The Cyber 9/11 Timeline
I made a 30 minute video on the content within the timeline. I recommend watching it before reading.
“Cyber Katrina”, “cyber pandemic”, and “cyber 9/11” are all phrases used numerous times over the years by US government officials and important figures in the private sector. They often mention geopolitical instability and critical infrastructure when discussing a potential major cyber event. The geopolitical instability centered around the 2024 presidential election has serious potential to escalate into something significant.
This timeline will be updated until the US presidential election.
May 17, 2002: Soldier charged with planting an explosive
“Peterson was wearing all black clothing and black plastic pads on his knees and elbows, and had a pistol in a shoulder holster, according to the officer’s report.
The officer recognized Peterson’s black 2002 Chevrolet Silverado pickup as one he’d noticed backed up to a Florida Power & Light substation gate earlier.
Peterson gave police permission to search his truck and they found a 12-inch knife, a 6-inch knife, a 12-gauge shotgun, shotgun shells, .45-caliber bullets, four ammo magazines and plastic from an explosive device, the police report said.
He told officers he was in the area to ‘practice recon tactics.’”
July 18, 2002: Final ‘Blue Cascades’ report cites infrastructure gaps
“Terrorist attacks directed at disrupting the region’s electric power could cause regionwide power outages that spread quickly to other Western states, the report said. It also envisioned follow-on disruptions to the region’s telecommunications and natural gas distribution systems, as well as a threat to a major municipal water system and to the region’s ports.
The attacks and disruptions of critical services and related response and recovery actions affected other important operations and facilities, including transportation, emergency services and hospitals, medical care and law enforcement.”
Paula Scalingi, former Director of Critical Infrastructure at the Department of Energy: “Sept. 11 demonstrated that U.S. intelligence cannot provide the necessary alert and warning to prevent terrorists from striking.”
April 22, 2003: ‘Cyber 9/11’ risk warning
“A cyber ‘September 11’ has been predicted by Mike McConnell, a former director of the US National Security Agency. McConnell has warned that an attack on information infrastructure — with an impact equivalent to the attack on the World Trade Centre in New York — will happen, owing to neglect of the country’s critical networks.”
“McConnell said until ‘there is a cyber 9/11’, or ‘without something that serves as a forcing issue’, governments and the private sector would not be prepared for attack.”
February 6–10, 2006: The Department of Homeland Security hosts Cyber Storm I: National Cyber Exercise
“Secondary goals of the exercise included: Raising awareness of the economic and national security impacts associated with a significant cyber incident.”
“Scenarios included: Cyber attacks disrupting energy and transportation infrastructure elements; and Cyber attacks targeted at federal, state, and international governments with the intent of disrupting government operations and degrading public confidence.”
June 27, 2006: U.S. vulnerable to ‘cyber Katrina’
“The United States is poorly prepared for a ‘cyber Katrina,’ with no coordinated plan for restoring and recovering the Internet after a major disruption, according to a new Business Roundtable report, released yesterday.”
“A major disruption to the Internet could be caused by a physical incident (such as a natural disaster or an attack that affects key facilities), a cyber incident (such as a software malfunction or a malicious virus), or a combination of both physical and cyber incidents. Recent physical and cyber incidents, such as Hurricane Katrina, have caused localized or regional disruptions but have not caused a catastrophic Internet failure.”
“…the nation is not prepared to effectively coordinate public/private plans for recovering from a major Internet disruption.” (Page 10)
January 20, 2008: CIA says hackers pulled plug on power grid
CIA analyst Tom Donahue: “We have information, from multiple regions outside the United States, of cyber-intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber-attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”
April 10, 2008: Michael Chertoff: Cyber Terror Threat On Par With 9/11
“Michael Chertoff, the Homeland Security Secretary, said that computer-based attacks had the ability to cripple financial institutions and government networks and that the threat posed by cyber-crime is ‘on a par’ with the attacks of September 11, 2001.”
August 7, 2008: Fortune Brainstorm conference: “2018: Life on the Net.”
Former Stanford professor Lawrence Lessig: “There’s going to be an i-9/11 event. Which doesn’t mean an Al Qaeda event, it means an event where the instability or the insecurity of the internet becomes manifest, some major malicious event which then inspires the government into a response. If you remember, after 9/11, the government dropped the Patriot Act within about 20 days and it was passed.”
Lessig: “So I had dinner once, Richard Clarke was at the table and I said to him is there an equivalent? Is there an i-Patriot Act just sitting waiting for some substantial event for them come in and have the excuse for radically changing the way the internet works? He said ‘of course there is.’”
November 28, 2008: Pentagon computer networks attacked
“Officials would not describe the exact threat from agent.btz, or say whether it could shut down computers or steal information. Some computer experts have reported that agent.btz can allow an attacker to take control of a computer remotely and to take files and other information from it.”
January 15, 2009: NSA Must Examine All Internet Traffic to Prevent Cyber Nine-Eleven, Top Spy Says
“…in May 2007 McConnell convinced President Bush that a massive cyber-attack on a single U.S. bank would be worse for the economy than the deadly terrorist attacks of September 11…In response, the NSA developed a mind-boggling, but still incomplete, plan to eavesdrop on the internet in order to protect it.”
June 26, 2009: U.S. Cyber Command: 404 Error, Mission Not (Yet) Found
“Earlier this week, Defense Secretary Robert Gates ordered the military to start setting up a new ‘U.S. Cyber Command.’ It’s a move that’s been discussed in defense circles for more than a year. But despite the announcement — and despite the lengthy debate — no one in the military-industrial complex seems all that sure what this new fighting force is supposed to do, exactly.”
April 1, 2009: Vowing to Prevent ‘Cyber Katrina,’ Senators Propose Cyber Czar
Senator Jay Rockefeller IV proposed legislation to federalize cybersecurity. Rockefeller: “We must protect our critical infrastructure at all costs — from our water to our electricity, to banking, traffic lights and electronic health records — the list goes on.”
April 8, 2009: Homeland Security Secretary Napolitano: Hackers pose threat to power grid
“The Wall Street Journal reported Wednesday that Russian, Chinese and other spies have penetrated U.S. computer systems running electricity plants.
The hackers implanted software into the systems that may be used in the future to disrupt electricity, the Journal said, citing unnamed current and former national-security officials.”
April 9, 2009: Electric Utilities May Be Vulnerable to Cyberattack
“The nation’s electric utilities have failed to fully survey the vulnerability of their equipment to computer-based attacks from foreign countries and hackers, a government-authorized regulatory group concluded this week. That assessment came as senior U.S. officials renewed warnings that experts from Russia, China and other nations have been trying for years to probe and exploit those vulnerabilities.”
“We know penetrations started more than 10 years ago. But we don’t know all of them.”
September 28, 2009: Homeland Security and Counterterrorism
Former White House Homeland Security Advisor Frances Townsend: “I think people sorely underestimate the consequences of a large scale cyber-attack. There will be a cyber 9/11, and regrettably I think that’s what it’s gonna take before people really pay attention to this.”
February 16, 2010: Report: The Cyber ShockWave event and its aftermath
“Two IEDs were detonated in two different power facilities, is it terrorism? …there was a cyber component to the electrical outage, later assumed to be related to patches on the Secure Trade software. Was this the work of an insider?”
“The Cyber ShockWave exercise was to create a possible attack scenario, but not one that is total chaos. However, by adding the botnet side to the telecom attack, and throwing in natural disasters as well as potential terrorism on and offline, they added too much to the ‘Perfect Storm’ they kept referring to it as.”
April 19, 2010: Richard Clarke On The Growing ‘Cyberwar’ Threat
Richard Clarke, counterterrorism adviser to Clinton and Bush: “A cyberattack could disable trains all over the country. It could blow up pipelines. It could cause blackouts and damage electrical power grids so that the blackouts would go on for a long time. It could wipe out and confuse financial records, so that we would not know who owned what, and the financial system would be badly damaged. It could do things like disrupt traffic in urban areas by knocking out control computers. It could, in nefarious ways, do things like wipe out medical records.”
April 29, 2010: Chairman Rockefeller Keynotes Cybersecurity Forum | Urges Public-Private Collaboration to Address Growing Cyber Threat
Rockefeller: “It (the bill) simply requires all key players to get together ahead of a crisis and prepare. If we have a cyber-Katrina or a cyber-9/11, we want quick effective action — not bureaucratic confusion.”
May 2010: The Rockefeller Foundation: Scenarios for the Future of Technology and International Development
Well-known for the Lock Step scenario, this document has another scenario narrative called Hack Attack: “Meanwhile, more sophisticated hackers attempted to take down corporations, government systems, and banks via phishing scams and database information heists, and their many successes generated billions of dollars in losses. Desperate to protect themselves and their intellectual property, the few multinationals still thriving enacted strong, increasingly complex defensive measures.” (Page 36)
June 20, 2010: CNN’s State of the Union
Former Senator Joe Lieberman: “This is a matter of national security. A cyber attack on America can do as much or more damage today by incapacitating our banks, our communications, our finance, our transportation, as a conventional war attack.”
Lieberman: “Right now, China, the government, can disconnect parts of its Internet in a case of war. We need to have that here, too.”
May 2011: The White House publishes: International Strategy for Cyberspace
“The United States will ensure that the risks associated with attacking or exploiting our networks vastly outweigh the potential benefits. We fully recognize that cyberspace activities can have effects extending beyond networks; such events may require responses in self-defense. Likewise, interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders.” (Page 13)
“When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners. We reserve the right to use all necessary means — diplomatic, informational, military, and economic…” (Page 14)
December 8, 2011 (event date): The Atlantic Council in partnership with SAIC convened “Cyber 9/12 Project: Cyber Statecraft after Catastrophes” to determine how the transatlantic community would react the day after a major calamity in cyberspace (PDF)
“(Attribution) is usually a long and highly technical process and many cases end up as simply unsolvable. Fortunately, the information the policy makers most need can often be had without having to rely on solving these difficult forensic challenges.”
One participant stated: “The more significant a cyber event, the more likely there will be a geopolitical context that provides at least signposts to attribution.”
“…the consensus of the audience was that the first round of attacks were probably not directly conducted by the Iranian regime, but instead were somewhere in the wide gap between ‘state-encouraged’ and ‘state ordered.’”
“The world will likely, at some point, be faced with a calamitous attack in cyberspace. Causing death, destruction and global disruption, a cyber 9/11 will immediately spark a change in the world — everything the day after such an attack will be different than the day before.”
February 2nd, 2012: Catastrophic cyberattack looms
“Speaking to the nation’s top intelligence officials, (Rep. Mike) Rogers said that, ‘given classified briefings that we’ve had, discussions with all of you and your counterparts…that a cyberattack is on its way. We will suffer a catastrophic cyberattack.’”
“The urgency and severity of the problem was also echoed by FBI Director Robert Mueller. ‘The cyberthreat will equal or surpass the threat from counterterrorism in the foreseeable future,’ he said.”
June 1, 2012: Obama Administration Admits Cyberattacks Against Iran Are Part Of Joint US-Israeli Offensive
“Administration officials revealed to Sanger that the Stuxnet virus was developed by the National Security Agency (NSA) and Israel’s Unit 8200 (i.e. Israel’s secretive cyber arm) to ‘become the attacker from within’ Iran’s nuclear facilities.”
July 19, 2012: Barack Obama: Taking the Cyberattack Threat Seriously
“It doesn’t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we’ve seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.”
July 25, 2012: Former FBI cyber cop worries about a digital 9/11
Shawn Henry, current Chief Security Officer at CrowdStrike: “I believe that people will not truly get this until they see the physical implications of a cyber attack.”
Henry: “We knew about Osama bin Laden in the early ’90s. After 9/11, it was a worldwide name. I believe that type of thing can and will happen in the cyber environment. And I think that after it does, people will start to pay attention.”
August 14, 2012: Richard Wilhelm on Infrastructure Resilience — The Rockefeller Foundation
Booz Allen Hamilton Executive Vice President Richard Wilhelm: “Cyber, cyber security which underpins all of these infrastructures. I think that a big crisis there and it is coming. It is coming, there’s no doubt about it. Given my background I know that.”
October 11, 2012: Secretary Leon Panetta on Cybersecurity
Defense Secretary and former CIA Director Leon Panetta: “A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack on 9/11. Such a destructive cyber-terrorist attack could virtually paralyze the nation.”
December 2, 2012: Former spy chief says U.S. has had its cyber ‘9/11 warning’
Former NSA Director John McConnell: “We have had our 9/11 warning. Are we going to wait for the cyber equivalent of the collapse of the World Trade Centers?”
“McConnell expressed doubt that Iran or any terrorist group could mount such an attack but said it was only a matter of time before they had the capability.”
April 26, 2013: Former CIA Director: The Grid Is Vulnerable To Attack
Former CIA Director James Woolsey: “How about hacking? How about the extremely sophisticated hacking coming from the People’s Liberation Army hacking headquarters in China? How about Iranians training Hezbollah to figure out how to knock down parts of the grid?”
Woolsey: “You still are going to have to have the grid, but we could have a much more flexible civilization if the grid were to undergo some very fundamental changes, making distributed generation much easier than it is now.”
August 27, 2013: Napolitano warns large-scale cyberattack on US is inevitable
Napolitano: “Our country will, at some point, face a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our society.”
January 22, 2014: The World Economic Forum (WEF) publishes its meeting agenda: The Reshaping of the World: Consequences for Society, Politics and Business (PDF)
“Companies that deal with sensitive and critical information such as those in financial services should put cyberattacks at the top of their list of risks.” (Page 42)
February 5, 2014: Sniper Attack On Calif. Power Station Raises Terrorism Fears
“Jon Wellinghoff — chairman of the Federal Energy Regulatory Commission at the time of the attack — as saying it was ‘the most significant incident of domestic terrorism involving the grid that has ever occurred’ in the U.S.”
“The attack ‘seems to have been the work of people who knew what they were doing’…The evidence, Smith said, indicates that the sniper or snipers ‘methodically’ shot at equipment that would disable the substation if damaged — but also would not explode. Then, ‘one minute before police arrived, they faded into the night.’
Regarding the FBI’s view about who’s responsible, ‘we don’t know why the FBI feels it was not a terrorist attack,’ she added.”
March 13, 2014: Small-Scale Attacks Could Bring Down U.S. Power Grid, Report Says
“The nation’s entire power grid could be blacked out for months if as few as nine of the nation’s 55,000 electric substations were put out of commission by saboteurs.”
April 23, 2014: Are You Ready for a Driver’s License for the Internet?
“The White House is leading efforts for a new authentication system that would have users prove their identity with a single ID across the Web. And states are starting to pilot the system.”
June 2014: Microsoft publishes whitepaper: Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain
“Potential for an unforeseen event that profoundly affects cyberspace: The world could experience an event that is random, that computer models could not have predicted, and that creates a major shock or effect. The attacks on the United States in 2001 are an example of just such an event (sometimes referred to as a black swan event). Such an event could move countries to implement regulations and controls that could negatively impact technology growth projections and dramatically change the cyberlandscape of the future.” (Page 13)
“Significant disruption in the roles of government and the private sector: An unexpected event, such as a catastrophic cyberattack, could lead to a drastic change in the relationship between government and the private sector, such as a government takeover of portions of the ICT industry or the passage of draconian ICT regulation.” (Page 13)
July 24, 2014: Al Qaeda Targeting U.S. Infrastructure for Digital 9/11
John Carlin, then-assistant attorney general for national security in the DoJ: “Al Qaeda, nation states, and criminals are preparing for major cyber attacks against U.S. infrastructure that could be comparable to the devastating September 11 attacks…
We’re in a pre-9/11 moment, in some respects, with cyber.”
August 4, 2014: Israel Flagged as Top Spy Threat to U.S. in New Snowden/NSA Document
“Under a section headed ‘Mastering Cyberspace and Preventing an Attack on U.S. Critical Information Systems,’ Israel, India, North Korea and Cuba are identified as ‘FIS [financial/banking system] threats.’ Israel also appears on the list of countries believed by the NSA to be ‘enabling’ electronic warfare ‘producers/proliferators.’”
August 29, 2014: Next Big Bailout for U.S. Banks Could Be Forced by Cyber-Attack
“Treasury Department officials have quietly told bank insurers that in the event of a cataclysmic attack, they would activate a government backstop that doesn’t explicitly cover electronic intrusions.”
“A worst-case event that destroyed records, drained accounts and froze networks could hurt the economy on the scale of the terrorist attacks of Sept. 11, 2001.”
“The government might have little choice but to step in after an attack large enough to threaten the financial system. Federal deposit insurance would apply only if a bank failed, not if hackers drained accounts. The banks would have to tap their reserves and then their private insurance, which wouldn’t be enough to cover all claims from a catastrophic event, DeMarco and other industry officials said.”
November 21, 2014: The U.S. government thinks China could take down the power grid
“China and ‘probably one or two other’ countries have the capacity to shut down the nation’s power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday.”
“The testimony also comes in the wake of a report from the Pew Internet and American Life Project that cited a prediction by technology experts that a catastrophic cyber-attack that causes significant losses in life and financial damage would occur by 2025.
Admiral Rogers told the committee he did not disagree with the assessment.”
December 16, 2014: CNN: SONY hackers invoke 9/11 in new threats
“…they don’t have the concrete evidence where they can stand up and say we know definitively (who is responsible for the Sony hack).”
February 26, 2015: DNI James Clapper: Worldwide Threat Assessment of the US Intelligence Community (PDF)
“…the likelihood of a catastrophic (cyber) attack from any particular actor is remote at this time.” (Page 1)
“…even when a cyber attack can be attributed to a specific actor, the forensic attribution often requires a significant amount of time to complete. Long delays between the cyber attack and determination of attribution likewise reinforce a permissive environment.” (Page 2)
April 8, 2015: Security in the North American Power Grid — A Nation at Risk (PDF)
Former Chief of Staff George Cotter, National Security Agency: “…with adversaries’ malware in the National Grid, the nation has little or no chance of withstanding a major cyberattack on the North American electrical system. Incredibly weak cybersecurity standards with a wide-open communications and network fabric virtually guarantees success to major nation-states and competent hacktivists. This industry is simply unrealistic in believing in the resiliency of this Grid subject to a sophisticated attack. When such an attack occurs, make no mistake, there will be major loss of life and serious crippling of National Security capabilities.” (Pages 42–43)
November 22, 2015: 2015 Miami Book Fair: Lights Out
Ted Koppel, author of Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath: “About a year and a half ago, they (JP Morgan) were hacked. 83 million of their customers records were hacked, stolen. The story just broke…it turns out to have been two Israelis and an American. Everybody thought it was the Russians.”
February 7, 2016: Major Cyber Attack On U.S. Power Grid Is Likely
“It is a sorry state of affairs for a potential cyber strike on U.S. power grids to be kept quiet during an election year.”
February 16, 2016: U.S. Hacked Into Iran’s Critical Civilian Infrastructure For Massive Cyberattack
“The targets of the U.S. hacking operations, covered by the code name ‘NITRO ZEUS,’ include power plants, transport infrastructure, and air defenses…”
“…Israel reportedly unilaterally released its modified version of the worm (Stuxnet). This version traveled far more easily across many more systems, eventually infecting hundreds of thousands of computers in more than 115 countries, inevitably leading to the worm being analysed in detail by security researchers. This in turn led to the public revelation that the U.S. and Israel were behind the attack, despite neither country publicly acknowledging responsibility.”
“Our friends in Israel took a weapon that we jointly developed (Stuxnet) — in part to keep Israel from doing something crazy — and then used it on their own in a way that blew the cover of the operation and could’ve led to war.”
March 28, 2016: NSA chief ‘makes secret Israel trip to talk Iran, Hezbollah cyber-warfare’
March 30, 2016: RAND Corporation: Rather Than Fearing ‘Cyber 9/11,’ Prepare for ‘Cyber Katrina’
“The attacks of 9/11 killed and injured thousands through direct, physical attacks. A cyber 9/11 may be more likely to result in denial of access to the Internet, widespread loss of access to banking systems leading to fear and unrest or loss of power across unprecedented swaths of the country.”
May 9, 2016: Israelis in JPMorgan hack case to be extradited to US
June 21, 2016: Inside the Pentagon’s secretive preparations for a ‘cyber 9/11’
“Conducted over nine days in June, the event (Cyber Guard) offered a disturbing look at the type of catastrophe that could unfold during what the government’s top officials call ‘cyber 9/11.’
‘For us, it’s not a question of if it will happen but when,’ said Coast Guard Rear Adm. Kevin Lunday, U.S. Cyber Command’s director of training. ‘The more relevant question is: When it does [happen], will we as a Department of Defense, will we as a nation and with our allies, be ready for it?’”
“The major nation state — though unnamed, it was most likely China or Russia — mounted an attack on the United States’ energy and transportation infrastructure. The scenario at last year’s exercise simulated an attack on major financial institutions.”
July 26, 2016: The White House: Presidential Policy Directive — United States Cyber Incident Coordination
The PPD introduces the term “significant cyber incident”, which it defines as “a cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people”.
October 14, 2016: New commander takes lead at Army Cyber Command
General Mark Milley: “The first shots of the next actual war will likely be fired in cyberspace and likely with devastating effect. Many analysts and senior government officials have said their greatest fear is a cyber Pearl Harbor.”
October 21, 2016: WEF: Understanding Systemic Cyber Risk
“…no ‘cyber pandemic’, widespread large-scale simultaneous cyberattacks, or targeted and successful attack on key underlying infrastructure on which multiple essential services are dependent have yet been witnessed…However, the lack of an example does not preclude the possibility of such an event. In fact, today’s quickly evolving environment and the evolution of the threat…combine to increase the probability of such an event occurring.” (Page 5)
“If a rogue nation or terrorist organization had the capability to cause widespread disruption of essential services or damage to data integrity, organizations (private and public alike) may have difficulty containing the event. Unlike data breaches and extortion demands (e.g. through ransomware attacks), which inflict relatively small and targeted wounds, this kind of failure could have widespread ramifications. Such an attack is not only difficult to detect, but it also may be difficult to discern when the data were changed, thus making it difficult to ‘roll back’ to a known good state and maintain business continuity.” (Page 6)
“To some degree, systemic cyber risk is a bit of a ‘black swan’. Black swan events: 1) are a surprise; 2) have a major impact; and 3) are retroactively predictable. In other words, if a systemic cyber event occurs, the world will likely express shock at our dependence on technology, be stunned by the breadth of the impact and then essentially say, ‘Of course we knew that was going to happen someday.’” (Page 14)
December 8–9, 2016: The Department of Energy hosts the Liberty Eclipse Exercise
“The exercise consisted of a scenario that involved a widespread power outage caused by a cyber incident. The time to restore power was originally estimated to be 3 weeks due to the need to manually restart and to test systems’ operations.”
December 12, 2016: Former CIA chief calls Russia’s meddling in US elections ‘political equivalent of 9/11’
Former CIA Acting Director Michael Morell: “A foreign government messing around in our elections is, I think, an existential threat to our way of life. To me, and this is to me not an overstatement, this is the political equivalent of 9/11.”
December 15, 2016: We’re headed for a ‘cyber Pearl Harbor,’ says Adm James Stavridis
Former NATO Supreme Allied Commander Stavridis: “We’re headed toward a cyber Pearl Harbor, and it is going to come at either the grid or the financial sector…we need to think about this cyberattack as a pandemic.”
January 11, 2017: Trump: I’ll have ‘hacking defense’ report in 90 days
“Trump described the US government’s cybersecurity as ‘the worst,’ pointing to an analysis from April putting the government’s tech protection at the bottom of the list among 17 industries.”
Trump: “How do we stop this fairly new phenomenon? Because the US is hacked by everybody. That includes Russia and China and…everybody.”
March 7, 2017: WikiLeaks: Vault 7: CIA Hacking Tools Revealed
“As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.”
“With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.”
April 3, 2017: The Council on Foreign Relations: A Cyberattack on the U.S. Power Grid
“Given the importance of electricity to the daily lives of Americans, an adversary may see advantage in disrupting service to undermine public support for a U.S. administration at a politically sensitive time.”
“In 2016, the Department of Energy (DOE) received only three reports of cyber incidents at utilities; none of the incidents affected customers.”
May 11, 2017: Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
“Sec. 2. Cybersecurity of Critical Infrastructure”: This section says different agencies “shall jointly assess”: “(i) the potential scope and duration of a prolonged power outage associated with a significant cyber incident, as defined in Presidential Policy Directive 41 of July 26, 2016 (United States Cyber Incident Coordination), against the United States electric subsector”.
May 15, 2017: WannaCry Ransomware: Microsoft Calls Out NSA For ‘Stockpiling’ Vulnerabilities
Microsoft President Brad Smith: “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
“It (WannaCry) has attacked hundreds of thousands of computers, security experts say, from hospital systems in the U.K. and a telecom company in Spain to universities and large companies in Asia.”
June 26, 2017: U.S. to work with Israel, seek other ties to combat cyber attacks
“The U.S. government will seek to collaborate with Israel and other countries to develop new ways to thwart computer hacks and other cyber attacks, U.S. President Donald Trump’s homeland security adviser said on Monday.
Thomas Bossert, assistant to the president for homeland security and counter-terrorism, said a U.S.-Israeli working group will meet this week on cybersecurity issues such as protecting critical infrastructure.”
June 30, 2017: Israeli general: World is waiting for cyber-9/11 to act
“Gen. Ben Muir compared the current complacency towards cyber-attacks to the complacency of US and intelligence organizations prior to the 9/11 terrorist attacks. ‘It took two planes and thousands of murdered Americans for world governments to realize that the fight against terror involves cooperation and intelligence sharing.’”
July 17, 2017: US to create independent military cyber command
“Under the plans, U.S. Cyber Command would eventually be split off from the intelligence-focused National Security Agency.”
July 17, 2017: Lloyd’s says cyber-attack could cost $120bn, same as Hurricane Katrina
July 24, 2017: NotPetya, Trump and a Cyber Katrina
“The Trump White House has failed to nominate any candidates for key cyber positions at the Defense, Commerce and Homeland Security Departments. Even worse, Secretary of State Tillerson plans to eliminate the Office of Cyber Coordinator, which played a vital role during the Obama administration in getting China to curb its cyber-attacks under threat of sanctions.”
August 22, 2017: Time’s Running Out to Prevent a Massive Cyberattack on Critical Infrastructure, Advisory Group Says
“U.S. infrastructure is in ‘a pre-9/11 moment’ when it comes to cybersecurity and time is running short to shore up its cyber defenses, an industry advisory committee warned Tuesday.
If government and industry don’t dramatically boost their efforts to protect critical infrastructure, such as the financial system or electric grids, they risk missing a ‘narrow and fleeting window of opportunity before a watershed, 9/11-level cyberattack,’ according to a report approved by the Homeland Security Department’s National Infrastructure Advisory Council.”
October 19, 2017: Israeli security company Check Point Research: A new IOT botnet storm is coming
“A massive Botnet is forming to create a cyber-storm that could take down the internet.”
January 19, 2018: Cyber attack damage could cost as much as Hurricane Katrina
“A cyber attack against a major cloud computing firm could cause as much financial damage as Hurricane Sandy or Hurricane Katrina, the World Economic Forum and risk manager Marsh have warned.”
February 5, 2018: A Hoover Institution Essay: A Rubicon (PDF)
Daniel Geer, Chief Information Security Officer at In-Q-Tel: “Our concern is unacknowledged correlated risk, the unacknowledged correlated risk of cyberspace is why cyberspace is capable of black swan behavior.” (Page 1)
Geer: “So, if our ‘critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government’ and if aggregate risk is growing steadily (as leading cybersecurity operational managers confirm), then do we put more of our collective power behind forcing security improvements that can only be increasingly diseconomic or do we preserve fallbacks of various sorts in anticipation of events more likely to happen as time passes?” (Page 12)
February 16, 2018: Greatest security threats today come from cyberattacks, Raytheon International CEO says
March 16, 2018: CISA: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
March 20, 2018: Former Israeli spy chief and team of elite hackers form cybersecurity firm
“Retired Mossad chief Tamir Pardo said he has assembled a team of more than 30 hackers from Israel’s security and intelligence services into a startup called XM Cyber that seeks to keep companies’ networks safe by imitating how real hackers work.”
“The company has customers in Europe, Israel and the United States in insurance, banking and critical infrastructure, though Pardo declined to name them.”
April 3, 2018: Hackers have taken down dozens of 911 centers. Why is it so hard to stop them?
“Investigators later determined that the intrusion was an attempted ransomware attack, but ‘no ransom was demanded or paid,’ a city spokesman James Bentley said. He declined to explain further, saying that ‘could compromise the investigation.’”
May 15, 2018: Trump scraps cyber czar post after first appointee leaves: White House
“Politico reported last week that Bolton was trying to eliminate the top cyber policy role.”
June 1, 2018: The next 9/11 will be a cyberattack, security expert warns
Red Queen Dynamics CEO Tarah Wheeler: “The more I speak to people, the more they think that the next Pearl Harbor is going to be a cyberattack.”
Wheeler: “I think that the most horrifying cybersecurity attack is going to have its own name and I think it’s going to involve something more terrifying than we’ve thought of yet.”
June 2018: The Russian International Affairs Council publishes: North Korea: How DPRK Created World’s Most Effective Cyber Forces
“The Calm before the Cyber Storm: When the Blackout Appears on the Horizon:
Dragos experts suggested that attackers can develop malware that can lead to a complete shutdown of the U.S. electricity grid. More than half of the vulnerabilities identified in the U.S. industrial sector can potentially lead to a ‘strong operational impact,’ as stated in the January Dragos report.”
June 13, 2018: National Guard Dark Sky exercise ensures state is prepared for any attack
“It has taken more than two years to plan the multi-agency exercise scenario that focuses on a cyber event resulting in massive power outages.”
July 13, 2018: Intel chief Dan Coats says of cyberattacks, “We are at a critical point”
“…former Director of Central Intelligence George Tenet who, in the months ahead of the 9/11 attacks, warned that the ‘system was blinking red.’ Coats, citing daily attacks from Russia, China, Iran and North Korea, said, ‘Here we are, nearly two decades later, and I’m here to say the warning lights are blinking red again.’”
“As part of an ongoing restructuring process called ‘Intelligence Community 2025,’ Coats said, the 17 agencies of the intelligence community would make their own efforts to boost transparency and information-sharing, including by working to eliminate what he called ‘information silos’ between the public and private sector. He also urged all consumers of information to be vigilant about its provenance.”
September 20, 2018: White House Releases First National Cyber Strategy in 15 Years
“The United States will work with like-minded states to coordinate and support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken, and joint imposition of consequences against malign actors.” (Page 21)
September 24, 2018: In this election security drill, Massachusetts cops battle hackers to protect the vote
“The Cybereason exercise began with chaos: the red team ordered a distributed denial of service attack on a 911 call center. Not long after that, the red team — comprised of Cybereason executives, graduate students from Boston College, and staff from the Boston mayor’s office — used the potent weapon of disinformation to force law enforcement to divert resources.”
“‘I think it’s a bit of a wake-up call to the people who work in this area all the time,’ said (Ed) Davis, who was Boston’s top cop during the 2013 Boston Marathon bombing.”
October 10, 2018: Congressional hearing on “Threats to the Homeland” (PDF)
Homeland Security Secretary Kirstjen Nielsen: “More than 30 nation-states now have cyber-attack capabilities, and sophisticated digital toolkits are spreading rapidly. DHS was founded fifteen years ago to prevent another 9/11, but I believe an attack of that magnitude today is now more likely to reach us online.” (Page 7)
October 24, 2018: Sibos 2018: ‘Black swan’ cyber event is inevitable
“An online poll of more than 1,000 people attending one of the cyber security sessions revealed that 83% now expect some sort of 9/11 or Black Swan-type cyber event will happen.
The three panellists at the session — Jacqueline McNamara, Telstra’s head of cyber security; Dmitry Samartsev, CEO of Bi.zone, the security arm of Russian bank Sberbank; and independent security architect Troy Hunt — agreed with that view.
Samartsev said current geopolitical turbulence made such an event more likely than not, and painted a chilling picture of what such a cyber catastrophe might look like.
The worst scenario, he said, could be cyber criminals launching a distributed denial-of-service (DDoS) attack on bank networks, coupled with a huge information attack on social networks to spread fear among people that the banks are going down.
This could lead to a domino effect if citizens rush to withdraw their money, leading to a run on the banks.”
November 16, 2018: “President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA).”
November 18, 2018: Power outages, bank runs, changed financial data: Here are the ‘cyber 9/11’ scenarios that really worry the experts
“Attacks that spill into the physical world, those that cause a financial sector ‘contagion’ or attacks on data integrity — rather than theft or destruction — are top-of-mind, frightening scenarios for experts.”
February 1, 2019: Newsweek: How A Cyber Attack Could Shut Down The U.S.
March 31, 2019: Former Homeland Security Head Napolitano Says Cybersecurity Should Be A Top Priority
Napolitano: “We have so many red flags in the in the cyber world right now. And what I’m concerned about is that we really could experience a cyber-cause, 9/11-style event where you would have mass shut down — maybe not just in one community or two communities, but many communities at the same time.”
April 2, 2019: Former CIA Director Leon Panetta co-writes an article: Public-private joint effort is needed to prevent a cyber Pearl Harbor
“Relying on proxy organizations, geopolitical rivals like Russia and Iran view cyberattacks as an effective way to target vulnerabilities in the U.S.”
April 26, 2019: Fort Bragg issues apology after fake cyber attack prompts alarm, conspiracy theories
“The electricity at the world’s largest military post was shut off without warning late Wednesday as part of an exercise to see how post residents would react to a cyber attack, Army officials later explained on Facebook.”
“Department of Defense requires military installations to conduct readiness exercises on an annual basis. The intent is to determine the readiness and resiliency of the installation in a real-world scenario.”
May 17, 2019: Cyber 9 11 Is Imminent — Dr Eric Cole’s Security Tips
Ex-CIA Special Agent and former Lockheed Martin Chief Scientist Eric Cole: “…more likely what we’re going to see in the future from a cyber 911, is you’re going to have some group or some entity, that might or might not be associated with a government that’s going to target and hurt civilians…”
Cole: “The other variant of cyber 9/11 that to me can actually be just as worse is not only have some loss of life, but also target massive financial impact. Somebody goes in and tries to wipe out hundreds of millions or even billions of dollars from a large number of banks simultaneously.”
July 3, 2019: DHS: Secure Cyberspace and Critical Infrastructure
“Moreover, the interconnectivity of critical infrastructure systems raises the possibility of cyber attacks that cause devastating kinetic and non-kinetic effects. As innovation, hyper-connectivity, and digital dependencies all outpace cybersecurity defenses, the warning signs are all present for a potential ‘cyber 9/11’ on the horizon.”
July 31, 2019: Consumer Watchdog: Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off
“A plausible scenario involving a fleet-wide hack during rush hour in major U.S. metropolitan areas could result in approximately 3,000 fatalities, the same death toll as the 9/11 attack.” (Page 2)
“The greatest value of the kill switch would be to help restart the transportation infrastructure after a massive cyberattack. After 9/11, air traffic in the U.S. was shut down for several days while we implemented new security and verified that we could resume flying safely. In the aftermath of an automotive cyberattack, ensuring the safety of hundreds of millions of connected cars with ‘always-on’ Internet connections could take months, during which time our economy and our ability to move necessities such as food across the country would be crippled.” (Page 45)
August 26, 2019: Reuters: U.S. officials fear ransomware attack against 2020 election
August 27, 2019: NATO will defend itself
“In just minutes, a single cyberattack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyse our critical infrastructure, undermine our democracies and cripple our military capabilities.”
Jens Stoltenberg, NATO Secretary General: “A serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all.”
October 1, 2019: Strengthening the Front Line: NSA Launches New Cybersecurity Directorate
“Under the new Cybersecurity Directorate — a major organization that unifies NSA’s foreign intelligence and cyberdefense missions — NSA will work to prevent and eradicate threats to national security systems and critical infrastructure…”
October 28, 2019: FEMA: Building a Culture of Cyber Preparedness
“Just like a more traditional response to a natural disaster, we must also be ready to respond to a ‘cyber disaster’ as a cyber-attack can trigger physical consequences.”
November 5, 2019: Joint Statement from DOJ, DOD, DHS, DNI, FBI, NSA, and CISA on Ensuring Security of 2020 Elections
“Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions. Adversaries may try to accomplish their goals through a variety of means, including social media campaigns, directing disinformation operations or conducting disruptive or destructive cyber-attacks on state and local infrastructure.
While at this time we have no evidence of a compromise or disruption to election infrastructure that would enable adversaries to prevent voting, change vote counts or disrupt the ability to tally votes, we continue to vigilantly monitor any threats to U.S. elections.”
November 5, 2019: Cybereason hosts election hacking tabletop exercise Operation Blackout
“However, the public did get hurt, with 200 people injured and 32 dead, and the election was cancelled.”
“Control of social media networks for journalists, influencers, and political figures allowed the Red Team to easily spread misinformation through supposedly ‘legitimate’ channels.”
“Autonomous vehicles were leveraged by the Red Team to wreak havoc at polling stations and cause many deaths and injuries.”
“Deep fakes were used by the Red Team to impersonate the superiors of pollsters and law enforcement officers and direct them to execute actions…”
“Video leaks of cars and buses crashing into polling stations and the reset of the systems and previous hack have failed.
- ISIS claims responsibility.”
“They declare a state of emergency, martial law, and how this is a tragic day for Adversaria. Many have been hurt, and a manhunt is on for the ring leaders and associates of K-OS. A new election day will be announced. Fear over terrorism increases.”
November 16, 2019: The energy industry practices for a ‘black swan’ cyberattack that could take down the grid
“The event is called GridEx, and takes place every two years. It imagines the U.S. under attack from a foreign country, through the power grid.”
“Fanning (CEO of Southern Company) said he has worked with CEOs including Jamie Dimon of JPMorgan Chase, Brian Moynihan of Bank of America and Randall Stephenson of AT&T on understanding the ‘interconnectedness’ of these sectors in the event of a cyberattack on the energy industry.”
December 9, 2019: Federal council to Trump: Cyber threats pose ‘existential threat’ to the nation
“The members wrote in the draft report that ‘bold action is needed to prevent the dire consequences of a catastrophic cyber attack on energy, communication, and financial infrastructures…’”
“NIAC members sounded the alarm in the report, writing that ‘it is not a matter of if, but when, an attack will happen. Our window of opportunity to thwart a cyber 9–11 attack before it happens is closing quickly.’”
December 11, 2019: How electric vehicles could be used to hack the 2020 election
“A successful election attack doesn’t need to gain access to voting systems themselves. Dvorkin says plug-in electric vehicles (PEVs) and the charging stations that charge their batteries could enable large-scale cyberattacks on urban power grids. In a simulation he and his team conducted using Manhattan, Dvorkin found that it would take only 1,000 electric vehicles charging simultaneously to stage an attack on the city’s power grid, potentially blacking out entire sections of New York.”
January 5, 2020: First Suleimani Attack By ‘Iranian’ Hackers Hits U.S., Exposing ‘Noisy’ New Threat
“Hackers claiming to be linked to Iran targeted a low-level domain…There is nothing substantive to link the hackers with the regime in Tehran.”
“Will Iran defy strategic political and military logic and raise the stakes, deploying a seriously damaging cyber attack on a U.S. energy grid, healthcare, core services?…Despite the headlines that suggest such an attack may come, experts think it unlikely — it would prompt a devastating response.”
February 6, 2020: Cyber attacks could cause financial crisis, says ECB chief Christine Lagarde
“Ms Lagarde said an operational outage that destroyed or encrypted the balance accounts of a major financial institution could trigger a liquidity crisis. ‘History shows that liquidity crises can quickly become systemic crises,’ she said. ‘The ECB is well aware that it has a duty to be prepared and to act pre-emptively.’”
February 10, 2020: Another (Operation Blackout) 2020 election simulation ends in chaos
“As the hackers plotted various strategies for swinging the results and sowing distrust in the nation’s voting process, a man in his late-30s sat at the head of the table, weighing in on each idea. They called themselves K-OS, for ‘Kill Organized Systems.’
The man, Yonatan Striem-Amit, was a former member of Unit 8200, the Israeli military’s elite cyber warfare team, which is considered among the best in the world.”
“‘This is not a creative storytelling exercise,’ said a document distributed to participants beforehand. ‘The point of this event is to figure out how to better prepare for certain circumstances.’”
“There is ‘more infrastructure than you realize,’ explained Streim-Amit. With a bar on attempting to manipulate actual vote tallies, K-OS would have to be creative in their targeting efforts, said Israel Barak, also a veteran of the Israeli Defense Forces cyberdefense wing.”
“The Red Team, which spent part of the morning creating deepfake personas, now began to overwhelm the 911 system with false alarms for fires, medical calls, and other tasks to waste first responders’ time.”
“They ramped up the pressure in stages, eventually putting serious stress on public safety resources by reporting nonexistent bomb threats and active shooters at schools in Democratic districts over the city’s emergency broadcast system — something Red gained control over when they hacked the area’s wireless networks.”
February 19, 2020: The European Systemic Risk Board publishes report on systemic cyberattacks
“The scenario analysis in this report reveals that the loss of confidence in the financial system plays a key role in a cyber incident developing into a systemic crisis.” (Page 3)
“During the 2017 NotPetya incident, major Ukrainian banks’ systems were infected within less than a minute. It is in particular the interconnectedness of various automated information systems that enables cyber incidents to spread at such a fast pace.” (Page 10)
“…it is not inconceivable that in future, a large-scale cyber incident in the financial sector could create disruption on such a scale that it has the potential to have serious negative consequences for the internal market and the real economy.” (Page 23)
March 11, 2020: The Cybersecurity 202: Cyber Solarium Commission aims to avert a cyber 9/11 before it’s too late
“The group’s goal is to make recommendations similar to those from the 9/11 Commission Report in 2004, but before a major disaster hits in which an adversary could knock out portions of the nation’s electrical grid or telecommunications systems, co-chair Sen. Angus King (I-Maine) told me.”
March 21, 2020: FEMA: National Level Exercise 2020
“NLE 2020 focused on cybersecurity and involved a complex, multidimensional attack that reflected the global threat environment. In the scenario, widespread cyberattacks led to significant impacts on critical infrastructure and community lifelines.”
April 20, 2020: Financial Stability Board: Effective Practices for Cyber Incident Response and Recovery: Consultative document
“Cyber incidents pose a threat to the stability of the global financial system. In recent years, there have been a number of major cyber incidents that have significantly impacted financial institutions and the ecosystems in which they operate. A major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.” (Page 1)
April 22, 2020: Virtual army rising up to protect health care groups from hackers
“One network of these white hat hackers is the nonprofit CTI League, which is made up of more than 1,400 volunteers in 76 countries and 22 different time zones from sectors including information security, telecommunications and law enforcement.
The group’s goal is to thwart efforts by criminal organizations to dismantle critical systems, including those that overworked hospitals rely on to ensure treatment for patients suffering from COVID-19.”
Marc Rogers, Executive Director of Cybersecurity at Okta: “I would say the only comparable analogy in my head is during world wars, we saw the same kind of civilian army rising to defend their country. This led me to calling this World War Cyber, everyone sees the same threat, everyone realizes they have to put aside their differences, they need to break down barriers.”
“Regardless of when the COVID-19 pandemic ends, both Rogers and Pienaar were optimistic about the future of the virtual army built to defend critical networks, with Rogers saying it could be used to help defend elections or during other potential crises.”
May 1, 2020: Trump issues executive order to protect power grid from attack
“President Trump on Friday issued an executive order declaring a national emergency over threats to the U.S. power system, taking steps to defend the grid against cyberattacks and foreign interference.”
“Trump noted in the order that the power system is a target for those ‘seeking to commit malicious acts’ against the U.S., pointing to concerns around cyberattacks in particular.”
May 21, 2020: Microsoft President Brad Smith talks data, Covid-19, and a potential “digital 9/11”
“Smith also warned of the dangers of a future ‘digital 9/11’ with respect to the electric grid and future presidential elections.”
May 28, 2020: ‘Cyber Winter Is Coming,’ Top Israeli Official Warns After Iran Attack on Water System
The head of Israel’s National Cyber Directorate Yigal Unna: “We are now waiting for the next phase to come, and it will come eventually…I’m afraid that [the attack is] only the first major sign of a new era of attacks aiming at humanitarian targets.”
June 1, 2020: WEF: What the COVID-19 pandemic teaches us about cybersecurity — and how to prepare for the inevitable global cyberattack
“The cyber equivalent of COVID-19 would be a self-propagating attack using one or more ‘zero-day’ exploits, techniques for which patches and specific antivirus software signatures are not yet available. Most likely, it would attack all devices running a single, common operating system or application.”
“The only way to stop the exponential propagation of cyber-COVID would be to fully disconnect all vulnerable devices from one another and the internet to avoid infection. The whole world could experience cyber lockdown until a digital vaccine was developed. All business communication and data transfers would be blocked. Social contact would be reduced to people contactable by in-person visits, copper landline, snail-mail or short-wave radio.”
June 1, 2020: Check Point CEO: We need to prepare for the coming ‘cyber pandemic’
“Shwed added that even if the coronavirus pandemic could be less of a concern in Israel, ‘we need to protect ourselves against the cyber pandemic that is coming. We know it will happen, and we need to secure it.’”
June 11, 2020: Check Point Research: Protecting IoT devices and OT Networks from a Cyber Pandemic
“Put simply, the stage is set for catastrophic cyber-attacks against the industrial control systems (ICS) and operational technology (OT) which run the processes that we all rely on. If successful, these attacks could cause power blackouts across cities or regions, or disrupt production of critical products — such as an important drug treatment.”
July 8, 2020: The WEF hosts cybersecurity exercise Cyber Polygon
The WEF’s Executive Chairman Klaus Schwab: “We all know, but still pay insufficient attention to the frightening scenario of a comprehensive cyber attack, which would bring to a complete halt to the power supply, transportation, hospital services, our society as a whole. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyber attack.”
Schwab: “It is important to use the COVID-19 crisis as a timely opportunity to reflect on the lessons of cybersecurity community to draw and improve our unpreparedness for a potential cyber pandemic.”
August 6, 2020: How the US Can Prevent the Next ‘Cyber 9/11’
Sue Gordon, former Principal Deputy Director of National Intelligence: “…Gordon says 2016 was a thunderous wake-up call for digital threats to — and through — the open internet ecosystem. ‘One of the questions that always was asked,’ she says, ‘was will we ever really come up with a deterrence until we have a cyber 9/11? I still in my heart think that election interference could have been the cyber 9/11. That was the moment where we realized how cyber can be used and the type of threat that it could pose.’”
October 23, 2020: National Guard called in to thwart cyberattack in Louisiana weeks before election
“The Louisiana National Guard was called in to stop a series of cyberattacks aimed at small government offices across the state in recent weeks, according to two people with knowledge of the events, highlighting the cyber threat facing local governments in the run up to the 2020 U.S. presidential election.”
“Microsoft is among a select group of cybersecurity companies helping respond to the attacks in Washington, where they’ve offered cybersecurity protection software for free to local government officials until the election…”
October 26, 2020: How Police, National Guard And Military Are Preparing For Election Day Tensions
“National Guard soldiers around the nation will take part in security operations for the election — but only for cybersecurity, assisting state officials by trying to prevent foreign governments and others from interfering with the vote.”
November 17, 2020: Top cybersecurity official (CISA Director Chris Krebs) ousted by Trump
November 18, 2020: Carnegie Endowment in collaboration with the WEF: International Strategy to Better Protect the Financial System Against Cyber Threats
“At the 2019 annual meeting of the World Economic Forum (WEF), the head of Japan’s central bank predicted that cybersecurity could become the financial system’s most serious risk in the near future. Industry executives have echoed these concerns. Jamie Dimon, CEO of JPMorgan Chase, said in April 2019 that cyber attacks ‘may very well be the biggest threat to the U.S. financial system.’” (Page 2)
“But one thing is clear: it is not a question of if a major incident will happen, but when.” (Page 2)
“Cyber threat actors pose a unique type of risk. Many of them operate transnationally and target victims abroad. This requires countries not only to better organize themselves domestically but also to strengthen international cooperation to defend against, investigate, prosecute, and ideally prevent future attacks. This implies that the financial sector and financial authorities must regularly interact with law enforcement and other national security agencies in unprecedented ways, both domestically and internationally.” (Page 4)
“To achieve more effective protection of the global financial system against cyber threats, this report…outlines thirty-two recommendations and forty-four supporting actions to be implemented ideally in the 2021–2024 timeframe.” (Page 6)
“In the event of a crisis, social media companies should swiftly amplify communications by central banks, such as corrective statements that debunk fake information and calm the markets. Central banks and social media platforms should work together to determine what severity of crisis would necessitate amplified communication and develop escalation paths similar to those developed in the wake of past election interference, as seen in the United States and Europe.” (Page 14)
“Financial authorities and industry should ensure they are properly prepared for influence operations and hybrid attacks that combine influence operations with malicious hacking activity; they should integrate such attacks into tabletop exercises (such as the G7 exercise) and apply lessons learned from influence operations targeting electoral processes to potential attacks on financial institutions.
Supporting Action 1.7.1: Major financial services firms, central banks, and other financial supervisory authorities should identify a single point of contact within each organization to engage with social media platforms for crisis management.” (Page 71)
“Most recently, the BIS established the Cyber Resilience Coordination Centre (CRCC) as part of its Innovation BIS 2025 strategy to facilitate collaboration on cyber resilience within the central bank community.” (Page 165)
December 8, 2020: One major cyber attack on a global bank could cripple entire system: IMF
“New analysis from the IMF found that many national financial systems are ‘not ready’ to manage a major cyber attack, and that international coordination between banks is ‘weak’.”
“Under extreme scenarios, investors and depositors may demand their funds or try to cancel their accounts or other services and products they regularly use.”
December 16, 2020: White House activates cyber emergency response under Obama-era directive
“The SolarWinds breach — in which suspected Russia-backed hackers concealed malware in software updates by SolarWinds, a company that serves U.S. government and private sector entities — has reportedly compromised targets in the National Institutes of Health and the Departments of Commerce, Treasury, Defense, State and Homeland Security.”
Former NSC member Mark Montgomery: “The federal government is not currently organized to successfully defend itself, or the nation’s critical infrastructure, from threats in cyberspace.”
December 17, 2020: How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic
“Until this year, National Guard personnel, Pentagon contractors and engineers at big U.S. utilities would typically gather in person to run through exercises involving dire scenarios, from a weeks-long power outage to a mock attack on utility computers that appeared to delete data.”
“The latest exercise was the seventh, and final drill, on Plum Island under a DARPA program called Rapid Attack Detection, Isolation and Characterization Systems (RADICS).”
December 22, 2020: FBI Says White Supremacists Plotted Attack on U.S. Power Grid
“The Ohio teen, who was 17 at the time, also shared plans with a smaller group about a plot to create a power outage by shooting rifle rounds into power stations in the southeastern U.S.”
“According to the affidavit, the Wisconsin man also told an undercover FBI employee in February that the group was interested in taking ‘direct action’ against the system.”
December 31, 2020: SolarWinds hackers accessed Microsoft source code, the company says
“U.S. officials have attributed the SolarWinds hacking campaign to Russia, an allegation the Kremlin denies.”
“Slavin said he was worried by the possibility that the SolarWinds hackers were poring over Microsoft’s source code as prelude to a much more ambitious offensive.”
Cycode’s Chief Technology Officer Ronen Slavin: “To me the biggest question is, ‘Was this recon for the next big operation?’”
January 18, 2021: The WEF uploads: A cyber-attack with COVID-like characteristics?
“Covid-19 was known as an anticipated risk. So is the digital equivalent. Let’s be better prepared for that one.”
February 1, 2021: The Next Cyberattack Is Already Under Way
“…(the power grid has been hacked by Iran) — (ambulances) racing past apartment buildings where people are freezing to death in their beds, families huddled together under quilts, while, outside the darkened, besieged halls of government, men wearing fur hats and Kevlar vests (social media has been hacked by Russia), flashlights strapped to their rifles, chant, ’Q is true! Q is true!’”
February 8, 2021: Hacker tries to poison water supply of Florida city
“In 2016, a security report from Verizon detailed a similar attack on another unnamed US water facility. And in 2020 there were multiple unsuccessful hacks on Israeli water supplies.”
February 17, 2021: SolarWinds Cyber Attack Originated in the U.S., White House Says
February 28, 2021: Cyber CEO: Next war will hit regular Americans online
Kevin Mandia, CEO of cybersecurity company FireEye: “The next conflict where the gloves come off in cyber, the American citizen will be dragged into it, whether they want to be or not. Period.”
March 9, 2021: Cybercrime could cost $10.5 trillion dollars by 2025
April 21, 2021: Justice Department convenes task force to tackle wave of ransomware attacks
“The task force was convened following a year that saw a huge increase in ransomware attacks during the COVID-19 pandemic against groups including hospitals, schools and other critical organizations.”
May 8, 2021: Ransomware attack forces shutdown of largest fuel pipeline (Colonial Pipeline) in the U.S.
“The Biden administration in April announced a 100-day plan to protect the country’s electric system supply chain from cyberattacks amid growing concerns over how vulnerable the U.S. power supply is to cyber threats.”
May 12, 2021: Executive Order 14028: Improving the Nation’s Cybersecurity
“Sec. 5 . Establishing a Cyber Safety Review Board. (a) The Secretary of Homeland Security, in consultation with the Attorney General, shall establish the Cyber Safety Review Board, pursuant to section 871 of the Homeland Security Act of 2002.
(b) The Board shall review and assess, with respect to significant cyber incidents (as defined under Presidential Policy Directive 41 of July 26, 2016 (United States Cyber Incident Coordination) (PPD–41)) affecting FCEB Information Systems or non-Federal systems, threat activity, vulnerabilities, mitigation activities, and agency responses.
© The Secretary of Homeland Security shall convene the Board following a significant cyber incident triggering the establishment of a Cyber Unified Coordination Group (UCG) as provided by section V(B)(2) of PPD–41; at any time as directed by the President acting through the APNSA; or at any time the Secretary of Homeland Security deems necessary.”
May 21, 2021: Irish cyber-attack: Hackers bail out Irish health service for free
“It was unclear why the hackers gave the tool — known as a decryption key — for free, said Health Minister Stephen Donnelly.”
June 3, 2021: Exclusive: U.S. to give ransomware hacks similar priority as terrorism
June 6, 2021: Energy secretary says adversaries have capability of shutting down US power grid
“‘You can’t defend yourself simply by bobbing and weaving and patching. The adversary has to understand they’ll pay a price, there will be a cost for attacking the United States or for attacking our critical infrastructure. And thus far they really haven’t felt that,’ King told Tapper in a separate interview.”
June 9, 2021: Rep. Jim Himes on cybersecurity: “We have not established any sort of deterrents for cyberattacks … the Russians, the Chinese, the North Koreans, and the Iranians need to know that if they attack our infrastructure, they are going to get that back proportionately.”
June 9, 2021: CNBC: Why The U.S. Can’t Stop Cyber Attacks
“Roughly 85% of America’s critical infrastructure is privately owned, and the private sector is not required to follow the strict cybersecurity guidelines set by the government.”
June 16, 2021: Putin Claims Most Cyberattacks Come From U.S., Not Russia
“Putin ‘knows I will take action’ in response to future Russian election interference and cyberattacks, Biden claimed.”
“U.S. intelligence officials have blamed hackers based in Russia for the cyberattack that forced Colonial Pipeline to shut down its pipeline carrying gas to 45% of the East Coast’s gasoline, though Biden has asserted there’s no evidence the Kremlin was involved.”
June 23, 2021: The National Guard Just Simulated A Cyberattack That Brought Down Utilities Nationwide
“The exercises were part of the seventh Cyber Yankee, an training event that brings together guardsmen from throughout the New England region to test their responses against simulated cyberattacks.”
July 2, 2021: US companies hit by ‘colossal’ cyber-attack
“Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.”
July 7, 2021: FBI, CISA Investigating Hack of Republican Party
“The U.S. is investigating a cyberattack against the Republican National Committee believed to have been carried out by Russian hackers.”
“…the government has not officially determined who is behind the hack.”
“Russia’s U.S. Ambassador Anatoly Antonov said Moscow wasn’t involved in hacks against U.S. infrastructure and he reiterated previous offers by President Vladimir Putin’s government to work with the U.S. on cybersecurity issues.”
July 21, 2021: America’s water systems are vulnerable to a Pearl Harbor-level cyberattack, Angus King warns
“Warning that ‘the next Pearl Harbor, the next 9/11 will be cyber,’ U.S. Sen. Angus King urged government and private-sector officials to do more to be prepared.”
July 21, 2021: Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans
July 27, 2021: Biden: If U.S. has ‘real shooting war’ it could be result of cyber attacks
Biden: “I think it’s more than likely we’re going to end up, if we end up in a war — a real shooting war with a major power — it’s going to be as a consequence of a cyber breach of great consequence…”
“During a June 16 summit in Geneva between Biden and Russian President Vladimir Putin, Biden shared a list of critical infrastructure the U.S. considers off-limits to nation-state actors.”
August 30, 2021: Ex-CIA says no more 9/11-style attacks, worry about cybersecurity instead
August 31, 2021: US Army War College: “Never Forget”: 9/11 Then and Now — Thoughts on Readiness (PDF)
“With this much intelligence at US adversaries’ fingertips, the United States should not be caught off guard if at some time in the near future, malicious actors trigger a cyber 9/11 that could stop water from flowing, electrical grids from functioning, cell phones from charging, planes from flying, ports from being secure, and nuclear power from being safely stored — whether simultaneously or, more likely, in a staggered, escalating approach at the cost of human life.”
September 2, 2021: U.S. Cybersecurity Mirrors 9/11 Terror Vulnerability, Panel Told
“Scholars and former 9/11 Commission members on Thursday urged House lawmakers to prioritize and boost funding for the Cybersecurity and Infrastructure Security Agency and other parts of the federal government focused on preventing attacks.”
September 10, 2021: Where Will the Next 9/11 Come From?
“Twenty years later, could any of these or other groups stage a new 9/11? The answer, unfortunately, is yes. First, if there is another attack, it will be unprecedented rather than a repeat of the past.”
“America’s critical infrastructure remains vulnerable to cyberattacks that could wreak havoc with the country’s water systems and electrical grid. As Americans become more dependent on technology and just-in-time delivery, the impacts on availability of food and medicine could become severe within just a day or two.”
October 20, 2021: WEF: Protecting critical infrastructure from a cyber pandemic
“A new ‘botnet’ attack called Mozi has been extremely active in the past 18 months, accounting for 90% of total IoT attacks in 2020 and controlling nearly 500,000 connected devices. Each compromised device is instructed to find more devices to infect, which enables cyber criminals to gain control over entire networks and its data and hold it for ransom.”
October 21, 2021: Panda Security: What is killware?
“Alejandro Mayorkas, a U.S. Secretary of Homeland Security, said that ordinary consumers need to increase their cyber hygiene.”
“Homeland Security does not necessarily say that hackers are only after water facilities — the attacks are being aimed at other critical infrastructure providers such as hospitals, banks, police departments, transportation systems, etc.”
“Nevertheless, the upcoming boom of autonomous vehicles is also where killware could be heavily implemented. Security breaches could cause devastating results if cyber psychopaths somehow manage to control and steer cars into populated areas or incoming traffic.”
December 9, 2021: IMF, 10 countries simulate cyberattack on global financial system
“Israel on Thursday led a 10-country simulation of a major cyberattack on the global financial system in an attempt to increase cooperation that could help to minimise any potential damage to financial markets and banks.”
“The simulation also used fake news reports that in the scenario caused chaos in global markets and a run on banks.”
January 25, 2022: Electric grid is ‘attractive target’ for domestic violent extremists in US, intel brief says
CNN analyst Carrie Cordero: “This reminds me of the type of threat reporting and analysis that we used to see related to international terrorism.”
“In June, a racially-motivated extremist group released a video and manifesto on an encrypted messaging channel that called for ‘lone wolf’ attacks against targets, including the electric grid, power plants, and other infrastructure, according to DHS information.”
February 8, 2022: Arrington settled Pentagon lawsuit, resigned from DoD before launching new Congress run
“Arrington began working at the Pentagon in 2019 on appointment by former President Trump to head up the roll-out of a new program called the Cybersecurity Maturity Model Certification (CMMC).”
“CMMC was designed to revamp cyber security protocols among defense industry partners of the DoD. It would require defense contractors to meet evolving DoD cyber security standards, but with the added step of peer reviewed certification by other contractors as a means of accountability.”
“Arrington worked on the CMMC project for over two years, trying to recruit defense contractors to embrace the change. But she was suddenly sidelined in May 2021…”
April 21, 2022: FBI warning to farmers on ransomware attacks could impact consumers at grocery stores
“Vogel, who chairs the Senate Agriculture Committee, said, so far, he has not heard of ransomware attacks in this state (Pennsylvania), but he warns every farmer to have computer backup systems.”
May 16, 2022: Cyber-attacks: Council (of the EU) extends sanctions regime until 18 May 2025
May 18, 2022: Washington Post: (Former CIA analyst) Rep. Elissa Slotkin: ‘We’re going to have our cyber 9/11 and its going to wake everyone up’
May 18, 2022: Former DNI John Ratcliffe: U.S. Needs New ‘Manhattan Project’ to Avoid Cyber Catastrophe | Opinion
Ratcliffe: “With some exceptions, it is widely understood within the cyber community that CISA simply does not have the technical expertise to execute its mission, while some of the world’s top cyber talent works in the National Security Agency (NSA) and U.S. Cyber Command (CYBERCOM). Splitting the nation’s defensive cybersecurity (DHS/CISA) from its offensive cyber operations (NSA/CYBERCOM), only makes us more vulnerable.”
March 15, 2022: President Biden signs into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)
March 21, 2022: Biden warns Russian cyberattacks ‘coming’
“Biden said his administration will ‘continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.’”
June 1, 2022: FBI director blames Iran for ‘despicable’ attempted cyberattack on Boston Children’s Hospital
“The FBI got a tip about the Iranian hackers from a ‘valued partner within the intelligence community,’ and the activity was thwarted before it was clear what the hackers’ end goal on the hospital’s network was.”
“Shahrokh Nazemi, a spokesperson for Iran’s Permanent Mission to the United Nations, called the FBI claim a ‘baseless allegation’ and ‘an example of psychological warfare against Iran and thus of no value.’”
June 30, 2022: Lloyd’s publishes: Shifting powers: physical cyber risk in a changing geopolitical landscape
“…the disruption that follows cyber attacks can have a destructive impact on the physical world. This is a growing threat, with attacks targeting critical infrastructure rising from less than 10 in 2013 to almost 400 in 2020. As well as the increase in frequency, the complexity of attacks are evolving, from simply targeting short-term disruption to compromising assets or processes with the intent to cause physical harm or loss of life.” (Page 3)
“Recently, there has been an alarming increase in cyber criminals targeting critical national infrastructure systems. By leveraging significant public and political pressure on victims, attackers have been able to extract heavy ransoms. These types of attack can result in system-wide disruption and damage, creating significant national security concerns. States are now addressing this threat by applying dissuasion and suppression to ransomware gangs, reminiscent of the ‘global war on terror’ in their focus on investigations, legal action and strong public rhetoric.” (Page 6)
“A deliberately physically destructive cyber attack is a difficult thing to accomplish, requiring specialist hackers and detailed strategic planning. The capacity to carry out such attacks currently predominantly sits within nation states and the groups which they support, which means that right now cyber physical risk is closely related to geopolitical risk.” (Page 7)
“When the stakes are so high, especially within a framework of already escalating geopolitical tensions, these kinds of attack (cyber physical) are likely to trigger retaliation and — depending on the capabilities of the actors involved — may lead to similar, if not greater, revenge attacks. This, of course, acts as an important deterrent.” (Page 24)
July 1, 2022: DHS agrees new cybersecurity R&D partnership with Israel
“Homeland Security will partner with the Israel National Cyber Directorate (INCD) to create the Israel-U.S. Binational Industrial Research and Development (BIRD) Cyber program that will focus on improving the cyber resilience of critical infrastructure.”
September 14, 2022: Bank for International Settlements: Cyber risk in central banking
“Eisenbach et al (2022) show that the impairment of any of the five most interconnected banks in the US due to a cyber incident can result in significant spillovers to other banks.” (Pages 3–4)
October 20, 2022: WEF: What happens when the internet shuts down?
“Shutting off the internet in times of political upheaval, civil unrest and instability is one of the key building blocks for authoritarianism.”
Gretchen Bueermann, specialist at the WEF’s Centre for Cybersecurity: “Shutting off the internet not only disrupts citizen’s ability to get critical information and communicate with each other, but it digitally obfuscates the affected region from the outside world, further creating a path of least resistance for misinformation, disinformation and malicious propaganda.”
November 15, 2022: House Homeland Security Hearing on Global Terror Threats
Rep. Elissa Slotkin: “…as we remember on 9/11, we had the attacks in Kenya, we had the attacks on the U.S.S. Cole, and then we had 9/11. And I feel like on our cyber attacks we have had our U.S.S. Cole. We have had the Colonial Pipeline, we have had our meat processing facility, we have had SolarWinds. So we all thought about what would we have done if we could have imagined the threat of 9/11, what would we have done to better prepare.”
January 9, 2023: ‘Is There Something More Sinister Going On?’ Authorities Fear Extremists Are Targeting U.S. Power Grid
“The case that most concerns authorities is the Dec. 3 attack on two power stations in Moore County, N.C. A month later, despite an ongoing FBI investigation continues, no one has been arrested for acts of sabotage that left more than 45,000 people without power amid frigid temperatures.”
“Several experts and former officials told TIME they believed that attack was committed by someone who knew what they were doing. ‘I’m certain that the North Carolina attackers have insider knowledge on substations and critical energy infrastructure and knew how to attack, undetected,’ says Harrell, noting they knew where to access sites and what to shoot at — and that no security would be in place.”
“Attacks and suspicious activity at U.S. power stations reached a decade-long high last year, with more than 100 reported incidents in the first eight months of 2022, according to a TIME review of the Department of Energy’s most recent data.”
January 11, 2023: Domestic Terrorists Could Take Out U.S. Power Grid — and Attacks Have Started
“The U.S. electrical grid is highly vulnerable to domestic terrorism in a way that is reminiscent of airlines before the 9/11 attacks in 2001.”
“No group has claimed responsibility for the December 3 attack in Moore County.”
“One of the most notable in the last decade — and possibly an inspiration for extremists — was an assault on a substation in Metcalf, California, in April 2013. The perpetrators, still unknown to this day, opened fire with rifles on 17 transformers at a Pacific Gas and Electric Company site.”
January 18, 2023: Experts at Davos 2023 call for a global response to the gathering ‘cyber storm’
“…business leaders are far more aware of the cyber threat than the year prior. In fact, 91% of respondents said they believe a far-reaching and catastrophic cyber event is at least somewhat likely in the next two years.”
“This concern has been raised particularly around critical infrastructure sectors like energy, public transportation and manufacturing.”
January 29, 2023: Israeli (Gery Shalon) behind massive JPMorgan hack has moved to country, his father says
“The alleged mastermind behind a massive hack and data theft of JPMorgan and other banks in a scam involving hundreds of millions of dollars has moved to Israel, his father has revealed…”
“According to Bloomberg, Shalon pled guilty in 2017 in a ‘sealed courtroom’ in return for a sentence that was significantly more lenient than those of his co-conspirators.”
February 8, 2023: CBN News: Urgent Threat: More Cyberattacks and Shutdowns of Critical US Infrastructure on the Way
Former CIA special agent Eric Cole on FAA computer network failure: “It sounds like what we call a test attack, where they wanted to test and just see how vulnerable the systems were. Whether they could get in and how long it would take them to recover.”
April 27, 2023: US Cyber Command’s №1 Priority: November 2024 Election
May 24, 2023: Senators issued satellite phones, offered demonstrations on upgraded security devices
“The devices are part of a series of new security measures being offered to senators by the Senate Sergeant at Arms, who took over shortly after the assault on the U.S. Capitol on Jan. 6, 2021.”
“Senate Sergeant at Arms Karen Gibson said satellite communication is being deployed ‘to ensure a redundant and secure means of communication during a disruptive event.’
Gibson said the phones are a security backstop in the case of an emergency that ‘takes out communications’ in part of America.”
May 24, 2023: NCSC joins partners to issue warning about China state-sponsored cyber activity targeting CNI networks
“In the new joint advisory the National Cyber Security Centre — a part of GCHQ — alongside international partners highlight how recent activity has targeted networks across critical infrastructure sectors in the US and how the same techniques could be applied worldwide.”
June 15, 2023: CBS News: Major cyberattack (MOVEit) hits government agencies, institutions worldwide
“Officials say the hackers are part of a cyber criminal gang called CLOP believed to operate from inside Russia.”
June 16, 2023: Killnet Targeting the Western Financial System
“On June 14, the Killnet Group issued a chilling threat via a video posted to their Telegram channel. The notorious hacktivist group, contrary to its previous statements about disbanding, said that it is teaming up with two additional threat actors, Anonymous Sudan, and REvil, to launch a ‘destructive’ attack against the Western banking system within 48 hours. The planned attack aims to target European banks as well as SWIFT, IBAN, and other money transfer systems.”
June 17, 2018: Ex-Israeli ‘NSA’ chief: Energy should be first cyber target in Iran war
Former head of Israel’s Unit 8200 Ehud Schnerosen: “We should not attack water, food, healthcare on ethical grounds, and should not attack banks because of the potential butterfly effect. The next 9/11 in cyber will be energy sector.”
September 12, 2023: The DoD publishes: 2023 Cyber Strategy (PDF)
“The Department, in particular, lacks the authority to employ military forces to defend private companies against cyber attacks…Given this — and the limited circumstances in which military cyber forces would be asked to defend civilian critical infrastructure — the Department will not posture itself to defend every private sector network.” (Page 7)
“The Department will campaign in and through cyberspace to reinforce deterrence objectives while achieving informational and military advantages. Our adversaries will be made to doubt the efficacy of their military capabilities as well as the belief that they can conduct unattributed coercive actions against the United States.” (Page 9)
September 14, 2023: The DHS publishes: Homeland Threat Assessment 2024
“While cyber attacks seeking to compromise networks or disrupt services for geopolitical or financial purposes continue apace, we noted an uptick over the last year of physical attacks on critical infrastructure. We expect the 2024 election cycle will be a key event for possible violence and foreign influence targeting our election infrastructure, processes, and personnel.”
October 9–12, 2023: DoE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) conducts the Liberty Eclipse 2023 Full-Scale Exercise
“New Partners in 2023: In addition to Federal agencies, DOE National Labs, and private and publicly owned utilities, CESER also invited National Guard soldiers and airmen from multiple states to observe the Liberty Eclipse 2023 FSE. They got a close-up perspective on the exercise play, participating in tailored educational sessions with utilities and national lab staff throughout the week. This experience provided direct exposure to OT and the electric industry, complementing the National Guard cyber units’ primary mission focus on information technology environments.”
October 18, 2023: Lloyd’s systemic risk scenario reveals global economy exposed to $3.5trn from major cyber attack
October 20, 2023: CISA: The National Cyber Incident Response Plan (NCIRP)
“This plan applies to cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”
November 6, 2023: Israel’s cyber defense chief tells CNN he’s concerned Iran could increase severity of its cyberattacks
“So far, suspected Iranian hackers appear to have had minimal impact on their publicly claimed targets in Israel in the last month. Their goal seems to be to spread narratives in the media of Israeli and US vulnerabilities to cyberattacks.”
“In recent weeks, US officials have been preparing for a similar scenario in which Iranian hackers conduct a disruptive attack on US critical infrastructure, a senior US official told CNN, speaking on the condition of anonymity because they were not authorized to speak to the press.
‘There is a gap between their [cyber] capabilities and their rhetoric,’ the official told CNN, referring to Iran-backed hackers. ‘But we know they are rather reckless and not savvy to do things in a tailored way.’”
“Someone claiming affiliation with one such group, dubbed Soldiers of Solomon, emailed this CNN reporter on October 20 to promote their alleged hack of security cameras in a city in southern Israel.
The alleged hacker also asked for the contact information of other reporters because ‘it’s an emergency to let them know we are becoming viral.’”
November 14–16, 2023: NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) conducts GridEx VII (PDF)
“…a scenario that included incidents ranging from cyber and physical attacks on substations to disinformation on social media.” (Page 8)
“…one planner noted that the original location identified for in-person response was inaccessible due to simulated public unrest.” (Page 16)
December 6, 2023: FBI director warns senators he sees ‘blinking lights everywhere’ on threats against the US
“‘What are we going to say to the family whose loved one’s care was sabotaged when a hospital was taken offline by a foreign adversary and the FBI wasn’t able to stop the cyber attack,’ Wray said.
Wray continued that allowing the law to lapse or amending it in any way that ‘undermines’ its effectiveness ‘would be akin to laying bricks to rebuild another, pre-9/11-style wall [in intelligence gathering].’”
December 11, 2023: Norton Healthcare ransomware attack exposes 2.5M people
“Ransomware attacks against healthcare organizations are up 278% in the past four years, the Department of Health and Human Services said in late October. ‘The large breaches reported this year have affected over 88 million individuals, a 60% increase from last year,’ the agency said.”
December 17, 2023: Brace yourself for ‘Q-Day,’ a global cybersecurity event that could expose our most important secrets
“‘Q-Day’ might come by 2025, Tilo Kunz, the executive vice president of the Canadian cybersecurity firm Quantum Defen5e, told officials at the US Department of Defense, according to Reuters.”
January 3, 2024: ECB to stress test banks’ ability to recover from cyberattack
“The European Central Bank (ECB) will conduct a cyber resilience stress test on 109 directly supervised banks in 2024. The exercise will assess how banks respond to and recover from a cyberattack, rather than their ability to prevent it.”
January 9, 2024: Cybersecurity trends: IBM’s predictions for 2024
“2024 is going to be a busy year for cyber criminals amid ongoing geopolitical tensions, major elections in the U.S. and European Union and the biggest sporting event in the world (Paris Olympics) all taking place within a few months of each other. It’s a perfect storm of events that’s going to see disinformation campaigns on a whole new level.”
January 11, 2024: The WEF collaborates with Accenture to produce the Global Cybersecurity Outlook 2024 report
“Increasingly alarming attacks against critical infrastructure, and elements in global supply chains, coupled with economic instability, have the potential to cause macro-impact.” (Page 13)
“Looking ahead to 2024, these risks will compound to take centre stage. More than 45 countries will hold elections over the next year to determine who governs more than 50% of the world’s GDP. With the proliferation of new technologies such as generative AI and their use by cyber adversaries becoming more widespread, safeguarding the integrity and fairness of the electoral process becomes of paramount importance.” (Page 13)
January 31, 2024: Holistic examination of the next iteration of US Cyber Command underway
“Officials are conducting a top-to-bottom review with an eye toward Cybercom 2.0.”
February 1, 2024: Chinese hacking operations have entered a far more dangerous phase, US warns
FBI Director Christopher Wray: “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. Now, China’s hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities.”
CISA chief Jen Easterly: “…Now, imagine that on a massive scale. Imagine not one pipeline, but many pipelines disrupted. Telecommunications going down so people can’t use their cell phone. People start getting sick from polluted water. Trains get derailed, air traffic control systems, port control systems are malfunctioning.”
Easterly: “It is Chinese military doctrine to attempt to induce societal panic in their adversary. This is truly an Everything Everywhere, All at Once scenario.”
February 2, 2024: US sanctions Iranian officials over cyber-attacks on water plants
“These facilities’ use of technology manufactured by Unitronics, an Israeli company, made them unsuspecting targets.”
“The cyber group posted an image on compromised screens with their digital calling card, and the words ‘down with Israel.’”
February 6, 2024: Iran accelerates cyber ops against Israel from chaotic start
“Cyber Avengers itself (also likely run by the IRGC) claimed to have attacked an Israeli electric company the evening before the Hamas attacks. However, its evidence was only some weeks-old press reporting of power outages ‘in recent years’ and a screenshot of an undated disruption to the company’s website.”
February 6, 2024: Cybersecurity remains number one risk for global banks, as financial risk moves back up the agenda
“13th EY and IIF survey finds 73% of global chief risk officers (CROs) view cybersecurity as the top year-ahead risk heightened by geopolitical tensions.”
February 9, 2024: BlackRock: Geopolitical risk dashboard (PDF)
BlackRock lists “major cyber attack(s)” as having a high likelihood and the geopolitical risk with the most market attention.
“We see cyber attacks increasing in scope, scale and sophistication as geopolitical competition mounts. Foreign hackers have infiltrated critical U.S. infrastructure and the accounts of U.S. officials, exposing key vulnerabilities. Recent large-scale attacks highlight the vulnerability of business infrastructure, as well, with ransomware attacks surging in some industries. We see cyber activity increasing in conflict zones and particularly around upcoming elections, risking disruption and putting pressure on national security services to take a more proactive stance.”
February 21, 2024: Biden is boosting cybersecurity at US ports, where online attacks can be more ravaging than storms
“The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.”
February 22, 2024: Pharmacies across US disrupted following hack at Change Healthcare network
“The problems began on Wednesday after a ‘suspected nation-state associated cybersecurity threat actor’ gained access to Change Healthcare’s information technology systems, UnitedHealth said in a filing on Thursday.”
February 22, 2024: Senator Marco Rubio claims China will launch a major cyber attack on the US
“I don’t know the cause of the AT&T outage, but I do know it will be 100 times worse when China launches a cyber attack on America on the eve of a Taiwan invasion. And it won’t be just cell service they hit, it will be your power, your water, and your bank.”
February 29, 2024: A Conversation with DNI Avril Haines and Secretary Jeh Charles Johnson
DNI Avril Haines: “When I think about another 9/11, maybe it’s not through the terrorism lens. There are a lot of challenges that we’re facing in the context of, for example, cyber…”
March 3, 2024: ‘Cyber-physical attacks’ fueled by AI are a growing threat, experts say
“Madnick said that he and his team have simulated cyberattacks in the lab, resulting in explosions. They were able to hack into computer-controlled motors with pumps and make them incinerate. Attacks that cause temperature gauges to malfunction, pressure values to jam, and circuits to be circumvented can also cause blasts in lab settings.”
March 5, 2024: Crucial Red Sea data cables cut, telecoms firm says
“The Houthis — who control much of western Yemen’s Red Sea coast — denied last week that they had targeted cables and blamed US and British military strikes for any damage to them.”
March 19, 2024: Iran may attack US water supplies, warns Biden administration
“The US government had assessed with a high degree of confidence that Volt Typhoon is ‘pre-positioning’ to ‘disrupt critical infrastructure operations’ in the event of rising tensions or military conflicts, the letter said.”
March 26, 2024: China hits back at US, UK for sanctions on espionage hacks as coordinated pressure on Beijing grows
“Beijing’s frustration was evident on Tuesday, when Lin, the Foreign Ministry spokesperson, blamed the US for encouraging the Five Eyes alliance ‘to spread all kinds of disinformation about the threats posted by Chinese hackers for geopolitical purpose.’”
“On Tuesday, the Chinese Foreign Ministry said China had made ‘technical clarification’ in response to the APT31-related information submitted by the UK, calling its evidence ‘insufficient’ and ‘unprofessional.’”
March 29, 2024: Ivanti-linked breach of CISA potentially affected more than 100,000 individuals
“Hackers breached the Chemical Security Assessment Tool (CSAT), which houses information about chemical plant security plans, as well as another CISA system, CISA Gateway, which is a portal for tools to help secure critical infrastructure.”
“CSAT is used under the Chemical Facility Anti-Terrorism Standards program, which requires screening of people with access to high-risk chemicals against the Terrorist Screening Database. CSAT stores information on those individuals and related companies. However, the law that created that program lapsed last July, and CISA’s CSAT website notes that as a result it’s not currently requiring facilities to submit information to CSAT.”
March 31, 2024: Former top general warns of ‘inevitable’ threats to US from Islamic State in wake of Moscow attack
April 9, 2024: IMF Warns of Cyber Risks to Financial Sector
“The International Monetary Fund assessed cybersecurity for the first time in its semiannual financial risks report, due to the potential damage from cyberattacks on the financial sector.”
“So-called denial-of-service attacks against banks and other financial firms, typically low-level hacks that disrupt websites and online applications, grew by 154% in 2023 compared with the year before…”
April 16, 2024: World braces for Iran-Israel cyberattacks following missile attack
“The Israel National Cyber Directorate told Politico it didn’t see any ‘abnormal online activity’ during the missile attack.
Many hacking groups spent the weekend claiming responsibility for attacks that didn’t happen, analysts at intelligence group Flashpoint wrote in a blog post.”
April 17, 2024: Emergency services a likely target for cyberattacks, warns DHS
“Ransomware attacks have ‘disrupted the networks of police department and 911 call center operations.’”
Former DHS intelligence chief John Cohen: “As we’re going into election season, there is increasing concern that local communities will experience a combination of cyber information operations and physical attacks simultaneously. The physical activities, to disrupt the election process, and the cyber activities to disrupt the ability of local officials to respond.”
April 23, 2024: FBI director rejects Trump’s vow to investigate political rivals
FBI Director Christopher Wray: “We are increasingly concerned [about] the potential for some kind of coordinated attack here in the homeland, which may be not that different from what you saw against the concert hall in Russia a few weeks ago from ISIS-K.”
“Wray also restated his assessments that China, Russia and Iran may seek to interfere in the upcoming election, and that all three countries continue to conduct cyber espionage and offensive cyber operations against the United States. China, he said, is positioning itself to be able to knock out critical infrastructure in the event the U.S. seeks to defend Taiwan from a Chinese invasion.
Chinese cyber bombs planted on critical infrastructure, he said, ‘would allow them to induce panic or break America’s will to resist in something like, let’s say, an effort by the Chinese government to move on Taiwan.’”
April 23, 2024: Are We Ready for a Cyber Attack on Food and Farming?
“This was the first time that Cyber Storm — now in its ninth year — homed in on food and agriculture…”
“This also comes at a time when federal lawmakers are pushing for legislation to safeguard that sector against cyber attacks, introducing the Farm and Food Cybersecurity Act in January.”
“Mark Montgomery, executive director of CSC 2.0, said in a Cipher Brief column that hackers could hypothetically compromise and falsify agricultural data to create fears of a disease outbreak, which might take inspectors months to debunk. During that time, ‘sick’ livestock would be killed, harming herds, while foreign countries fearful of health risks would ban U.S. agricultural imports.”
April 24, 2024: FS-ISAC represents global financial sector in cyber defense exercise Locked Shields
“Locked Shields 2024 presents a series of fictional events that challenge the security of national, civilian, and military IT systems; critical infrastructure; and crisis management processes. The exercise also addresses the risks posed by emerging technology, including a specific scenario on artificial intelligence and the malicious use of deepfakes to spread misinformation and degrade public confidence in the global financial system.”
April 26, 2024: Cyberattack forces Georgia county to sever connection to state voter registration system
“…federal officials have long been concerned about the potential for ransomware attacks on state and local governments to disrupt voting. US Cyber Command, the military’s hacking unit, has previously conducted cyber operations against ransomware criminals that could threaten election infrastructure.”
May 1, 2024: SIFMA’s Quantum Dawn VII Exercises Industry Preparedness for a Critical Third-Party Outage
“The exercise simulated a scenario with a data destruction event at a critical third-party widely used by the global financial sector to trade in the Treasury and repo markets and hosted in the cloud.”
May 14, 2024: GCHQ boss says China’s ‘genuine’ cyber threat ‘weakens security of internet for all’
“After news about last week’s attack, China’s foreign ministry said it ‘firmly opposes and fights all forms of cyber attacks’ and ‘rejects the use of this issue politically to smear other countries.’”
The White House’s National Cyber Director Harry Coker: “In a crisis or conflict scenario, China will wreak havoc on civilian critical infrastructure to deter US mobility.”
May 29, 2024: The Internet Archive has been fending off DDoS attacks for days
Brewster Kahle, the founder of the Internet Archive: “What is new is this attack has been sustained, impactful, targeted, adaptive, and importantly, mean.”
June 2, 2024: Cyberattack can be the act of war according to NATO
Admiral Rob Bauer: “In NATO, we have agreed amongst all allies that, in principle, a cyberattack can be the start of an Article 5 procedure.”
Bauer: “You come close to the point where you will act upon it in a way that is close to acting on a physical attack.”
June 10, 2024: America’s rural hospitals keep getting attacked by cybercriminals. Microsoft and Google are working to fix that
“Microsoft and Google will offer free or discounted cybersecurity services to rural hospitals across the United States to make them less vulnerable to cyberattacks that have disrupted patient care and threatened lives, the White House and those tech firms said Monday.”
“The new announcement is the result of private discussions between the tech firms and officials at the White House National Security Council who have growing increasingly concerned about cyber threats to hospitals.”
June 10, 2024: Former CIA Acting Director Michael Morell co-writes an article: The Terrorism Warning Lights Are Blinking Red Again
“The assassination of Soleimani in 2020, too, has prompted Iran to attempt attacks in the United States ever since.”
June 13, 2024: Fox Business: New York Democrat warns ‘we’re headed for another 9/11'
June 14, 2024: CISA leads first tabletop exercise for AI cybersecurity
“CISA did not release the details of the three modules in the tabletop.”
“The playbook, which is set to be released at the end of 2024…”
June 16, 2024: FBI agent and Twin Towers first responder reveal how likely another 9/11 attack is on U.S. soil…and why it will be even more deadly
“And the attack is likely to be bicoastal as terrorist cells have set up shop all over the country.”
“The attack, he said, would likely come from ‘small cells,’ would be ‘low-tech’ and could occur in ‘cities, through subways, transportation centers [and] marching events’ that have ‘a lot of attendees.’”
“His former colleagues that are still at the FBI, or have recently retired from the agency, told him they are being thwarted by leadership from being ‘proactive’ in combatting terrorist threats.”
July 8, 2024: China’s National Computer Virus Emergency Response Center releases a report: Volt Typhoon II (PDF)
“The ‘Volt Typhoon’ is a misinformation campaign targeting U.S. congress and taxpayers. It was planned and conducted by U.S. intelligence agencies. The object of the campaign is to preserve U.S. intelligence agencies’ warrantless snooping powers on all people over the world including Americans via FISA Section 702…”
July 12, 2024: Undercover Agent Busts White Supremacist Plot to Blow Up Facilities: DOJ
“Takhistov began communicating with the agent, not knowing they were an FBI agent, back in January. By July, they had met in person several times. He had discussed ‘infrastructure sabotage,’ with specifics in mind…”
“On two separate occasions in June and July, Takhistov and the agent drove to two electrical substations in North Brunswick and New Brunswick, New Jersey, where he ‘instructed the undercover employee on numerous aspects of how to conduct an attack on an electrical substation.’”
July 23, 2024: CBN News: Experts Warn Biden Admin of Imminent Terrorist Attack
“A deadly terrorist attack could happen here in America in the near future. That’s the word from national security insiders. Their concerns are similar to the warnings before 9/11.”
Former intelligence officer Michael Pregent: “If I’m a terrorist leader, I don’t attack before that (the election). I get everything in place…I’ll have people harass polling sites and keep people from voting on election day.”
July 31, 2024: CISA and FBI Release Joint PSA: Putting Potential DDoS Attacks During the 2024 Election Cycle in Context
“This public service announcement is to raise awareness that Distributed Denial of Service (DDoS) attacks on election infrastructure, or adjacent infrastructure that supports election operations, could hinder public access to election information, but would not impact the security or integrity of election processes.”
August 2, 2024: How a cybersecurity attack would cripple America — after catastrophic Crowdsource glitch
“The attack would begin with ‘a series of cascading failures,’ first shutting down essential service providers, like 911 call centers and healthcare providers, and then spreading to critical infrastructure.”
“Eric O’Neill, a former FBI counterterrorism and counterintelligence operative, told DailyMail.com that foreign spies have spent over a decade looking for security holes in infrastructure to leverage for conducting catastrophic cyber attacks.”
O’Neill: “Attackers would only need to target nine or ten key nodes within the United States to potentially collapse the grid.”
August 9, 2024: Iran is targeting the U.S. election with fake news sites and cyberattacks, Microsoft says
“Iran’s United Nations mission denied it had plans to interfere or launch cyberattacks in the U.S. presidential election.”
August 14, 2024: Massive cyberattack rocks Central Bank of Iran, computer system paralyzed — report
August 15, 2024: Google says Iranian group tried to hack Trump and Harris campaigns
“Google did confirm that the Iranian group in its report, which it calls APT42, was the same as the one in Microsoft’s research. Microsoft refers to the group as Mint Sandstorm.”
August 19, 2024: WEF: 4 global risks to look out for in the post-pandemic era
“Briefly, here are three shock events to consider that may impact global stability:
1. A new global extremist group emerges: with the world distracted with multiple major wars and leadership in decline, this could be an opportunistic time for a new extremist group to make its mark — and maybe not face as many consequences. Perhaps, it will even leverage AI tools to kick off a new phase of terrorism.
2. A cyber pandemic — that is intentional: the massive global IT outage in July was not terrorism, but simply a faulty software update from a cybersecurity firm. Yet, it cost Fortune 500 companies $5.4 billion in damages and shut down flights, banks, hospitals, retailers and other services worldwide. Imagine if a bad actor did this — on purpose and an even grander scale?”
August 23, 2024: Meta takes down more accounts tied to Iranian hackers targeting the U.S. election
August 27, 2024: Russia is signaling it could take out the West’s internet and GPS. There’s no good backup plan.
“Russia is likely mapping underwater internet cables, a NATO official said.”
August 27, 2024: Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024
“The exercise…provided participants with the opportunity to share best practices around cyber and physical incident planning, preparedness, identification, response, and recovery.”
August 29, 2024: CBN News: When Everything Shuts Off — Future Cyber War Could Plunge America Into Chaos
“The Commission on the National Defense Strategy recently warned senators the United States is unprepared for a devastating cyber war that will bring life in towns and cities across America to a standstill.”
September 5, 2024: NSA, FBI, CISA, and Allies Issue Advisory about Russian Military Cyber Actors
September 5, 2024: South Korea hosts international cyber exercise, inviting 24 nations to Seoul
“The National Intelligence Service (NIS) announced on Wednesday that South Korea will lead an international cyber defense drill, named the ‘APEX (Allied Power Exercise) 2024,’ at the Convention and Exhibition Center (COEX) in Seoul from September 10 to 12.”
The WEF’s cyber attack simulation Cyber Polygon 2024 is scheduled for September 10–11
September 16, 2024: ‘The most complex, dynamic and dangerous threat environment I’ve experienced’
John Cohen, a former senior Homeland Security intelligence and counterterrorism official: “The 2024 presidential election is taking place at a time when the U.S. is facing the most complex, dynamic, and dangerous threat environment I’ve experienced in the 40-plus years that I’ve been working in law enforcement, homeland security, and national security…We’re facing cyber, physical, and other threats by foreign and domestic threat actors, and what’s different today is how they have fully embraced the power of the internet.”
September 25, 2024: CISA: Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
“CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector.”
September 25, 2024: China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack
“It isn’t clear who is behind the Salt Typhoon attack, but based on ‘targeting activity and the nature of the operation,’ it could be a group affiliated with China’s Ministry of State Security, also known as APT40, said Chris Krebs.”
September 26, 2024: Man arrested after ‘Islamophobic cyberattack’ on wifi at major railway stations
“Passengers logging on to the wifi at the stations reported seeing a webpage that was titled ‘We love you, Europe’. Underneath it was information that referred to terror attacks.”
September 26, 2024: Octo2 Android Malware Attacking Users To Steal Banking Credentials
“…the Octo2 malware disguises itself as popular apps like ‘Google Chrome’ and ‘NordVPN.’”
September 30, 2024: Verizon says network disruption is resolved; FCC investigating outage
“Sector rival AT&T faced nationwide wireless outages in February that lasted over 12 hours and impacted more than 70,000 customers. The FCC is also investigating the AT&T outage, which blocked more than 92 million voice calls and prevented more than 25,000 attempts to reach 911, the agency said.”
October 2, 2024: Bank of America customers report account outages, some seeing balances of $0
October 7, 2024: American Water, the largest water utility in US, is targeted by a cyberattack
October 9, 2024: The Internet Archive is under attack, with a breach revealing info for 31 million accounts
“…their site was defaced and DDoS’d today at the same time they were loading the data into HIBP to begin notifying affected users.”
October 10, 2024: Afghan refugee charged with plotting US Election Day massacre worked for CIA: report
October 12, 2024: A cyber attack hit Iranian government sites and nuclear facilities
Firouzabadi, the ex-secretary of Iran’s Supreme Council of Cyberspace: “Nearly all three branches of Iran’s government — the judiciary, the legislature, and the executive branch — have been hit by heavy cyberattacks, and their information was stolen.”
October 20, 2024: Internet Archive Breached Again — Third Cyberattack In October 2024
October 21, 2024: Cuban power grid collapses for fourth time as hurricane arrives
October 22, 2024: Dozens of former officials chart course for next administration’s cyber policies
Frank Cilluffo, former special assistant for homeland security: “It was really important we release this publicly before the election so we aren’t skewed in any shape or form based on the outcomes of the election. I have a feeling this will have a new life again come November.”
Former Rep. John Katko: “The threat is real. We’re in a pre 9/11 posture with respect to cyber and unless and until we acknowledge the nature and quality of that threat and act upon it with the recommendations in this report, we’re gonna remain very vulnerable as a nation and an economy.”
October 23, 2024: Georgia election official says battleground state fended off cyberattack likely from a foreign country
“The cyberattack likely originated from overseas and had ‘the hallmarks of a foreign power or a foreign entity [acting] at the behest of a foreign power,’ Sterling said.
US officials have yet to publicly confirm that assessment.”
October 23, 2024: Iranian hackers have probed US election websites for vulnerabilities, Microsoft says
“The Iranian Permanent Mission to the United Nations denied the allegations in a statement.
‘Already devoid of any credibility and legitimacy, such allegations are fundamentally unfounded, and wholly inadmissible. The Islamic Republic of Iran does not engage in the internal uproars or electoral controversies of the United States,’ it said. ‘The continued perpetuation of such unfounded claims will only serve to undermine their credibility.’”
October 25, 2024: Joint Statement by FBI and CISA on People’s Republic of China Activity Targeting Telecommunications
October 25, 2024: Cybersecurity Officials Cancel Election Day ‘Exercise’ after Public Backlash
“Homeland Security officials were planning to convene in Atlanta for a cybersecurity ‘tabletop exercise’ on Election Day. But after public backlash, the event was cancelled.”
October 30, 2024: Russian Hackers Targeting U.S. Officials Ahead of Election, Microsoft Warns
November 1, 2024: Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts
“This Russian activity is part of Moscow’s broader effort to raise unfounded questions about the integrity of the US election and stoke divisions among Americans, as detailed in prior ODNI election updates. In the lead up to election day and in the weeks and months after, the IC expects Russia to create and release additional media content that seeks to undermine trust in the integrity of the election and divide Americans.”
November 1, 2024: Chinese hacking is biggest state cyber threat to Canada, spy agency says
“In a new threat assessment, the Communications Security Establishment Canada also said Russia’s cyber program was trying to confront and destabilize Canada and its allies and cited Iran as a threat.”
November 1, 2024: STEADFAST DUEL 2024: This year’s largest NATO command post exercise concludes
“NATO’s capstone CAX/CPX of the year focused on the Article 5 defence of NATO territory…”
Major General Ruprecht von Butler, Commander JWC and Exercise Director: “Exercise STEADFAST DUEL 2024 further strengthened NATO’s multi-domain capabilities, encompassing the full range of military operations, including the cyberspace and space domains.”
November 5, 2024 (event date): Cybereason: Attack Simulation — Hunter Series
November 6, 2024 (event date): FS-ISAC EMEA Sector Tabletop Exercise — Email Provider Outage
“Quantum — our fictional global tech provider with a large market share in the email provider space — suffers an extended outage to their Quantum Mail product after a sophisticated cyber attack.”
December 11, 2024 (event date): CISA / ICBA Cyber Tabletop Exercise
“This event for the 2024/2025 season will support and enhance the capabilities of community banks and the financial services sector in identifying, mitigating, responding to, and recovering from cyber incidents. This scenario is a cascading event with a cloud service provider cyber event and a regional disaster.”
