HIGH RISK OF ATTACKS AGAINST CRITICAL INFRASTRUCTURE AND COMMUNICATION SYSTEMS ACROSS THE US
January 11, 2021 | CTG
The Counterterrorism Group (CTG) is issuing a FLASH ALERT for security services and workers of critical infrastructures systems across the United States until at least January 20, 2021. The current CTG Threat Matrix indicates the likelihood extremist and radical individuals attempt to attack and sabotage critical infrastructure, particularly power and communication grids, across the United States is HIGH. We further assess HIGH risks specifically to the Washington, D.C. area on and about January 20, 2021, during the Inauguration of President-elect Joseph Biden.
CTG cautions security services and workers at power plants and communication centers such as phone service towers and buildings to be on HIGH alert given the high likelihood of developing violence and attacks near such locations to cause a mass blackout on and around the inauguration of President-elect Joe Biden on January 20. Lessons learned from the Capitol Hill siege show that a vast amount of social media evidence was disregarded, and therefore, CTG urges workers and security in these sectors to remain vigilant as there is widespread chatter and posts showing an interest in causing blackouts. Law enforcement should be aware too as this could be a potential diversion, spreading law enforcement thin to respond to such incidents and carry out actions elsewhere. Weapons to be used include explosives, as seen during the Nashville Christmas Day bombing, incendiary devices to take buildings offline, or more extreme measures to destroy services or render them useless for extended periods of time.
Following the events that took place on January 6, 2021 across the United States, President Trump and his loyal followers are far from giving up and accepting electoral defeat, or peacefully accepting Joe Biden as the 46th President of the United States. Despite potential Articles of Impeachment and invocation of the 25th Amendment as attempts to remove Trump from the office of President of the United States, the official transition of power is set for January 20 in which President-elect Joe Biden will be inaugurated. Until that day, and even after, Trump, his followers, and the many extremist groups and conspiracy theories that reinforce his beliefs, pose a HIGH risk to the safety of citizens across the United States. Trump supporters have planned for protests to take place on Inauguration Day, as well as the days leading up to and following January 20. Besides inciting and creating violence to anyone who does not share their beliefs, law enforcement, and government leaders who oppose the extremist rule of Trump, Trump and his supporters have discussed attacking critical infrastructure in the United States in order to potentially create a situation that enables Trump to remain as president after his term expires. The threat to critical infrastructure, its employees, and security protecting such infrastructure in the United States is HIGH and will remain as such for the next several weeks. Although some accounts such as ‘Q’ from QAnon and others claiming to be from President Trump are unverified and may not have the level of security clearance or information that they claim, threats such as seen in the screenshots below, must be taken seriously by law enforcement and critical infrastructure security no matter who posted them or when. As displayed in the Nashville Christmas Day bombing, there is a vulnerability to critical infrastructure like communication that a large scale attack could take off line.
Trump supports, extremist groups, and conspiracy theorists are willing and able to attack and/or sabotage critical infrastructure in the United States such as:
communication systems (for civilians, law enforcement and emergency services),
nuclear and chemical facilities,
water systems (including dams and water treatment plants),
major highways and transportation systems,
and all security personnel and law enforcement meant to protect critical infrastructure.
These include infrastructure set up around the area on Inauguration day like temporary cellular infrastructure and mobile command units on site which have a HIGH likelihood to be targete. Extremists may not even have to launch a sophisticated attack, but may have fellow supporters who work in a critical infrastructure capacity who would be able to sabotage critical infrastructure. Additionally, foreign adversaries to the United States may want to assist extremist groups or may attack critical infrastructure on their own, a vulnerability displayed in the recent Russian hack in various systems through Microsoft. Although the Department of Energy and the United States government are aware of such vulnerabilities to attacks, blackouts and attacks of varying nature to critical infrastructure are hard to predict because critical infrastructure is so widespread throughout the United States and can occur at any time and without warning due to a cyber attack. Therefore, security risks to critical infrastructure, including physical attacks to facilities, security personnel, cyber attacks, and sabotage remains HIGH until at least Inauguration Day, January 20.
Despite the vast majority of Trump supporters being located in the United States, followers of the QAnon conspiracy theory are worldwide and continue to believe that Donald Trump is the savior who is removing child-traffickers and pedofiles from the world’s elite class of celebrities and politicians. Additionally, with threats coming from nations and leaders friendly to President Trump much more than President-elect Joe Biden, major cities across the world are vulnerable to critical infrastructure attacks and sabotage as well. Screenshots, such as the one found below, are circulating on social media claiming that Trump and his supporters are actively involved with the planning and implementation of critical infrastructure attacks. Security risks of varying nature to critical infrastructure systems throughout the world remain a MEDIUM threat until at least January 20.
By using a combination of malware, spear-fishing as well as other cyber/hacking techniques, Russia has been targeting critical infrastructure in the US since at least March 2016. In addition to being vulnerable to intentional attacks and sabotage, many countries, even advanced ones, have outdated critical infrastructure systems that are susceptible to blackouts on their own. States like Russia, Iran, and China may view the recent violence in the United States as an opportunity to strike the US while it is most vulnerable to domestic terror, or they may put additional strain on outdated systems so they fail on their own. Critical infrastructure workers and security personnel should be on the lookout for suspicious individuals, packages, vehicles, and emails as these are good indicators of an impending physical or cyber attack. Critical infrastructure workers should look to create or maintain supplemental systems in the event that critical infrastructure is attacked. Therefore, security risks to critical infrastructure by international players, including physical attacks to facilities, security personnel, cyber attacks, and sabotage remains HIGH until at least Inauguration Day, January 20.
CTG assesses that the current threat climate is HIGH. We base this assessment on the fact that there is widespread chaos across Washington, D.C. and the United States and attacks to critical infrastructure is HIGHLY PROBABLE to continue throughout the next several weeks, especially as the political climate of the United States will change. These attacks may come from supporters of President Trump or international players who will look to strike the United States at a time of increased vulnerability.
Our analysis indicates that there is a HIGH PROBABILITY that Trump supporters will attempt to carry out attacks on critical infrastructure systems, in a variety ways, across the United States beginning on January 7.
Our analysis indicates that there is a HIGH PROBABILITY that international supporters of President Trump supporters, foreign adversaries to the US, and any nation looking to strike the US at a time of vulnerability will attempt to carry out attacks on critical infrastructure systems, in a variety ways, across the United States beginning on January 7.
Our analysis indicates that there is a MEDIUM PROBABILITY of security threats of varying nature to critical infrastructure systems throughout the world beginning on January 7.
It is CTG’s recommendation that federal and local law enforcement, critical infrastructure security, and local citizens be aware of the increased risk to critical infrastructure beginning on January 7. Additionally, redundancies, backup systems, and in-depth sweeps of current protocols will reduce the likelihood of any problems with critical infrastructure, so it is CTG’s recommendation that these be observed in addition to increasing cyber and physical security at critical infrastructure systems.
For more detailed information, such as the completion of a detailed Person of Interest report on any of the individuals involved, a lessons learned report summarizing how security can be improved for the future, or of other information that CTG has gathered, please contact us.
The Counterterrorism Group (CTG) is a unit of the global risk consulting and security firm Paladin 7. CTG proactively searches for and analyzes the threat of terrorism that comes from International Terrorist Organizations, Domestic Terrorist Organizations, and Individuals determined to inflict terror upon societies, organizations and individuals. Our international and national security professionals set up protective measures to detect, deter, and prevent, discourage, and dissuade any terrorist organization or individual from carrying out an attack on organizations and individuals. We work to protect our clients from any terrorist threat or attack. We also work proactively with the proper authorities to find those in terrorist organizations and individuals who will cause harm and assist in bringing them to justice and mitigating the threat long-term.
 “EAM LOYALISTS,” Facebook via CyberHumint
 “BE PREPARED FOR AN IMMINENT BLACKOUT,” Parler via CyberHUMINT
 Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks, NY Times, December 2020, https://www.nytimes.com/2020/12/24/us/russia-microsoft-resellers-cyberattacks.html
 “Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector,” Department of Energy, August 2016, www.energy.gov/sites/prod/files/2017/01/f34/Cyber%20Threat%20and%20Vulnerability%20Analysis%20of%20the%20U.S.%20Electric%20Sector.pdf
 “BREAKING - U.S. President Donald Trump predicted an immediate blackout!” Parler via CyberHUMINT
 “Russia Hacked U.S. Power Grid — So What Will The Trump Administration Do About It?” NPR, March 2018, www.npr.org/2018/03/23/596044821/russia-hacked-u-s-power-grid-so-what-will-the-trump-administration-do-about-it
 “U.K. Power Grid Creaks at Risk of Blackouts,” Bloomberg, January 2021, www.bloomberg.com/news/articles/2021-01-06/u-k-electricity-grid-creaks-under-repeated-winter-pressure