The threat of a terrorist attack on America’s energy grid is growing, with attempts being reported at increasing rates. If it’s not terrorism, it could be adversarial nation-states. This all increases the likelihood that a significant attack on the grid could succeed, leaving large swaths of the U.S. in the dark.
Think back to the last time you lost power at your home and how inconvenient it was. Now imagine the entire electric energy grid failing for an extended period. To be sure, we already know that the energy grid is constantly under attack and that power outages cost the U.S. economy around $150 billion annually and can negatively impact public health and safety.
Most of us don’t think much about the various infrastructure systems that we depend upon for our daily lives, at least until that infrastructure stops working. But behind the scenes, critical infrastructure systems support the security, commerce, and health of the nation. There are sixteen such critical infrastructure sectors defined by the U.S. Critical Infrastructure Security Agency. These sectors are those that “are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on the security, national economic security, national public health or safety, or any combination thereof.”
They include sectors traditionally thought of by the term “infrastructure,” like transportation, water and wastewater, communications, and energy, but also sectors necessary for public safety, such as emergency services, healthcare/public health, and the defense industrial base.
Microelectronics are at the heart of all sixteen of these critical infrastructure systems. Microelectronics include semiconductors, printed circuit boards (PCBs), and assemblies. These components power telecommunications networks, industrial control systems, manufacturing equipment, and medical devices. The problem is that many of the microelectronics that the U.S. depends upon to keep this critical infrastructure operational are not made domestically. Only around 10% of semiconductors were produced in the U.S. in 2022, and the U.S. accounts for approximately 4% of global PCB manufacturing.
This leaves U.S. critical infrastructure sectors in a vulnerable state of dependence upon foreign suppliers, resulting in risks related to cyberattacks, malicious code insertion, and intellectual property theft. Take, for example, the telecommunications sector. Chinese electronics in telecommunications infrastructure pose security and availability risks, for example, by shutting down or otherwise tampering with the networks. Or consider U.S. container ports, where Chinese-made automated cranes have been the subject of security concerns. Critical to the U.S. supply chain, ports control the flow of goods in and out of the country, and an attack remotely shutting down the cranes that load and unload containers from ships would devastate the economy.
Threats from untrusted microelectronics leave our critical infrastructure sectors vulnerable to compromise. The U.S. can mitigate these risks by relying upon trusted and assured sources of microelectronics for critical infrastructure systems. Collaboration with trusted suppliers is a time-tested supply chain risk management strategy. Supply chain trust builds confidence in the capabilities and actions of one’s suppliers. About microelectronics, trust implies that the components adhere to security requirements related to confidentiality, integrity, and availability. Enhanced traceability of microelectronics means that critical infrastructure operators can gain important information about where a component was manufactured and who has had access to it throughout the supply chain.As the supply chain becomes increasingly weaponized, the time is now to take steps to harden our critical infrastructure against threats that can significantly impact the nation’s security. Such steps include assessing the risks, raising awareness about critical infrastructure vulnerabilities, and addressing those vulnerabilities through secure supply chains and trusted and assured microelectronics.
