OPINION — In the age of strategic disruption, critical infrastructure is both the terrain and the target. The West’s optimization of systems for efficiency and scale has inadvertently created a landscape of chokepoints. These points of failure are deeply embedded in our cloud ecosystems, energy corridors, undersea cables, and satellite constellations. They are invisible until they fail, but when they do, the consequences are significant.
From Ukraine’s reliance on Starlink to the Colonial Pipeline ransomware attack and the use of the ubiquitous SolarWinds as an ingress point for intelligence services, we are witnessing a new form of conflict, one that prizes disruption over destruction.
Strategic Infrastructure as a Conflict Domain
Russia’s war on Ukraine has exposed more than battlefield vulnerabilities. With terrestrial networks degraded, Ukraine has leaned heavily on Starlink for everything from military coordination to civilian communications. But Starlink is not a national or multilateral infrastructure. It’s privately owned and largely unaccountable. This effectively places a geopolitical chokepoint in the hands of a single executive.
That same private provider now underpins crew and cargo transport for the International Space Station. Following the retirement of the U.S. Space Shuttle and the eventual possible dissolution of joint operations with Roscosmos, the continuity of one of the world’s most symbolically unifying scientific efforts will depend entirely on a single company’s launch manifest.
And the vulnerabilities don’t stop in orbit.
China’s Volt Typhoon advanced persistent threat (APT) has compromised critical infrastructure across the West’s energy, transportation, communications, and water sectors, positioning itself to disrupt these services. Meanwhile, Salt Typhoon, though primarily focused on espionage, has targeted telecommunications in ways that could just as readily be weaponized for disruption.
The 2021 Colonial Pipeline attack paralyzed fuel distribution across the Eastern Seaboard. The 2022 Amazon Web Services outage rippled across the U.S. economy, disrupting transit, banking, and government operations. In the 2020 SolarWinds hack, a single point of failure allowed foreign intelligence agencies into countless critical government and private sector providers to collect intelligence. That access could have just as easily been used to disrupt or degrade service at any time. Each of these failures was enabled not by enemy bombs, but by our own centralization.
These are not one-off incidents; they are previews.
From Kinetic Threats to Systemic Shocks
Western military doctrine still leans heavily on deterrence theory, emphasizing kinetic parity and power projection. But adversaries, state and non-state alike, have embraced disruption: cheap, deniable, and disproportionately effective.
Disruption doesn’t just break infrastructure. It breaks continuity and system trust. A fiber cut can cascade through supply chains. A GPS spoofing attack can ground aircraft or misguide autonomous systems. A corrupted DNS entry can unplug and undermine public trust more effectively than propaganda.
China, Russia, Iran, and cybercriminal cartels understand this well. They aren’t planning to storm Washington or London. They’re aiming to quietly unplug them.
Looking for a way to get ahead of the week in cyber and tech? Sign up for the Cyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
The West Needs a Doctrine of Resilience
While we have national defense strategies, cyber strategies, and even climate resilience frameworks, we lack a coherent doctrine for infrastructure survivability in the face of hybrid warfare. This is the gap.
We need a strategic shift: one that places redundancy, diversification, and graceful degradation at the heart of national security planning.
Here’s where we start:
● Diversify Critical Dependencies: No nation should rely on a single internet connection, launch provider, cloud vendor, or data exchange. Resilience begins with optionality.
● Map and Understand Chokepoints: Governments and corporations must identify and test which cables, corridors, and cloud dependencies could paralyze operations if taken offline for 24 hours.
● Enforce Resilient-by-Design Architecture: Estonia’s “digital twin” model offers a blueprint for mirroring state functions in secure offshore environments. Redundancy is not waste, it’s defense.
● Embed Graceful Degradation: Systems must be designed to degrade gracefully under duress. Total failure should never be the first mode of collapse.
● Integrate Resilience into Alliances: NATO and EU collective defense cannot stop at tanks and treaties. Infrastructure interdependence demands shared risk maps, failover protocols, and decentralized defense capabilities.
Friction Is the New Firepower
Strategic deterrence in the 21st century is not just about overwhelming force, it’s about resilience. Survivable systems don’t break cleanly. They resist, reroute, absorb shock, and continue functioning under strain. That’s friction. And friction, in this context, is power.
We are not preparing for the next war. We are living in its early chapters. Cyberattacks, infrastructure sabotage, and platform capture are no longer theoretical, they are operational tools being used in real time.
If we want to maintain continuity, legitimacy, and deterrence in the years ahead, we must stop treating infrastructure as a given and start defending it like a frontline.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
