Download

Download eBook for Free

FormatFile SizeNotes
PDF file 1.4 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Purchase

Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback98 pages $19.50 $15.60 20% Web Discount

Research Question

  1. As DoD becomes increasingly dependent on electric power to accomplish its missions, what options does the department have to deter physical attacks and cyberattacks on the U.S. power grid?

Increased reliance on intelligence processing, exploitation, and dissemination; networked real-time communications for command and control; and a proliferation of electronic controls and sensors in military vehicles (such as remotely piloted aircraft), equipment, and facilities have greatly increased the U.S. Department of Defense (DoD)'s dependence on energy, particularly electric power, at installations. Thus, ensuring that forces and facilities have access to a reliable supply of electricity is critical for mission assurance. However, most of the electricity consumed by military installations in the continental United States comes from the commercial grid—a system that is largely outside of DoD control and increasingly vulnerable to both natural hazards and deliberate attacks, including cyberattacks. In this report, researchers explore two approaches that DoD might consider as options for deterring attacks against the power grid: enhancing resilience and reliability to deter by denial and using the threat of retaliation to deter by cost imposition. The report represents a first step in developing frameworks and context to support DoD decisionmaking in this area.

Key Findings

  • The analysis focuses on two strategies for deterring deliberate attacks on the power grid: denial and cost imposition.
  • For deterrence by denial, the report focuses on "outside-the-fence" interventions—ways in which DoD can engage with entities or infrastructure not owned by DoD. Case studies show that outside-the-fence interventions complement rather than replace existing inside-the-fence interventions and that resilience and reliability interventions can enhance DoD's ability not only to deter attacks by a military adversary but also to sustain operations under a broader set of potential perils, such as natural disasters and aging infrastructure.
  • To explore options for deterring through the threat of cost imposition, the authors examine the applicability of international agreements on the law of war. For cyberattacks on the civilian electric power grid, the severity of the attack and the strength of attribution reveal several options for retaliation. Cyber intrusions on the grid launched by nation-states, for example, may be countered with legal countermeasures. And attacks reaching the level of armed attack could warrant military response.
  • The challenge for deterrence comes from the ambiguity of cyberspace. This ambiguity cuts in two key directions: cyberattack attribution and cyberattack severity. The ambiguity surrounding severity may lead to less-obvious problems, but there is reason for concern that a lack of clarity on the meaning of use of force in cyberspace could produce unintended escalation.

Table of Contents

  • Chapter One

    Introduction

  • Chapter Two

    Assessing Outside-the-Fence Options for Improving DoD Mission Resilience to Power Disruptions

  • Chapter Three

    Punitive Options for Deterring Cyberattacks on the Power Grid

  • Chapter Four

    Conclusion

Research conducted by

This project is a RAND Venture. Funding was provided by gifts from RAND supporters and income from operations. The research was conducted within RAND Project AIR FORCE.

This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.