Skip to main content

Cyber Risk to US Pipeline Critical Infrastructure — A Strategic Disruption Analysis

Rishipal Yadav
Author
Rishipal Yadav
Assistant Manager – Cybersecurity @ Uniqus Consultech · CISSP · GCP-ACE · M.Eng Cybersecurity, UMD · Writing at not your CISO

Course: ENPM808 — Independent Study, University of Maryland
Advisor: Prof Charles Harry →, School of Public Policy, UMD College Park
Period: 2024
Focus: Geopolitics, critical infrastructure, computational risk modelling


Summary
#

This independent study explored the cybersecurity ecosystem around US critical infrastructure — specifically pipeline networks — through a computational and policy lens. The research examined the intersection of cybersecurity frameworks and geopolitical risk, focusing on how nation-state actors could target energy infrastructure and how that risk can be quantified.

The core methodology applied the Strategic Disruption Index (SDI) — a framework for estimating the strategic impact of attacks on interconnected infrastructure — to pipeline networks modelled within a US Department of Energy Protected Area Asset District (PAAD). This is work in progress and I am actively working on this as of now.

Key contributions
#

  • Modelled pipeline infrastructure topology using computational techniques to represent node-level dependencies and failure propagation
  • Applied the SDI framework to estimate attack impact scores across different threat scenarios, including supply disruption and cascading failure
  • Analysed the cybersecurity-policy intersection: how existing frameworks (NIST CSF, TSA Pipeline Security Directives) map — and fail to map — onto realistic nation-state threat scenarios
  • Produced a risk prioritisation output identifying the highest-leverage intervention points for defenders

Why this matters
#

Nation-state attacks on critical infrastructure are no longer edge cases — Colonial Pipeline (2021), the targeting of European energy grids post-Ukraine invasion, and persistent APT activity against ICS/SCADA systems have made this a mainstream policy concern. The challenge for defenders is translating that threat into measurable, prioritisable risk. This research is a contribution toward that problem.