Critical infrastructure lies at the heart of modern society, underpinning the essential systems that sustain national security, economic stability, and public well-being. As defined by the Cybersecurity and Infrastructure Security Agency (CISA), these interconnected physical and virtual assets are so vital that their disruption can trigger cascading consequences across multiple sectors. Over time, the scope of what constitutes critical infrastructure has expanded alongside technological advancement and globalization, increasing both its importance and its vulnerability. In parallel, terrorist actors have shown a persistent and evolving interest in targeting these systems, recognizing their potential to cause not only immediate destruction but also long-term societal and psychological disruption. Understanding the patterns, motivations, and methods behind such attacks is therefore essential to developing effective security strategies and safeguarding the resilience of critical infrastructure.
CISA further categorizes critical infrastructure into sixteen sectors, including energy, transportation systems, healthcare and public health, communications, and financial services. This broad classification reflects the growing complexity and interdependence of modern systems, in which disruption in one sector can rapidly affect others. As a result, protecting these interconnected domains has become an increasingly urgent priority for policymakers and security practitioners alike.
Public and governmental concern about future terrorist activity intensified markedly after the Oklahoma City bombing and the September 11 attacks, heightening the urgency of addressing vulnerabilities in U.S. critical infrastructure through research and policy development. The 2016 report identifies more than 2,000 terrorist incidents between 1970 and 2015 that targeted critical infrastructure in the United States and its protectorates, noting a decline in annual attack frequency after 1974. The study further shows that commercial facilities were the most frequently targeted sector, with environmental extremist groups responsible for a substantial share of these attacks. These facilities are often described as “soft targets,” reflecting their relative accessibility and comparatively limited protective measures.
The selection of critical infrastructure targets by terrorist actors remains a subject of considerable academic debate, with scholars identifying multiple factors that shape this decision-making process. Target choice is typically influenced by a group’s operational objectives, organizational structure, and perceived capabilities, leading many actors to prioritize more accessible “soft” targets over heavily secured “hard” targets. Resource constraints, including limitations in personnel and material capacity, further narrow the range of viable options, making less-protected infrastructure—such as transportation systems—more attractive than highly guarded government facilities. At the same time, targets with significant symbolic or functional importance may be especially appealing for their potential to produce psychological impact or higher casualties. Nevertheless, even highly desirable targets may be avoided if their security is perceived to substantially reduce the likelihood of operational success.
The Global Terrorism Trends and Analysis Center (GTTAC) defines “facilities” as physical locations targeted by terrorist organizations. Its Facility Type classification systematically captures incidents involving attacks on specific sites. This framework encompasses several broad subcategories, including commercial facilities (such as retail establishments, offices, and tourist venues); cultural sites (including media outlets, religious institutions, and heritage or tourist locations); government-related targets (such as official buildings and vehicles, diplomatic entities, and law enforcement or intelligence facilities); infrastructure sectors (including agriculture and food systems, communications, construction, education, healthcare, land and maritime transport, private property, public spaces, relief services, and utilities and mining); and military targets, which may be foreign, multinational, or national in scope.
The GTTAC data on targeted facilities from 2018 to 2024 indicate a pronounced concentration of terrorist activity against infrastructure-related targets, which account for the overwhelming majority of incidents (22,108), as seen in Figure 1 below. This is followed by attacks on military facilities (7,700) and government targets (4,531), reflecting the continued strategic relevance of coercive and symbolic state-oriented objectives. In contrast, significantly fewer incidents were directed at miscellaneous (1,939), cultural (952), and commercial facilities (784), suggesting comparatively lower prioritization of these sectors during the observed period. The distribution underscores a clear operational preference for infrastructure targets, likely due to their functional importance, accessibility, and potential to generate widespread disruption, while still highlighting the persistent, albeit less frequent, targeting of military and governmental entities.

Fatality and injury data in Figure 2 below further illuminate the human impact of attacks across facility types from 2018 to 2024, revealing notable variation in both lethality and the distribution of casualties. Infrastructure-related attacks resulted in the most fatalities (55,183) and a substantial number of wounded (44,290), underscoring their capacity to cause large-scale human harm alongside systemic disruption. Government targets also exhibited high lethality, with 14,010 fatalities and 13,066 wounded, while military targets, although frequently attacked, produced comparatively fewer fatalities (3,527) but a significant number of injuries (20,523), suggesting differing tactical dynamics. Attacks categorized as miscellaneous resulted in 6,760 fatalities and 4,274 wounded, whereas cultural targets, despite fewer incidents overall, generated 3,833 fatalities and 6,859 wounded, indicating a disproportionate impact relative to frequency. Commercial facilities experienced the lowest casualty figures, with 1,972 fatalities and 2,447 wounded. The distribution highlights the particularly severe human consequences associated with infrastructure and government targeting, while also reflecting variation in lethality and injury patterns across sectors.

Figure 3 below shows significant variation in targeting patterns across infrastructure subcategories, with some sectors experiencing markedly higher incident rates. Land transport is the most frequently targeted category (6,593 incidents), closely followed by private property (7,326) and public places (4,729), indicating a strong operational preference for accessible, high-impact civilian environments. By contrast, sectors such as civil aviation (207), communications (207), and healthcare (349) have relatively low incident counts, suggesting either stronger protection or lower strategic prioritization. Mid-range targets include agriculture and food (1,420), utilities and mining (890), education (606), and relief services (452), reflecting a broader but less concentrated pattern of attacks. The data underscore a clear tendency among attackers to prioritize sectors that combine accessibility with the potential for widespread disruption and societal impact, particularly within transportation networks and publicly accessible or privately owned spaces.

The tactic types targeting infrastructure in Figure 4 below demonstrate a clear predominance of direct and force-intensive methods. Assault tactics account for the vast majority of incidents (12,399), indicating a strong operational reliance on overt forms of violence such as shootings, bombings, and storming attacks. Trauma-based tactics represent the second most frequent category (4,529), encompassing methods intended to inflict both physical and psychological harm, including suicide attacks, kidnappings, hostage-taking, assassinations, executions, stabbings, and the burning of residential areas. Covert tactics (3,225) also constitute a significant portion, suggesting that indirect approaches—such as sabotage, ambushes, and IED placement—play an important supporting role in infrastructure targeting. In contrast, exploitive tactics (1,493) appear less frequently, while coordinated attacks are exceptionally rare (50), underscoring the limited use of complex, multi-stage operations. The pattern highlights a preference for tactics that are comparatively easier to execute and require fewer resources, while still enabling substantial disruption and impact.

The weapon types used in attacks on infrastructure reveal a strong reliance on conventional, readily accessible means of violence, as shown in Figure 5 below. Firearms account for the largest share of incidents (11,954), underscoring their widespread availability and operational simplicity in executing attacks. Improvised explosive devices (IEDs) (4,529) and other explosives (4,210) also feature prominently, reflecting their effectiveness in causing significant damage to infrastructure and generating mass casualties. In contrast, melee weapons (707) are used far less frequently, likely due to their limited capacity for large-scale impact. The use of unmanned aerial vehicles (UAVs) (296), while comparatively low, indicates an emerging trend in the adoption of more technologically advanced methods. The data suggest that attackers prioritize weapons that balance accessibility, lethality, and the ability to disrupt critical infrastructure, while gradually incorporating newer technologies into their operational repertoire.

Figure 6 below shows terrorist groups targeting infrastructure, highlighting the prominent role of jihadist organizations in these attacks. The ISIS accounts for the most incidents (1,581), underscoring its sustained operational focus on infrastructure as a means of territorial control and disruption. Hezbollah follows with 951 incidents, reflecting its hybrid role as both a militant and political actor with strategic targeting patterns. Al-Shabaab (768) and Jama’at Nusrat al-Islam wal-Muslimin (JNIM) (549) also demonstrate significant engagement in infrastructure targeting, particularly within their respective regional contexts. The data indicate that well-established, territorially embedded organizations are the primary actors behind infrastructure-focused attacks, leveraging such operations to maximize disruption, assert influence, and challenge state authority.

Effective policy responses to the persistent threat to critical infrastructure must move beyond reactive security measures and toward a comprehensive, risk-based resilience framework. This requires deeper integration of public–private partnerships, given that most infrastructure assets are owned and operated by the private sector, alongside enhanced coordination led by agencies such as the Cybersecurity and Infrastructure Security Agency. Policymakers should prioritize intelligence-sharing mechanisms, sector-specific risk assessments, and the expansion of protective measures for high-risk “soft targets,” particularly in transportation and public-access environments.
To conclude, the analysis of terrorist activity targeting critical infrastructure reveals a consistent strategic logic shaped by accessibility, potential impact, and resource constraints. Infrastructure sectors, particularly transportation networks and public or private civilian spaces, remain primary targets because they can cause widespread disruption and significant human casualties. The predominance of straightforward, force-intensive tactics and readily available weapons further underscores a preference for operational efficiency over complexity. At the same time, the involvement of well-established organizations highlights the enduring role of infrastructure attacks in broader insurgent and terrorist strategies aimed at undermining state authority.


