerable due to the lack of reauthorization of the 15-year-old Chemical Facility Anti-Terrorism Standards (CFATS). DHS Director of the Cybersecurity and Infrastructure Security Agency (CISA) Jen Easterly noted in Summer 2023 that under the CFATS standards, “CISA keeps dangerous chemicals out of the hands of terrorists and other malicious actors by identifying facilities that possess certain high-risk chemicals and ensuring they have critical security measures in place.” This regulation oversaw 3,200 high risk sites, and with the lack of authorization, CISA is limited in its ability to provide oversight of dangerous chemicals.
The Russia-Ukraine conflict is setting new precedents for what is acceptable in conventional warfare, and the targeting of the energy sector is setting the stage for other vulnerable critical infrastructure sectors to be deemed acceptable targets. Some nations are already picking up on the lesson. As Turkish Foreign Minister Hakan Fidan said on Oct. 4, “All infrastructure and energy facilities operated by the [Kurdish militant] PKK/YPG in Iraq and Syria are legitimate targets of our security forces.”
The U.S. must look to the security and resilience of its critical infrastructure. While conventional warfare is unlikely in the American heartland, smaller physical attacks and cyber warfare are real threats to such infrastructure. Targeting one will affect the others, making resilience and preparedness more important than ever.
Justin H. Leopold-Cohen is a graduate of the Johns Hopkins University MA program in Global Security Studies. He received his BA from Clark University in American History. He currently lives in Washington D.C. and works on homeland security issues. Any views expressed in the article are his own, and not representative of/or endorsed by any organization or government.