Last week, Secretary of Defense Hegseth (or Secretary of the Department of War, or Secretary of War, I am not sure how the name change will affect that) announced the start of a Joint Interagency Task Force (JIATF) 401 to counter aerial drones. If there is one thing I know, its that a JIATF is always the right answer. Look at the success JIATF-South had in stopping the flow of drugs into the U.S. There is also the success JIATF-West had when it counter China’s expanded influence and aggression in the Indo-Pacific. Ok, so maybe those are bad examples. They are indicative of the issue with the U.S.’s approach to addressing non-military problems with military solutions.
The National Guard is the DoD primary tool for defense and protection of critical infrastructure. So what is critical infrastructure? In the U.S. there are 16 Critical Infrastructure sectors “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Clearly, it extends well beyond the role of the military, but the military is often the only part of the government able and willing to engage on threats to critical infrastructure.
Why is it hard to get critical infrastructure security right in the U.S.? The main issue is you are buying insurance for an uncertain risk. Why does insurance exist? Its not to stop you from getting sick or keep your car from being wrecked, its to offset the costs once it happens. Many of the 16 critical infrastructures in the U.S. are owned and operated by private industry, but because their industry is critical to the U.S., they already feel like they have insurance. U.S. Government is the insurance. Why would they spend capital to harden infrastructure when the government is going to step in after an incident? The pattern is most clear in the power sector.
Consider two cases. The 2013 attack on PG&E’s Metcalf substation damaged 17 transformers and was a “wake up call” for grid physical security. Then in December 2022, two Duke Energy substations in Moore County, North Carolina, were targeted. The damage left tens of thousands without power and, three years later, is an unsolved cast. The post-incident response was once again “this is a a wake-up call.” Apparently, we keep hitting the snooze button.
Fast forward to 2025. Now we have JIATF 401 and we are going to get serious about protecting our critical infrastructure from drones. That is a good start. What would that look like? Because of the nature of the U.S. power grid, you actually have to protect thousands of sites, some in rural areas, with layered defenses that include at least some form of kinetic (read shooting things) response. That is just to secure substations. That is not securing the millions of miles of high-tension transmission lines that cross the country or any of the other 15 critical infrastructure.
Physical security is expensive because the problem is one of scale. The electric grid alone requires protecting substations (some in remote rural locations), transmission lines that cross vast distances, and the control centers that operate them. A layered defense that blends detection, active mitigation (including legally authorized kinetic responses where appropriate), hardened equipment, and resiliency planning is necessary and requires sustained capital. There is, however, a promising tool already in the toolbox: the Department of Defense’s Office of Strategic Capital (OSC), which was created to mobilize financing tools. These loans, loan guarantees, and targeted investments are directed into areas that strengthen national security. OSC’s authorities let it partner with private capital and finance durable capability upgrades, but its early work has focused mostly on technologies and cyber/industrial base priorities rather than broad physical-security programs. If we want systemic improvement, OSC’s authorities need to be applied deliberately to the physical-security problem.
We need to prioritize the risk and not try to apply equal treatment. There are thousands of cirtical infrastructure sites. They need to be prioritized based on consequence, interdependence, and threat. These nodes, and their connections, need to be mapped onto a larger overlay. There are cases where infrastructure in more rural areas may need greater protection because of its relative proximity to centers of national production.
In parallel with this mapping, the OSC needs a Critical Infrastructure Finance Program. This would mix conditional grants, low-interest loans, loan guarantees, and equipment-financing to help utilities and critical infrastructure companies harden the most important nodes. This funding should be tied to verifiable standards and measurable outcomes.
This financing would not be without conditions. Privately owned industry would require minimum physical security standards, incident reporting, and redundancies. If the markets won’t act, the government has to create the conditions to spur action.
Use the National Guard for more than police calling the National Capitol Region. Title 32 and Defense Support of Civil Authorities already gives the National Guard the ability to act to protect the homeland. The DoD should develop and pre-authorized Title-32 mission sets with attached funding, to build training and protection missions for the National Guard. These would allow them to build a capability and capacity to conduct national protection missions and develop an expertise in the field.
Securing the nation’s critical infrastructure is a finance problem as much as it as a defense problem. We can keep hitting snooze on our ‘wake up alarms” or we can actually do something to strengthen our defense. The pieces are already there. They just need to be put to work in a program that accepts that there is no insurance plan in place right now.