ABSTRACT Critical infrastructure facilities—including substations, pipelines, water treatment plants, and telecommunications nodes—are engineered to ride through routine technical failures, yet they remain vulnerable to low‐frequency interference by people. Trespass, tampering, vandalism, and ambiguous encounters at facility perimeters rarely cause cascading blackouts, but they consume operator resources, impose costs on law enforcement, and in some cases invite imitation. To address this challenge, US states since the early 2010s have adopted critical‐infrastructure protection (CIP) statutes that criminalize unauthorized conduct at energy facilities while anchoring governance routines such as signage, recurring training, charging checklists, and evidence‐preservation protocols. This article evaluates whether such statutes reduce incident risk in measurable ways. Using a balanced monthly panel of 50 states plus the District of Columbia between 2010 and 2025, estimated with Poisson pseudo‐maximum likelihood under staggered adoption and rich fixed effects, I find that laws in force are associated with a 27 percent reduction in expected incidents (incident rate ratio = 0.731, 95% CI 0.690, 0.773). Event‐time diagnostics show no detectable pre‐trend differentials ( p = 0.972). These findings suggest that statutes operate not primarily by increasing penalty severity but by reinforcing governance mechanisms of certainty, salience, and coordination. I argue that these results make a practical case for pairing statutes with four low‐cost complements: harmonized signage, two short cross‐agency trainings per year, prosecutor‐aligned charging checklists, and a minimal incident dashboard. The analysis contributes to deterrence theory, the econometric study of staggered policies with rare events, and debates on energy security, while offering policymakers a replicable governance playbook.
Jesse R. Humpal (Sun,) studied this question.