Electrotech Moneyball

The United States is building the grid that will power the next half-century of American prosperity. The scale of that undertaking—driven by AI, electrification, and the reindustrialization of critical supply chains—is without recent precedent. So is the risk if we get it wrong.

Between us, we have spent decades focused on our nation’s cybersecurity problems, working from the sometimes-conflicting perspectives of government and the private sector. One of us ran one of America’s largest energy companies and co-chaired the body responsible for coordinating the electric sector’s cyber and physical defense against national security threats. The other led congressional efforts to build the legal and institutional architecture—from the National Cyber Director to the Cybersecurity and Infrastructure Security Agency—that the federal government now relies on to secure critical infrastructure.

We served together on the congressionally-mandated Cyberspace Solarium Commission, where we saw firsthand how the seams between government and industry, and between legacy systems and new technology, create the openings that adversaries are most eager to exploit.

That experience is why this paper commands our attention.

“Electrotech Moneyball” confronts a problem that too few policymakers have reckoned with clearly: The sourcing and security decisions being made today—often without adequate strategic scrutiny—will lock in advantages or vulnerabilities for decades. The hardware and software being deployed into our grid at historic speed are not just energy technologies. They are the shared industrial base underpinning defense, AI, autonomous systems, and advanced manufacturing. Thus, the advantages and vulnerabilities locked in today are also not confined to the energy sector.

The paper’s central insight is one we believe deserves serious engagement. Not every component carries the same risk, and treating the entire supply chain as a uniform emergency will paralyze the very buildout we need. The authors propose a disciplined framework for distinguishing where real vulnerability concentrates—in the digitally active control layers that increasingly govern how power is generated, routed, and balanced. The security calculus for these components is fundamentally different than for commodity hardware. That distinction matters. Without it, we will either over-restrict inputs we cannot yet replace—stalling deployment of electricity generation and transmission we need to power our modern economy—or we will spread our limited security resources so thin that we will defend nothing well.

In today’s digital world, it is clear that the government cannot provide our national security on its own as it has in the past. The private sector owns and operates over 85% of our critical infrastructure. Today and in the future our national security requires a collaboration—not just “cooperation” or “coordination” or “sharing”—in order to protect and sustain the American economy and provide the national security that our citizens deserve. Industry, however, also cannot secure it without clear signals from government about where scrutiny should concentrate. And neither can succeed without a broader national conversation about what we are willing to invest—in domestic manufacturing, in allied partnerships, in the hard work of setting standards before architectures become locked in—to ensure this buildout strengthens rather than undermines American competitiveness.

It is not an exaggeration to say that how our nation addresses this challenge will determine whether we will remain the preeminent global economic power or whether we will be dangerously vulnerable to and dependent upon our most capable adversary, China.

The authors are asking the right questions at the right time, with the analytical rigor the moment demands. The framework they propose—grounded in the idea that we can assess technology based on its systemic importance, risk, impact, and level of digital sophistication—offers policymakers, industry leaders, and civil society a common language for making the hard prioritization choices that no longer can be deferred.

We urge readers across government, the private sector, and the broader national security community to give this paper the serious consideration it deserves. The window for getting this right is closing.

Executive Summary

The United States is in the early stages of a generational energy buildout driven by AI demand and accelerated by hundreds of billions of dollars in public and private investment. Central to this buildout is the digitization of the grid itself: the batteries, power electronics, and embedded software that will give America’s electrical infrastructure a digital nervous system capable of the flexibility, responsiveness, and adaptive threat management that aging analog systems cannot provide. Deployed well, this digitization will be the foundation for a grid architecture that is more dynamic and more defensible than what it replaces.

Yet even as we race to realize this modernization and expansion, we are dependent on the United States’ principal strategic competitor for the tools to build it. The People’s Republic of China (PRC) dominates much of what many experts call the “electrotech stack”—the integrated set of hardware and software components central to this buildout that are transforming electricity from a physical flow into something that also can be digitally generated, stored, and directed. That dependence is not only creating a supply vulnerability, but also threatening to undermine the very security advantages that a modernized grid is supposed to deliver.

The United States cannot slow its grid expansion, leave it undefended, or decouple it from PRC supply chains overnight. Smart strategic planning means addressing the most serious vulnerabilities first. Not every component in America’s rapidly digitizing grid carries equal risk. Treating the entire electricity ecosystem as if everything is an emergency means that nothing will be defended effectively. And imposing blanket restrictions on all Chinese-made components would throttle the very industrial buildout the United States needs to outpace current PRC manufacturing advantages. Indeed, the most strategically underweighted danger to the US energy ecosystem may not come from Beijing, but from self-inflicted paralysis—whether through overcorrection that delays the technologies this buildout demands, or indecision that continues ceding agency to our competitors.

This paper proposes a “Moneyball” framework for strategic prioritization of and within the electrotech stack—one grounded in the recognition that, increasingly, these components are not exclusive to energy systems, but essential to a common industrial foundation with growing leverage across defense, robotics, autonomous systems, and advanced computing. It seeks to determine where to focus first, to achieve the greatest cross-sector strategic return.

The framework assesses each technology across three dimensions:

1. How urgent is its deployment and how imminent is technological lock-in?
   
2. Which technologies constitute the biggest vehicles for risk—but also the most systemically influential opportunities to mitigate it?
   
3. How much cross-sector industrial competitive advantage would domestic leadership of that technology confer?

One of the framework’s core analytical distinctions—and the primary determinant of a component’s systemic risk—is where it falls on a spectrum of “smart” to “dumb” connectivity, and how far that connectivity reaches across the stack. Commodity battery cells and passive solar hardware, for example, do not present the same threat surface as their associated digitally active control layers, such as battery management systems, inverter firmware, fleet orchestration platforms, or cloud-connected software. The latter actively and increasingly determines how power is generated, stored, routed, and balanced across the grid. Systemically consequential risk concentrates in that “smart” layer; so too should policy.

Based on that assessment, the framework sorts components into three tiers of policy priority:

• Tier 1: Tight domestic control for the most consequential technologies;
  
• Tier 2: Trusted-ally sourcing where allied supply chains can suffice; and
  
• Tier 3: Managed global procurement with appropriate safeguards for commodity hardware where security exposure is lower.

The most urgent policy action is using this “Moneyball” framework to prioritize security scrutiny for the buildout now underway—applying deployment-phase requirements to the digitally active Tier 1 control layers that can then function as “firebreaks” against risks that would otherwise propagate down the stack. This approach mirrors the zero-trust logic now standard in federal and enterprise cybersecurity, where the architecture assumes compromise, authenticates at every trust boundary, and enhances control rigor with systemic consequence rather than relying on perimeter defense alone. Where security exposure is lower, “dumber” Tier 3 commodity hardware can continue to be sourced globally—even from less-trusted vendors—preserving the cost advantages and deployment speed the buildout demands.

In this paper, we apply this framework to two especially clear test cases: batteries—whose rapid deployment across the grid and growing role in defense, transportation, and advanced manufacturing place them at the intersection of every dimension the framework is designed to surface—and solar panels, which materially contrast in their risk profile and narrower cross-sector impact. While federal leadership would accelerate the benefits of this framework, it is not a prerequisite. State leadership in high-leverage jurisdictions for our current energy expansion, like Virginia and Texas, can set precedents through procurement and interconnection requirements, and private-sector collaboration on secure-by-design baselines will be a critical complement.

The electrotech stack is increasingly the operating system through which our economy’s energy, data, and value flow. Its deployment will determine whether America’s infrastructure can grow fast enough, flex dynamically enough, and defend itself credibly enough to sustain the generational buildout now underway. Getting the prioritization right means this operating system will be built to ensure American advantage. Getting it wrong—or not building at all—will cede that advantage to the Chinese industrial strategy that is already supplying the parts.