Infrastructure Lens
Examine how cyber operations target critical infrastructure sectors, their strategic importance, interdependencies, governance gaps, and escalation potential.
8
Sectors analysed
36
Incidents in dataset
3
Very-high escalation sectors
60
Sector–case linkages
Sector Analysis
Each sector card presents its strategic significance, dependency structure, and governance gaps. Linked cases are drawn from the existing dataset, sectors without direct matches include analytical context derived from the broader incident landscape.
Strategic Importance
Electrical grids, oil and gas pipelines, and fuel distribution underpin every other sector. Disruption cascades into healthcare, finance, transport, and communications within hours.
Key Dependencies
- ·SCADA / ICS control systems
- ·Fuel supply chains and refining
- ·Cross-border interconnections (gas pipelines, power grids)
Typical Cyber Effects
- ·Load-shedding or blackout via ICS manipulation
- ·Pipeline shutdown through IT/OT boundary compromise
- ·Data destruction to delay restoration
Escalation Proneness
Energy disruption has immediate civilian impact and is treated by most states as an armed-attack equivalent under certain conditions. Operations here risk rapid cross-domain escalation.
Governance Vulnerabilities
- ·Patchwork of national vs. regional energy regulators
- ·Legacy OT systems with multi-decade replacement cycles
- ·Ambiguity over whether energy disruption triggers Article 5 or equivalent collective defence
Dataset Summary
Relevant Cases
- NotPetya2017DestructiveStrategic Impact
Irreversible disk encryption/wipe across ~2,000 organizations in 65+ countries.
Unpeace: 100Entanglement: 5/10 - Stuxnet2010SabotageDestruction
~1,000 IR-1 centrifuges destroyed at Natanz; temporary disruption to Iran's uranium enrichment timeline.
Unpeace: 90Entanglement: 4/10 - Ukraine Grid I2015SabotageDegradation
Power outages for ~230,000 customers across three regions; manual restoration required ~6 hours.
Unpeace: 80Entanglement: 4/10 - Ukraine Grid II2016SabotageDegradation
~1-hour power outage in part of Kyiv via automated ICS malware; limited physical damage.
Unpeace: 80Entanglement: 4/10 - Colonial Pipeline2021RansomwareDegradation
Six-day shutdown of 5,500-mile pipeline supplying ~45% of US East Coast fuel; 17-state emergency declarations.
Unpeace: 80Entanglement: 5/10 - Oldsmar Water2021SabotageDisruption
No public harm; chemical change reversed within minutes by an alert operator.
Unpeace: 60Entanglement: 3/10 - Viasat KA-SAT2022DestructiveStrategic Impact
Tens of thousands of satellite modems bricked; disruption to Ukrainian military comms and collateral outages across multiple EU states.
Unpeace: 100Entanglement: 10/10 - Shamoon / Aramco2012DestructiveDestruction
~35,000 workstations wiped; weeks of degraded corporate IT operations; no impact on oil production.
Unpeace: 90Entanglement: 3/10 - Iran Nuclear Cyber2020SabotageDegradation
Reported physical damage at Natanz enrichment facility; scope and technical details not independently verified.
Unpeace: 80Entanglement: 4/10 - Taiwan Telecom2023EspionageIntrusion
Persistent access to telecom networks; no disruption observed, but pre-positioning raises contingency concerns.
Unpeace: 60Entanglement: 4/10 - Industroyer22022SabotageDisruption
Attack neutralized before sustained outage; demonstrated continued ICS threat capability during wartime.
Unpeace: 70Entanglement: 4/10 - Change Healthcare2024RansomwareDegradation
Healthcare claims processing disrupted nationwide for weeks; pharmacies, hospitals, and providers affected; $22M ransom reportedly paid.
Unpeace: 80Entanglement: 4/10 - Volt Typhoon2024EspionageIntrusion
Persistent access established across US water, energy, communications, and transportation infrastructure; no disruption executed.
Unpeace: 60Entanglement: 8/10 - Kyivstar2023DestructiveDestruction
Core mobile network destroyed; 24 million subscribers affected; air-raid alerts and banking disrupted for days.
Unpeace: 100Entanglement: 4/10 - Ecuador Data Exposure2019HybridDisruption
Personal data of ~20.8 million Ecuadorians exposed; national identity numbers, financial records, and family data affected.
Unpeace: 60Entanglement: 4/10 - Belgacom2013EspionageIntrusion
Multi-year covert access to Belgacom corporate IT and BICS international carrier networks, with visibility into engineering credentials and international signalling traffic; no public assessment of total data exfiltrated.
Unpeace: 50Entanglement: 5/10 - APT12013EspionageIntrusion
Terabytes of intellectual property and business intelligence exfiltrated from at least 141 organisations across 20 industries over six-plus years.
Unpeace: 70Entanglement: 10/10 - Salt Typhoon2024EspionageIntrusion
Access to core network and CALEA-related systems at multiple major US telecommunications operators; metadata and content for an unknown number of US persons exposed; senior political figures' communications targeted. Full scope and remediation status remain under investigation as of May 2025.
Unpeace: 80Entanglement: 7/10 - Flame2012EspionageIntrusion
Long-duration espionage against several thousand machines across the Middle East; novel cryptographic attack against Microsoft's code-signing infrastructure with broad ecosystem implications.
Unpeace: 50Entanglement: 10/10
On infrastructure interdependence
Critical infrastructure sectors do not exist in isolation. Energy disruption cascades into telecommunications, healthcare, and finance. Space system compromise affects navigation, timing, and financial settlement. Understanding cyber escalation requires analysing these interdependencies, an operation targeting one sector often produces effects across several.
Governance frameworks remain largely sector-specific, creating gaps at the boundaries where cascading effects are most dangerous. The entanglement scores shown in each case reflect this cross-sector risk.