• blpglobalanalyst

Security Threats to the COVID-19 Vaccine Process

Ben Levitt, Allegra Berg, Wendy Maxwell, Min Wong, Caitlin Cronk; Extremism and NORTHCOM

Week of: January 25, 2021

Operation Warp Speed and other programs that produce and distribute mass amounts of COVID-19 vaccines face many challenges. Besides falling behind schedule on the number of vaccines that are supposed to be produced and the number of people that are supposed to be vaccinated at each step in the timeline, there are many security threats at each stage of the process. Although not every threat poses the same security risk, each stage in the process of distributing vaccines needs to have security measures in place to ensure a safe vaccination for everyone. The Counterterrorism Group (CTG) has analyzed many security threats at all stages of Operation Warp speed and has deemed the most likely and most vulnerable aspects of the process to be:

  • Attacks focusing on the storage of the vaccines: HIGH probability

  • Distribution of Illegal/illicit vaccines: HIGH probability

  • Attacks during the mass-vaccination process at mass-vaccination centers: MEDIUM-HIGH probability

  • Attacks during the transportation of vaccines: MEDIUM-HIGH probability

  • Disinformation/lack of trust related to COVID-19 vaccines: MEDIUM probability

  • Cybersecurity threats: LOW-MEDIUM probability

  • Street fights that may arise due to a variety of issues: LOW probability


How vaccines are stored is critical to their overall security, and issues that can arise from improper storage are some of the most concerning threats to the COVID-19 vaccine distribution process. Several of the approved COVID-19 vaccines require a strict temperature-controlled climate, where any decrease in temperature can result in thousands of vaccines becoming useless. Tampering or sabotage of the vaccines poses a high risk. Sabotage can occur in many ways but, due to the necessity of temperature-control and the extreme difficulty that comes with keeping the vaccines at specific temperatures, this is a HIGH security threat. Individuals, whether they are medical professionals, transporters, or saboteurs, can play a key role in destroying thousands of vaccines. For instance, a hospital worker in Colorado intentionally left hundreds of vaccines out of refrigeration, which resulted in the inability to use them.[1] This can be done by sabotaging refrigerators and freezers, leaving the vaccines out of sealed containers or packages for too long, intentionally mishandling the vaccines, contaminating them or reducing their efficacy, or accidentally dropping vials. Although anyone in the vaccine distribution process can sabotage the vaccines, people may want to sabotage the vaccines because they believe that the vaccines are unsafe, unneeded, or have radical beliefs such as wanting to harm others. People may, or may not, have direct ties to extremist organizations or conspiracy theories, but may seize the opportunity to make money due to taking a bribe by an extremist group to sabotage the vaccine process.

Additionally, as large quantities of the vaccines are shipped together, any damage to the packaging, transportation vehicles, syringes, or refrigeration methods could lead the vaccines to become useless or harmful. Damage to trucks or storage facilities can occur in a multitude of ways, with weather posing a HIGH risk, as it can cause significant damage such as collapsing buildings, ruining electrical-controlled refrigerators and generators with rainwater, blowing over transformers that power key infrastructure, or causing other power outages, shutting down roads that delay vaccine distribution, and more.

Due to the extremely limited supply, high demand, and misinformation regarding both the virus and the vaccines, it is critical that security is significantly increased for storage procedures, as they are likely to be stolen or damaged. Extremist groups have not yet attempted to steal vaccines in the United States but may attempt to do so in the coming months. The arrival of more resilient virus strains poses an increased risk of theft or destruction, and pose a MEDIUM-HIGH risk of destabilizing democracy, which extremist groups are highly likely to take advantage of. Medical professionals could see an opportunity to make thousands of dollars and steal the vaccines, or, due to their political and/or religious beliefs, they could steal, damage, or destroy vaccines during the initial storage process. A key way to prevent threats of this nature is to increase security at storage facilities and critical infrastructure related to storage. Additionally, if anyone in the vaccine transportation or distribution process has a criminal background or known links to extremist groups, they should be removed from the process altogether to ensure the safe distribution of vaccines. Threats and attacks focusing on the storage of the vaccines are deemed to be a HIGH probability.

Illegal/Illicit Vaccines

Generally, the majority of medical professionals believe in the necessity of the vaccine, but there is a concern that some medical professionals and other such individuals along the distribution process may threaten the security of the vaccines by stealing, substituting, and falsely producing vaccines. Companies, whether legitimate or not, may produce unapproved vaccines and distribute them to mass-distributors of vaccines such as Walgreens, CVS, or hospitals. For instance, in Nigeria, an unknown number of fake vaccines have been given to citizens without the approval of the Director-General of Nigeria’s National Agency for Food Drug and Administration Control (NAFDAC) Mojisola Adeyeye.[2] Similarly, organized crime syndicates in Mexico have been selling and distributing illegal vaccines in Mexico City, Tijuana, and Quintana Roo.[3] Multiple companies are producing vaccines but only a few have approval by federal governments to legally be permitted to sell and distribute vaccinations for the coronavirus.

Illicit vaccine distribution occurs when approved vaccines are stolen, then illegally distributed on the black market, such as in Florida where a fire captain allegedly stole vaccines with the intent to give the doses to his elderly mother.[4] Black market clients may include hospitals, clinics, family, and friends, but this process of stealing legal vaccines and distributing them is illegal. Illicit vaccines may also include giving the patient an injection of another substance, other than the approved COVID-19 treatment, and then distributing the real vaccine to someone else. Illegal vaccines, on the other hand, refers to the selling or distribution of vaccines that are not approved by the federal government or health administration that oversees the approval process. The distribution of Illegal/illicit vaccines is deemed to be a HIGH probability.

Attacking the Mass-Vaccination Process

There is a MEDIUM-HIGH risk of an attack occurring during the mass-vaccination process, as access to critical areas is more attainable and facilities are more vulnerable to security flaws. Currently, the mass-vaccination process is projected to take place throughout 2021, although no specific dates have been determined. This has allowed for ample time to plan a well-coordinated attack at a mass-vaccination center. Additionally, the combination of current virus restrictions that prevent large numbers of individuals from being indoors at any one time, and the likely high number of people at a vaccination center means that detailed plans may not be necessary to carry out a significant attack.

Anti-vaxxers, conspiracy theorists, domestic terrorists, extremist groups, and others who do not approve of the COVID-19 vaccine or wish to inflict pain and suffering on others may be tempted to plan and execute an attack at a mass-vaccination center. These centers will be equipped with ample space for people to park and wait in socially-distanced lines and will store thousands of frozen or refrigerated vaccines at a time. There is a MEDIUM-HIGH risk of a variety of attacks at these locations including, but not limited to bombs, armed assaults, knife attacks, chemical or biological attacks, and radioactive threats. There is a MEDIUM-HIGH probability of an attack involving the use of a vehicle, as a significant number of people own or have access to a vehicle, so security and law enforcement should have a significant presence at these centers to not only protect people waiting in line from others who wish them harm but also to enforce social distancing and other common COVID-19 guidelines.

Due to a significant increase in the number of individuals at a location such as a vaccination center, an attack of a conventional sense may not be necessary. There is a MEDIUM-HIGH risk of accidental or intentional transmission of COVID-19, including vaccine-resistant strains, at these facilities. This is a key reason why social distancing, proper mask-wearing, and other quarantine restrictions need to be enforced at all mass-vaccination centers by security, law enforcement, and medical professionals before, during, and after the vaccination. All personnel should be vetted before being allowed to work within the vicinity of these centers, as there is a MEDIUM-HIGH risk of potential insider threats.

Depicted on the next page is a potential mass-vaccination center layout, in which the yellow line indicates the vaccination queue, the red lines indicate traffic barriers and the various blue markers indicate map drop pins with a variety of descriptions.[5] While all mass-vaccination centers will have some form of security, whether that is law enforcement or otherwise, this image does not have any security noted, other than the personnel controlling the flow of traffic in and out of the queue. The threat of attacks during the mass-vaccination process at a mass-vaccination center like CVS, Walgreens, or a shopping mall is deemed to be a MEDIUM-HIGH probability.


An early estimate by Pfizer stated that vaccinating 1 billion people requires at least 12 trucks leaving a pharmaceutical company and 20 planes taking flight around the world each day.[6] While these numbers are subject to change based on the availability of approved and produced vaccines, the transportation systems used by high valued assets remain at a MEDIUM-HIGH risk for attack. Currently, many of the trucks being utilized to transport the vaccines have either direct escorts, such as in the European Union, or are not marked as containing the vaccine, such as using UPS/FedEx or other nondescript delivery trucks. However, the unknown aspect can increase the likelihood that incorrect transports become targeted, which in turn, increases the vulnerability of delivery workers across the nation as the vaccine is being distributed.

Securely transporting vaccines without damage in the appropriate time frame poses a significant challenge to logistics. The vaccines have a limited shelf life and any kind of tampering or lack of quality control will reduce the efficacy of the vaccines. Tampering may include a delay of service, by threatening or causing damage in locations such as airports, damage or threats to transportation vehicles or routes, or physically tampering with vehicles’ refrigeration units. While tampering may not lead to the direct spoiling of the vaccines, it could result in vaccines being delayed or never arriving at their intended destination, which would reduce the efficacy of the vaccines.

The likelihood of a hijacking during the transportation is LOW due to the complexity required, the inability to accurately track transportation, and the possibility of dealing with security once a transportation vehicle is found. More probable concerns include the damaging of transportation hubs or vehicles, and the tampering of vehicles while they are docked, which has the potential to result in delays and spoiled vaccines. Insider threats, like a sympathizer who has knowledge of which trucks carry vaccines and where they will be at any time, pose a MEDIUM-HIGH risk. These insider threats are unlikely to attempt to hijack a vehicle but may permit access to individuals or groups to destroy or steal vaccines at loading docks, storage units, and other such facilities. Workers at any stage of the vaccine transportation or distribution process will have some level of information regarding when vaccines will arrive and where. One of the only ways to ensure the safe delivery of the vaccines is to do background checks on each transportation worker to make sure they have no links to extremist groups or beliefs in conspiracy theories that will jeopardize the safe arrival of vaccines. If truckers, or anyone else in the transportation process, have a criminal background or known ties to extremist groups, they should be removed from the process and not be given knowledge of the whereabouts or travel plans of the vaccines.

Security risks to the transportation of vaccines may be unintentional, such as a car accident either with a truck or one that delays the arrival of vaccines, blown tires, and similar issues that may not be sabotage but traditional vehicle issues, weather delays, or overly-aggressive driving by truck drivers who need to make each shipment by a certain time but are running behind schedule. However, while some accidents may occur, security risks exist for individuals who knowingly cause trucks, airplanes, or trains to be delayed or damaged. Some of these risks include brake-checking or other dangerous maneuvers to large vehicles so they are forced to swerve off of the road or causing it to overturn, shunts placed on railroad tracks to detract trains, using a laser or other device to interfere with an airplane pilot’s ability to fly, and many others.

Several of the vaccines have temperature requirements, resulting in the need for the use of dry ice to maintain a certain temperature, which is significantly cheaper and more effective than using freezers at every stage of transportation. Generally, dry ice is safe when handled properly, but it can become very dangerous if the frozen carbon dioxide sublimates. Dry ice is strictly regulated when used for transportation, and due to its potential to cause harm, death, or even explode, it is rarely used for air travel, especially in the high distribution level that would be required for the vaccines. The COVID-19 pandemic, however, has left few other options that are as fast as airplanes. The Federal Aviation Administration has previously only allowed 3,000 lbs. of dry ice on an airplane at one time, but as a result of the pandemic, an adjustment to the rules was made to allow 15,000 lbs. to be used on a single flight.[7] During transportation, any mistake or intentional act that results in the delay of vaccines arriving at their intended location could lead to dry ice sublimating and causing harm to workers or the vaccines. The threat of attacks during the transportation of vaccines is deemed to be a MEDIUM-HIGH probability.

Disinformation/ Lack of Trust

Disinformation is a serious concern that will encompass all levels of the vaccine distribution process. The main tactic of disinformation currently occurring focuses on portraying the COVID-19 vaccine as unsafe. While there are some legitimate concerns regarding potential safety and long term effects that may come with a new vaccine, such disinformation includes that the vaccine will contain a microchip for government tracking, that the vaccine itself will sterilize those who take it, or that the vaccine will alter the DNA of those who get it.[8]

Disinformation can spread rapidly on social media and poses a MEDIUM threat to the legitimacy of the vaccination process. In the case of Twitter, any tweet can potentially go viral and ultimately be perceived as the truth. Generally, sites like Twitter are actively combatting disinformation, but other sites such as Parler that allow for completely unrestricted speech, create an echo chamber for disinformation that feeds into the communities of anti-vaxxers and those who are specifically against the COVID-19 vaccine. Images, similar to the one seen below, have a MEDIUM probability of getting through content filters on social media sites like Facebook and inciting panic while spreading false and misleading information.[9]

Through the utilization of deep fake technology and falsifying documents and information from legitimate sources, claims regarding the safety of the vaccine can easily be created and manipulated to feed into this agenda. Due to the confusion caused by intricate manipulation tactics, disinformation has a HIGH potential to exploit those who do not understand what they are reading may not be factual, such as the elderly. This has a HIGH potential to not only radicalize general citizens but also deter people from getting the vaccine, causing increased vulnerability to the virus.

In addition to disinformation and misinformation being circulated online, there is an overall decline in the number of individuals who are willing to get a vaccine as the COVID-19 pandemic continues. In May, people of all demographics, including race, gender, age, political and religious preferences, and education level were more inclined to receive the vaccine than they were in September. Although this could be a result of a variety of issues, including exposure to misinformation, distrust, and disinterest is spreading by word of mouth, and the willingness to receive a vaccine is declining. This has medical implications such as herd immunity not being achieved, but if fewer people are willing to receive a vaccine, the likelihood of believing or sharing misinformation increases. According to a Pew Research Center study, anyone demographic could have experienced as much as a 20 percentage point drop in likelihood to receive a vaccine from May 2020 to September 2020, as seen on the next page.[10]

Due to a fear of the vaccine and government overreach, there have been widely-distributed fake vaccination cards that are left blank so that they may be filled out by individuals who do not want to receive a vaccine but convince medical professionals, employers, or anyone else that they did receive one. An example of one can be seen below.[11] One way that disinformation can be prevented from spreading is for social media platforms to take a more active role in monitoring content and users online. By enforcing stricter terms of service, social media outlets will be better able to reduce the dissemination of misinformation and disinformation related to COVID-19 and the vaccines. Twitter has already shown a willingness to police content for the public good and other platforms can follow suit to ensure vaccines are safely distributed to everyone. Disinformation and a lack of trust related to COVID-19 vaccines are deemed to be a threat of MEDIUM probability.

Cyber Security Threats

During the lockdown period, there were thousands of cyberattacks reported to companies and institutions on a global scale. Attackers are likely to infiltrate into government and private systems resulting in the theft of confidential information, risk of identity fraud, or compromising critical infrastructure. The vaccine distribution facilities are now considered to be critical infrastructure due to the necessity to produce and distribute millions of vaccines.

State actors pose a MEDIUM-HIGH likelihood to conduct cyberattacks on the COVID-19 vaccine facilities to undermine the governing systems. Nationstates that may pose a threat to the US vaccine facilities include China, North Korea, Iran, and Russia. In November 2020, Russia’s Main Intelligence Directorate (GRU) team Fancy Bear was accused by the UK, US, and Canada of targeting organizations developing COVID-19 vaccinations. The United Kingdom’s National Cybersecurity Center (NCSC) made a statement detailing the attempts by the GRU to infiltrate research labs in an attempt to steal critical data. Russian Ambassador Andrei Kelin denied all allegations of cyberattacks and stated that the Russian government is not involved in any attempts of these data theft. Despite Russia’s denial, Microsoft released a statement in December 2020 explaining that more than forty customers experienced malware attacks on their devices with some of those customers being US government agencies. Security experts stated that this malware attack could provide the attacker’s network access to key government systems, electric power grids, and other utilities.[12] In addition to undermining the stability of American society through cyberattacks, Russia has also used disinformation campaigns that instill fear in the population.

Criminals, which often share similar motives to that of foreign state actors, pose a MEDIUM risk to cybersecurity-related to the COVID-19 vaccine distribution process. Motives include financial ransom, anti-vaccination theories, anti-government or anti-science groups, and the desire to cause chaos. There are many stages of the COVID-19 vaccination process that are vulnerable to cyber hacks, such as smart devices. In the medical field, this exposes not only medical equipment but also storage, data systems, and technical devices critical to every step of storing, transporting, and distributing the vaccine to the public.

Hackers have been targeting the vaccine’s cold chain, which are the organizations that are involved in the necessary sub-zero storage and transport of the dosages, since at least December 2020.[13] Each vaccine box has GPS trackers installed, which pose LOW-MEDIUM vulnerability to cyberattacks that can reroute and delay the transport. This can lead to unnecessary resources being expended to retrieve them. Hackers may also target the temperature systems of the transport boxes or vehicles resulting in the spoiling of the vaccines. In terms of storage, similar temperature control systems may also be infiltrated to spoil the vaccines. The encryption and mechanisms that secure the vaccines in storage units are ultimately connected to the internet, and through the use of stolen insider information that could be bought on the black market or otherwise obtained through illegal means, the multi-billion dollar project can fall into temporary control of cybercriminals that may lock or manipulate the access to those vaccines for ransom. Denial of service from criminals and state actors is a LOW-MEDIUM possibility. In terms of distribution, hackers can also target the data systems, effectively disrupting the databases that keep track of individuals who received their first doses and await their second doses.[14] A mass attack on the database systems could neutralize a major part of the vaccine dissemination process, especially considering the slow speed of vaccine production.[15] Cybersecurity threats associated with the COVID-19 vaccine and distribution process are deemed to be a LOW-MEDIUM probability.

Street Fights

Many people have been disappointed and angered by the coronavirus vaccine process due, in part, to Operation Warp Speed and similar programs being behind schedule on its distribution of vaccines. Certain groups of people have been prioritized over others, even within the same industry, which has led to strife. In New York, hospital workers began to turn on each other to receive the vaccine before coworkers.[16] Violence has not yet been reported in such situations, but there is still a LOW probability for anger to escalate into attacks. Nurses and medical professionals may resort to using bribes or stealing doses from other people, as vaccine shortages continue. While states can make their priority lists, and change them as time goes on and the availability of vaccines changes, the priority list to receive COVID-19 vaccines is usually broken down into groups depending on the likelihood of exposure one may have to the virus. A standard Center of Disease Control (CDC) breakdown begins with healthcare personnel working in hospitals, clinics, and long-term care facilities, such as nursing homes and first responders. The second group includes frontline workers such as truck drivers and grocery store workers, people with extreme underlying conditions, and anyone over 75-years-old. The next group includes anyone living and working at high-risk facilities including prisons, schools, people with moderately severe underlying conditions, and anyone over 65-years-old. The next group then includes anyone over 16-years-old who has not already received a vaccine. The last group then includes anyone under 16-years-old and everyone else who wants to receive the vaccine.[17]

The priority groups are subject to change but there is already hostility concerning why some are prioritized over others. In certain situations, the general public will be unable to receive a vaccine until late into 2021 and will only receive the vaccine after prisoners who live in closely-packed living facilities have received them. While prisoners may be at a higher risk, some people are upset that criminals will receive the vaccine before them and this has a LOW risk to lead to protests, riots, and attempted theft or destruction of vaccines to interfere with the priority list and distribution.

Temperature restrictions indicate that vaccines may be opened and removed from their refrigeration only twice and only for designated amounts of time. If there are extra vaccines removed from refrigeration but there are no more people waiting in line, medical professionals are not required to dispose of the vaccines but are allowed to call friends, family, or anyone else to receive the vaccines because they are not allowed to be put back into refrigeration.[18] This process can be manipulated if medical professionals prioritize people who paid them money on the side. There have been no confirmed cases of this nature reported, but medical professionals have few rules regarding what they are supposed to do with usable vaccines that cannot be put back into storage and no one is left to vaccinate for the day. Medical professionals lying about the number of available vaccines to patients so they may take extra vaccines and sell them on the black market is a LOW probability. There is also a LOW risk that it may lead to a street fight in which one medical professional wants to use the vaccines for one purpose and another medical professional wants to sell them or use them for friends and family. Street fights, and other related events, due to line cutting and similar issues during the vaccination process are deemed to be a LOW probability.


Extremist groups and conspiracy theorists are the most likely to attack the process due to their beliefs that the vaccine is unsafe and/or unnecessary to increase immunity for coronavirus. Transportation workers, medical professionals, and others with access to the vaccines may see an opportunity to steal, damage, manipulate, or delay the vaccines to satisfy a political or religious agenda or make money as a result of a bribe by another individual. The COVID-19 pandemic has infected and killed millions of people throughout the world, and despite this, political, religious, and conspiracy theory beliefs have played a role in manipulating how people perceive the vaccine. Through misinformation and disinformation, people may be afraid to receive the vaccine and may be willing to attack any stage of the distribution process. While some people may believe they are being patriotic and saving others from receiving government-issued microchips in the vaccines, others may believe that the coronavirus is being manufactured by a foreign government. Regardless of intentions and beliefs, security threats exist in the mass-vaccination process and law enforcement at the local, state, and federal levels need to be well-prepared to prevent any attacks and violence from occurring.

One of the key ways to protect everyone in the COVID-19 vaccination process is to have security and closely monitor everyone involved from delivery workers to medical professionals. The main threats to the vaccine process come from extremist groups and conspiracy theorists such as anti-vaxxers, but the insider threat tactic is also very likely as anyone in the process may see an opportunity to make money by stealing and selling vaccines, or damaging them as part of a bribe by an extremist organization or belief system. By thoroughly investigating workers and removing anyone with known extremist beliefs or connections to extremist organizations, the vaccine process can be completed safely. Security and law enforcement should aid in the transportation, storage, and mass-vaccination process to ensure that no threats jeopardize the safe arrival and distribution of the vaccines. Cyber-security defense needs to be a multi-pronged effort by governments and every company involved in the process because one weak link can endanger thousands of vaccines and thousands of lives. The Counterterrorism Group (CTG)’s Extremism and NORTHCOM Teams will continue to monitor all threats and security measures throughout the vaccine distribution process. If you have any information or credible threats, please contact local, state, or federal law enforcement. If you are looking for more detailed information regarding specific Persons of Interest (POI), group profiles, or more up-to-date information regarding Operation Warp Speed and similar programs throughout the world, please contact us.

[1] Hospital worker arrested after allegedly leaving hundreds of COVID vaccine doses out of refrigerator on purpose, CBS News, January 2021,

[2] Nigeria warns against fake COVID vaccines, AlJazeera, January 2021,

[3] Organized Crime in Mexico Selling Fake COVID-19 Vaccines, Latin America Herald Tribune, n.d.,

[4] Florida fire captain arrested in alleged theft of Covid-19 vaccine, CNN, January 2021,

[5] “Mass-Vaccination Layout” via Google Earth

[6] What we know about Pfizer's coronavirus vaccine distribution plan, Healthcare Dive, November 2020,

[7] Transporting And Distributing Vaccines Will Be 'Unprecedented' Logistical Challenge, NPR, December 2020,

[8] Misinformation about the vaccine could be worse than disinformation about the elections, Politico, December 2020,

[9] “The Berserkers Crusade,” Facebook, via CyberHUMINT

[10] U.S. Public Now Divided Over Whether To Get COVID-19 Vaccine, Pew Research Center, September 2020,

[11] “Blank covid vaccine card,” Telegram, via CyberHUMINT

[12] Pompeo blames Russia for ‘significant’ cyber attack on US government agencies, companies, France24, December 2020,

[13] Vaccine distribution pipeline faces serious cybersecurity risks, Healthcare IT News, December 2020,

[14] 5 Ways Cybersecurity Impacts Physical Security, Resolver, September 2020,

[15] Vaccine distribution pipeline faces serious cybersecurity risks, Healthcare IT News, December 2020,

[16] Hospital Workers Start to ‘Turn Against Each Other’ to Get Vaccine, The New York Times, December 2020,

[17] Phased Allocation of COVID-19 Vaccines, CDC, December 2020,

[18] HUMINT Source, January 2021


© The Counterterrorism Group (CTG) - 2020 - This website and all of its contents are copyrighted by The Counterterrorism Group, Inc. 2020. Any use, reproduction or duplication of the contents of this website without the express written permission of The Counterterrorism Group (CTG) is strictly prohibited.

Interested in joining us? Learn more